Examples with UserStoreManager org.wso2.carbon.user.api.UserStoreManager used on opensource projects

Example 56 with UserStoreManager

use of org.wso2.carbon.user.api.UserStoreManager in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method checkWithBackUpCodes.

/**
 * If user forgets the mobile, then user can use the back up codes to authenticate the user.
 * Check whether the entered code matches with a backup code.
 *
 * @param context           The AuthenticationContext.
 * @param userToken         The userToken.
 * @param authenticatedUser The authenticatedUser.
 * @return True if the user entered code matches with a backup code.
 * @throws AuthenticationFailedException If an error occurred while retrieving user claim for OTP list.
 */
private boolean checkWithBackUpCodes(AuthenticationContext context, String userToken, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    boolean isMatchingToken = false;
    String[] savedOTPs = null;
    String username = context.getProperty(SMSOTPConstants.USER_NAME).toString();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
    UserRealm userRealm = getUserRealm(username);
    try {
        if (userRealm != null) {
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager != null) {
                String savedOTPString = userStoreManager.getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, null);
                if (StringUtils.isNotEmpty(savedOTPString)) {
                    savedOTPs = savedOTPString.split(",");
                }
            }
        }
        // Check whether there is any backup OTPs and return.
        if (ArrayUtils.isEmpty(savedOTPs)) {
            if (log.isDebugEnabled()) {
                log.debug("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
            }
            return false;
        }
        if (isBackUpCodeValid(savedOTPs, userToken)) {
            if (log.isDebugEnabled()) {
                log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
            }
            isMatchingToken = true;
            context.setSubject(authenticatedUser);
            savedOTPs = (String[]) ArrayUtils.removeElement(savedOTPs, userToken);
            userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, String.join(",", savedOTPs), null);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + userToken + " does not match with any of the saved " + "backup codes");
            }
            context.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
        }
    } catch (UserStoreException e) {
        throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
    }
    return isMatchingToken;
}

Example 57 with UserStoreManager

use of org.wso2.carbon.user.api.UserStoreManager in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method setUserClaimValues.

private void setUserClaimValues(AuthenticatedUser authenticatedUser, Map<String, String> updatedClaims) throws AuthenticationFailedException {
    try {
        UserRealm userRealm = getUserRealm(authenticatedUser);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), updatedClaims, UserCoreConstants.DEFAULT_PROFILE);
    } catch (UserStoreException e) {
        log.error("Error while updating user claims", e);
        String errorMessage = String.format("Failed to update user claims for user : %s.", authenticatedUser);
        throw new AuthenticationFailedException(errorMessage, e);
    }
}

Example 58 with UserStoreManager

use of org.wso2.carbon.user.api.UserStoreManager in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method getUserClaimValues.

private Map<String, String> getUserClaimValues(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    Map<String, String> claimValues;
    try {
        UserRealm userRealm = getUserRealm(authenticatedUser);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        claimValues = userStoreManager.getUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), new String[] { SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, SMSOTPConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM }, UserCoreConstants.DEFAULT_PROFILE);
    } catch (UserStoreException e) {
        log.error("Error while reading user claims", e);
        String errorMessage = String.format("Failed to read user claims for user : %s.", authenticatedUser);
        throw new AuthenticationFailedException(errorMessage, e);
    }
    return claimValues;
}

Example 59 with UserStoreManager

use of org.wso2.carbon.user.api.UserStoreManager in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method getUnlockTimeInMilliSeconds.

/**
 * Get user account unlock time in milli seconds. If no value configured for unlock time user claim, return 0.
 *
 * @param authenticatedUser The authenticated user.
 * @return User account unlock time in milli seconds. If no value is configured return 0.
 * @throws AuthenticationFailedException If an error occurred while getting the user unlock time.
 */
private long getUnlockTimeInMilliSeconds(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    String username = authenticatedUser.toFullQualifiedUsername();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
    try {
        UserRealm userRealm = getUserRealm(username);
        if (userRealm == null) {
            throw new AuthenticationFailedException("UserRealm is null for user : " + username);
        }
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        if (userStoreManager == null) {
            if (log.isDebugEnabled()) {
                log.debug("userStoreManager is null for user: " + username);
            }
            throw new AuthenticationFailedException("userStoreManager is null for user: " + username);
        }
        Map<String, String> claimValues = userStoreManager.getUserClaimValues(tenantAwareUsername, new String[] { SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM }, null);
        if (claimValues.get(SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM) == null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No value configured for claim: %s, of user: %s", SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM, username));
            }
            return 0;
        }
        return Long.parseLong(claimValues.get(SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM));
    } catch (UserStoreException e) {
        throw new AuthenticationFailedException("Cannot find the user claim for unlock time for user : " + username, e);
    }
}

Example 60 with UserStoreManager

use of org.wso2.carbon.user.api.UserStoreManager in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method updateUserAttribute.

/**
 * Update the mobile number (user attribute) in user's profile.
 *
 * @param username  the Username
 * @param attribute the Attribute
 * @throws SMSOTPException
 * @throws UserStoreException
 */
public static void updateUserAttribute(String username, Map<String, String> attribute, String tenantDomain) throws SMSOTPException, UserStoreException {
    try {
        // updating user attributes is independent from tenant association.not tenant association check needed here.
        UserRealm userRealm;
        // user is always in the super tenant.
        userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        if (userRealm == null) {
            throw new SMSOTPException("The specified tenant domain " + tenantDomain + " does not exist.");
        }
        // check whether user already exists in the system.
        SMSOTPUtils.verifyUserExists(username, tenantDomain);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        userStoreManager.setUserClaimValues(username, attribute, null);
    } catch (AuthenticationFailedException e) {
        throw new SMSOTPException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
    }
}