Search in sources :

Example 21 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserSelfRegistrationManager method buildNotificationResponseBean.

/**
 * Build the notification response bean.
 *
 * @param user             User
 * @param preferredChannel User preferred channel
 * @param claimsMap        Claim map of the user
 * @return NotificationResponseBean object
 * @throws IdentityRecoveryException Error while building the response.
 */
private NotificationResponseBean buildNotificationResponseBean(User user, String preferredChannel, Map<String, String> claimsMap) throws IdentityRecoveryException {
    boolean isAccountLockOnCreation = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
    boolean isNotificationInternallyManage = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
    // Check whether the preferred channel is already verified. In this case no need to send confirmation
    // mails.
    boolean preferredChannelVerified = isPreferredChannelVerified(user.getUserName(), preferredChannel, claimsMap);
    NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
    // since, the notification channel is already verified.
    if (preferredChannelVerified) {
        notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getCode());
        notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getMessage());
    } else if (isNotificationInternallyManage && isAccountLockOnCreation) {
        // When the channel is not verified, notifications are internally managed and account is locked
        // on creating, API should ask the user to verify the user account and and notification channel.
        notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getCode());
        notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getMessage());
        notificationResponseBean.setNotificationChannel(preferredChannel);
    } else if (!isAccountLockOnCreation) {
        // When the preferred channel is not verified and account is not locked on user creation, response needs to
        // convey that no verification is needed.
        // In this scenario notification managed mechanism will not effect.
        notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getCode());
        notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getMessage());
    } else {
        // When the notification is externally managed and the account is locked on user creation.
        UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        userRecoveryDataStore.invalidate(user);
        String secretKey = UUIDGenerator.generateUUID();
        UserRecoveryData recoveryDataDO = new UserRecoveryData(user, secretKey, RecoveryScenarios.SELF_SIGN_UP, RecoverySteps.CONFIRM_SIGN_UP);
        recoveryDataDO.setRemainingSetIds(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
        userRecoveryDataStore.store(recoveryDataDO);
        notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getCode());
        notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getMessage());
        notificationResponseBean.setRecoveryId(secretKey);
        notificationResponseBean.setNotificationChannel(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
        // Populate the key variable in response bean to maintain backward compatibility.
        notificationResponseBean.setKey(secretKey);
    }
    return notificationResponseBean;
}
Also used : NotificationResponseBean(org.wso2.carbon.identity.recovery.bean.NotificationResponseBean) UserRecoveryData(org.wso2.carbon.identity.recovery.model.UserRecoveryData) UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)

Example 22 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UsernameRecoveryManagerImpl method invalidateRecoveryCode.

/**
 * Invalidate the recovery code.
 *
 * @param recoveryCode Recovery code
 */
private void invalidateRecoveryCode(String recoveryCode) throws IdentityRecoveryException {
    UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
    userRecoveryDataStore.invalidate(recoveryCode);
}
Also used : UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)

Example 23 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class TenantManagementListener method onPreDelete.

@Override
public void onPreDelete(int tenantId) throws StratosException {
    try {
        UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        userRecoveryDataStore.deleteRecoveryDataByTenantId(tenantId);
    } catch (IdentityRecoveryException e) {
        throw new StratosException("Error in deleting recovery data of the tenant:" + tenantId, e);
    }
}
Also used : UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore) IdentityRecoveryException(org.wso2.carbon.identity.recovery.IdentityRecoveryException) StratosException(org.wso2.carbon.stratos.common.exception.StratosException)

Example 24 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserSelfRegistrationManager method introspectSelfRegistrationCode.

/**
 * Introspects self registration confirmation code details without invalidating it.
 * Does not triggering notification events or update user claims.
 *
 * @param skipExpiredCodeValidation   Skip confirmation code validation against expiration.
 * @param code                      Confirmation code.
 * @return UserRecoveryData           Data associated with the provided code, including related user and scenarios.
 * @throws IdentityRecoveryException  Error validating the confirmation code
 */
private UserRecoveryData introspectSelfRegistrationCode(String code, boolean skipExpiredCodeValidation) throws IdentityRecoveryException {
    UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
    // If the code is validated, the load method will return data. Otherwise method will throw exceptions.
    UserRecoveryData recoveryData;
    if (!skipExpiredCodeValidation) {
        recoveryData = userRecoveryDataStore.load(code);
    } else {
        recoveryData = userRecoveryDataStore.load(code, skipExpiredCodeValidation);
    }
    User user = recoveryData.getUser();
    // Validate context tenant domain name with user tenant domain.
    validateContextTenantDomainWithUserTenantDomain(user);
    return recoveryData;
}
Also used : User(org.wso2.carbon.identity.application.common.model.User) UserRecoveryData(org.wso2.carbon.identity.recovery.model.UserRecoveryData) UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)

Example 25 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserSelfRegistrationManager method validateSelfRegistrationCode.

private UserRecoveryData validateSelfRegistrationCode(String code, String verifiedChannelType, String verifiedChannelClaim, Map<String, String> properties, boolean skipExpiredCodeValidation) throws IdentityRecoveryException {
    Utils.unsetThreadLocalToSkipSendingEmailVerificationOnUpdate();
    UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
    // If the code is validated, the load method will return data. Otherwise method will throw exceptions.
    UserRecoveryData recoveryData;
    if (!skipExpiredCodeValidation) {
        recoveryData = userRecoveryDataStore.load(code);
    } else {
        recoveryData = userRecoveryDataStore.load(code, skipExpiredCodeValidation);
    }
    User user = recoveryData.getUser();
    // Validate context tenant domain name with user tenant domain.
    validateContextTenantDomainWithUserTenantDomain(user);
    // Validate the recovery step to confirm self sign up or to verify email account.
    if (!RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep()) && !RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep()) && !RecoverySteps.CONFIRM_LITE_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
        auditRecoveryConfirm(recoveryData, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getMessage(), AUDIT_FAILED);
        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
    }
    // Get the userstore manager for the user.
    UserStoreManager userStoreManager = getUserStoreManager(user);
    Map<String, Object> eventProperties = new HashMap<>();
    eventProperties.put(IdentityEventConstants.EventProperty.USER, user);
    eventProperties.put(IdentityEventConstants.EventProperty.USER_STORE_MANAGER, userStoreManager);
    if (RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
        triggerEvent(eventProperties, IdentityEventConstants.Event.PRE_USER_ACCOUNT_CONFIRMATION);
    } else if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
        triggerEvent(eventProperties, IdentityEventConstants.Event.PRE_EMAIL_CHANGE_VERIFICATION);
    }
    String externallyVerifiedClaim = null;
    // If the channel type is EXTERNAL, no verified claims are associated to it.
    if (!NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(verifiedChannelType)) {
        externallyVerifiedClaim = getChannelVerifiedClaim(recoveryData.getUser().getUserName(), verifiedChannelType, verifiedChannelClaim);
    }
    // Get the claims that needs to be updated.
    // NOTE: Verification channel is stored in Remaining_Sets in user recovery data.
    HashMap<String, String> userClaims = getClaimsListToUpdate(user, recoveryData.getRemainingSetIds(), externallyVerifiedClaim, recoveryData.getRecoveryScenario().toString());
    if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
        String pendingEmailClaimValue = recoveryData.getRemainingSetIds();
        if (StringUtils.isNotBlank(pendingEmailClaimValue)) {
            eventProperties.put(IdentityEventConstants.EventProperty.VERIFIED_EMAIL, pendingEmailClaimValue);
            userClaims.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, StringUtils.EMPTY);
            // todo??
            userClaims.put(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM, pendingEmailClaimValue);
            // Todo passes when email address is properly set here.
            Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString());
        }
    }
    // Update the user claims.
    updateUserClaims(userStoreManager, user, userClaims);
    if (RecoverySteps.CONFIRM_SIGN_UP.equals(recoveryData.getRecoveryStep())) {
        String verifiedChannelURI = extractVerifiedChannelURI(userClaims, verifiedChannelClaim);
        eventProperties.put(IdentityEventConstants.EventProperty.VERIFIED_CHANNEL, verifiedChannelURI);
        triggerEvent(eventProperties, IdentityEventConstants.Event.POST_USER_ACCOUNT_CONFIRMATION);
    } else if (RecoverySteps.VERIFY_EMAIL.equals(recoveryData.getRecoveryStep())) {
        triggerEvent(eventProperties, IdentityEventConstants.Event.POST_EMAIL_CHANGE_VERIFICATION);
    }
    auditRecoveryConfirm(recoveryData, null, AUDIT_SUCCESS);
    return recoveryData;
}
Also used : User(org.wso2.carbon.identity.application.common.model.User) UserRecoveryData(org.wso2.carbon.identity.recovery.model.UserRecoveryData) HashMap(java.util.HashMap) UserRecoveryDataStore(org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore) JSONObject(org.json.JSONObject) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Aggregations

UserRecoveryDataStore (org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)40 UserRecoveryData (org.wso2.carbon.identity.recovery.model.UserRecoveryData)35 IdentityRecoveryException (org.wso2.carbon.identity.recovery.IdentityRecoveryException)23 User (org.wso2.carbon.identity.application.common.model.User)15 IdentityEventException (org.wso2.carbon.identity.event.IdentityEventException)13 HashMap (java.util.HashMap)5 IdentityRecoveryClientException (org.wso2.carbon.identity.recovery.IdentityRecoveryClientException)4 NotificationResponseBean (org.wso2.carbon.identity.recovery.bean.NotificationResponseBean)4 ChallengeQuestionManager (org.wso2.carbon.identity.recovery.ChallengeQuestionManager)3 ChallengeQuestion (org.wso2.carbon.identity.recovery.model.ChallengeQuestion)3 UserStoreException (org.wso2.carbon.user.api.UserStoreException)3 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)3 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3 IdentityException (org.wso2.carbon.identity.base.IdentityException)2 IdentityRecoveryServerException (org.wso2.carbon.identity.recovery.IdentityRecoveryServerException)2 ChallengeQuestionResponse (org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse)2 InternalServerErrorException (org.wso2.carbon.identity.user.endpoint.exceptions.InternalServerErrorException)2 UserFunctionalityManagementClientException (org.wso2.carbon.identity.user.functionality.mgt.exception.UserFunctionalityManagementClientException)2 UserFunctionalityManagementException (org.wso2.carbon.identity.user.functionality.mgt.exception.UserFunctionalityManagementException)2