Examples with PwmApplication password.pwm.PwmApplication used on opensource projects

Example 76 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class SessionFilter method handleStandardRequestOperations.

private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    // debug the http session headers
    if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
        LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
        pwmSession.getSessionStateBean().setDebugInitialized(true);
    }
    try {
        pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
    }
    // mark last url
    if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
        ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
    }
    // mark last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    // check the page leave notice
    if (checkPageLeaveNotice(pwmSession, config)) {
        LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
        pwmRequest.invalidateSession();
        resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
        return ProcessStatus.Halt;
    }
    // override session locale due to parameter
    handleLocaleParam(pwmRequest);
    // set the session's theme
    handleThemeParam(pwmRequest);
    // check the sso override flag
    handleSsoOverrideParam(pwmRequest);
    // check for session verification failure
    if (!ssBean.isSessionVerified()) {
        // ignore resource requests
        final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
        if (mode == SessionVerificationMode.OFF) {
            ssBean.setSessionVerified(true);
        } else {
            if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
                return ProcessStatus.Halt;
            }
        }
    }
    {
        final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
        final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
        if (forwardURL != null && forwardURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setForwardURL(forwardURL);
            LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
        }
    }
    {
        final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
        final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
        if (logoutURL != null && logoutURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setLogoutURL(logoutURL);
            LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
        }
    }
    {
        final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
        if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
            LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
            pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        }
    }
    // update last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    if (pwmApplication.getStatisticsManager() != null) {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
    }
    return ProcessStatus.Continue;
}

Example 77 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class DeleteAccountServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final DeleteAccountProfile deleteAccountProfile = getProfile(pwmRequest);
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_ENABLE)) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "Setting " + PwmSetting.DELETE_ACCOUNT_ENABLE.toMenuLocationDebug(null, null) + " is not enabled."));
    }
    if (deleteAccountProfile == null) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED));
    }
    return ProcessStatus.Continue;
}

Example 78 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class GuestRegistrationServlet method processAction.

protected void processAction(final PwmRequest pwmRequest) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    // Fetch the session state bean.
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final GuestRegistrationBean guestRegistrationBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
    final Configuration config = pwmApplication.getConfig();
    if (!config.readSettingAsBoolean(PwmSetting.GUEST_ENABLE)) {
        pwmRequest.respondWithError(PwmError.ERROR_SERVICE_NOT_AVAILABLE.toInfo());
        return;
    }
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.GUEST_REGISTRATION)) {
        pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
        return;
    }
    checkConfiguration(config);
    final GuestRegistrationAction action = readProcessAction(pwmRequest);
    if (action != null) {
        pwmRequest.validatePwmFormID();
        switch(action) {
            case create:
                handleCreateRequest(pwmRequest, guestRegistrationBean);
                return;
            case search:
                handleSearchRequest(pwmRequest, guestRegistrationBean);
                return;
            case update:
                handleUpdateRequest(pwmRequest, guestRegistrationBean);
                return;
            case selectPage:
                handleSelectPageRequest(pwmRequest, guestRegistrationBean);
                return;
            default:
                JavaHelper.unhandledSwitchStatement(action);
        }
    }
    this.forwardToJSP(pwmRequest, guestRegistrationBean);
}

Example 79 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class GuestRegistrationServlet method readExpirationFromRequest.

private static Instant readExpirationFromRequest(final PwmRequest pwmRequest) throws PwmOperationalException, ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final long durationValueDays = config.readSettingAsLong(PwmSetting.GUEST_MAX_VALID_DAYS);
    final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
    if (durationValueDays == 0 || expirationAttribute == null || expirationAttribute.length() <= 0) {
        return null;
    }
    final String expirationDateStr = pwmRequest.readParameterAsString(HTTP_PARAM_EXPIRATION_DATE);
    final Date expirationDate;
    try {
        expirationDate = new SimpleDateFormat("yyyy-MM-dd").parse(expirationDateStr);
    } catch (ParseException e) {
        final String errorMsg = "unable to read expiration date value: " + e.getMessage();
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_FIELD_REQUIRED, errorMsg, new String[] { "expiration date" }));
    }
    if (expirationDate.before(new Date())) {
        final String errorMsg = "expiration date must be in the future";
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_FIELD_REQUIRED, errorMsg));
    }
    final long durationValueMs = durationValueDays * 24 * 60 * 60 * 1000;
    final long futureDateMs = System.currentTimeMillis() + durationValueMs;
    final Instant futureDate = Instant.ofEpochMilli(futureDateMs);
    if (expirationDate.after(Date.from(futureDate))) {
        final String errorMsg = "expiration date must be sooner than " + futureDate.toString();
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_FIELD_REQUIRED, errorMsg));
    }
    LOGGER.trace(pwmRequest, "read expiration date as " + expirationDate.toString());
    return expirationDate.toInstant();
}

Example 80 with PwmApplication

use of password.pwm.PwmApplication in project pwm by pwm-project.

the class SetupOtpServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    // fetch the required beans / managers
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
    if (setupOtpProfile == null || !setupOtpProfile.readSettingAsBoolean(PwmSetting.OTP_ALLOW_SETUP)) {
        final String errorMsg = "setup OTP is not enabled";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    // check whether the setup can be stored
    if (!canSetupOtpSecret(config)) {
        LOGGER.error(pwmSession, "OTP Secret cannot be setup");
        pwmRequest.respondWithError(PwmError.ERROR_INVALID_CONFIG.toInfo());
        return ProcessStatus.Halt;
    }
    if (pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_WITHOUT_PASSWORD) {
        LOGGER.error(pwmSession, "OTP Secret requires a password login");
        throw new PwmUnrecoverableException(PwmError.ERROR_PASSWORD_REQUIRED);
    }
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    initializeBean(pwmRequest, otpBean);
    return ProcessStatus.Continue;
}