use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.
the class UserSelfRegistrationManager method buildNotificationResponseBean.
/**
* Build the notification response bean.
*
* @param user User
* @param preferredChannel User preferred channel
* @param claimsMap Claim map of the user
* @return NotificationResponseBean object
* @throws IdentityRecoveryException Error while building the response.
*/
private NotificationResponseBean buildNotificationResponseBean(User user, String preferredChannel, Map<String, String> claimsMap) throws IdentityRecoveryException {
boolean isAccountLockOnCreation = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
boolean isNotificationInternallyManage = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
// Check whether the preferred channel is already verified. In this case no need to send confirmation
// mails.
boolean preferredChannelVerified = isPreferredChannelVerified(user.getUserName(), preferredChannel, claimsMap);
NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
// since, the notification channel is already verified.
if (preferredChannelVerified) {
notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getCode());
notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getMessage());
} else if (isNotificationInternallyManage && isAccountLockOnCreation) {
// When the channel is not verified, notifications are internally managed and account is locked
// on creating, API should ask the user to verify the user account and and notification channel.
notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getCode());
notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getMessage());
notificationResponseBean.setNotificationChannel(preferredChannel);
} else if (!isAccountLockOnCreation) {
// When the preferred channel is not verified and account is not locked on user creation, response needs to
// convey that no verification is needed.
// In this scenario notification managed mechanism will not effect.
notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getCode());
notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getMessage());
} else {
// When the notification is externally managed and the account is locked on user creation.
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
userRecoveryDataStore.invalidate(user);
String secretKey = UUIDGenerator.generateUUID();
UserRecoveryData recoveryDataDO = new UserRecoveryData(user, secretKey, RecoveryScenarios.SELF_SIGN_UP, RecoverySteps.CONFIRM_SIGN_UP);
recoveryDataDO.setRemainingSetIds(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
userRecoveryDataStore.store(recoveryDataDO);
notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getCode());
notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getMessage());
notificationResponseBean.setRecoveryId(secretKey);
notificationResponseBean.setNotificationChannel(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
// Populate the key variable in response bean to maintain backward compatibility.
notificationResponseBean.setKey(secretKey);
}
return notificationResponseBean;
}
use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.
the class UsernameRecoveryManagerImpl method invalidateRecoveryCode.
/**
* Invalidate the recovery code.
*
* @param recoveryCode Recovery code
*/
private void invalidateRecoveryCode(String recoveryCode) throws IdentityRecoveryException {
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
userRecoveryDataStore.invalidate(recoveryCode);
}
use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.
the class TenantManagementListener method onPreDelete.
@Override
public void onPreDelete(int tenantId) throws StratosException {
try {
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
userRecoveryDataStore.deleteRecoveryDataByTenantId(tenantId);
} catch (IdentityRecoveryException e) {
throw new StratosException("Error in deleting recovery data of the tenant:" + tenantId, e);
}
}
use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.
the class UserSelfRegistrationManager method introspectSelfRegistrationCode.
/**
* Introspects self registration confirmation code details without invalidating it.
* Does not triggering notification events or update user claims.
*
* @param skipExpiredCodeValidation Skip confirmation code validation against expiration.
* @param code Confirmation code.
* @return UserRecoveryData Data associated with the provided code, including related user and scenarios.
* @throws IdentityRecoveryException Error validating the confirmation code
*/
private UserRecoveryData introspectSelfRegistrationCode(String code, boolean skipExpiredCodeValidation) throws IdentityRecoveryException {
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
// If the code is validated, the load method will return data. Otherwise method will throw exceptions.
UserRecoveryData recoveryData;
if (!skipExpiredCodeValidation) {
recoveryData = userRecoveryDataStore.load(code);
} else {
recoveryData = userRecoveryDataStore.load(code, skipExpiredCodeValidation);
}
User user = recoveryData.getUser();
// Validate context tenant domain name with user tenant domain.
validateContextTenantDomainWithUserTenantDomain(user);
return recoveryData;
}
use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.
the class UserSelfRegistrationManager method validateSelfRegistrationCode.
private UserRecoveryData validateSelfRegistrationCode(String code, String verifiedChannelType, String verifiedChannelClaim, Map<String, String> properties, boolean skipExpiredCodeValidation) throws IdentityRecoveryException {
Utils.unsetThreadLocalToSkipSendingEmailVerificationOnUpdate();
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
// If the code is validated, the load method will return data. Otherwise method will throw exceptions.
UserRecoveryData recoveryData;
if (!skipExpiredCodeValidation) {
recoveryData = userRecoveryDataStore.load(code);
} else {
recoveryData = userRecoveryDataStore.load(code, skipExpiredCodeValidation);
}
User user = recoveryData.getUser();
// Validate context tenant domain name with user tenant domain.
validateContextTenantDomainWithUserTenantDomain(user);
// Validate the recovery step to confirm self sign up or to verify email account.
if (!RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep()) && !RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep()) && !RecoverySteps.CONFIRM_LITE_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
auditRecoveryConfirm(recoveryData, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getMessage(), AUDIT_FAILED);
throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
}
// Get the userstore manager for the user.
UserStoreManager userStoreManager = getUserStoreManager(user);
Map<String, Object> eventProperties = new HashMap<>();
eventProperties.put(IdentityEventConstants.EventProperty.USER, user);
eventProperties.put(IdentityEventConstants.EventProperty.USER_STORE_MANAGER, userStoreManager);
if (RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
triggerEvent(eventProperties, IdentityEventConstants.Event.PRE_USER_ACCOUNT_CONFIRMATION);
} else if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
triggerEvent(eventProperties, IdentityEventConstants.Event.PRE_EMAIL_CHANGE_VERIFICATION);
}
String externallyVerifiedClaim = null;
// If the channel type is EXTERNAL, no verified claims are associated to it.
if (!NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(verifiedChannelType)) {
externallyVerifiedClaim = getChannelVerifiedClaim(recoveryData.getUser().getUserName(), verifiedChannelType, verifiedChannelClaim);
}
// Get the claims that needs to be updated.
// NOTE: Verification channel is stored in Remaining_Sets in user recovery data.
HashMap<String, String> userClaims = getClaimsListToUpdate(user, recoveryData.getRemainingSetIds(), externallyVerifiedClaim, recoveryData.getRecoveryScenario().toString());
if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
String pendingEmailClaimValue = recoveryData.getRemainingSetIds();
if (StringUtils.isNotBlank(pendingEmailClaimValue)) {
eventProperties.put(IdentityEventConstants.EventProperty.VERIFIED_EMAIL, pendingEmailClaimValue);
userClaims.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, StringUtils.EMPTY);
// todo??
userClaims.put(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM, pendingEmailClaimValue);
// Todo passes when email address is properly set here.
Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString());
}
}
// Update the user claims.
updateUserClaims(userStoreManager, user, userClaims);
if (RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
String verifiedChannelURI = extractVerifiedChannelURI(userClaims, verifiedChannelClaim);
eventProperties.put(IdentityEventConstants.EventProperty.VERIFIED_CHANNEL, verifiedChannelURI);
triggerEvent(eventProperties, IdentityEventConstants.Event.POST_USER_ACCOUNT_CONFIRMATION);
} else if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
triggerEvent(eventProperties, IdentityEventConstants.Event.POST_EMAIL_CHANGE_VERIFICATION);
}
auditRecoveryConfirm(recoveryData, null, AUDIT_SUCCESS);
return recoveryData;
}
Aggregations