Example 81 with PwmApplication
use of password.pwm.PwmApplication in project pwm by pwm-project.
the class SetupOtpServlet method handleRestValidateCode.
@ActionHandler(action = "restValidateCode")
private ProcessStatus handleRestValidateCode(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final OTPUserRecord otpUserRecord = pwmSession.getUserInfo().getOtpUserRecord();
final OtpService otpService = pwmApplication.getOtpService();
final String bodyString = pwmRequest.readRequestBodyAsString();
final Map<String, String> clientValues = JsonUtil.deserializeStringMap(bodyString);
final String code = Validator.sanitizeInputValue(pwmApplication.getConfig(), clientValues.get("code"), 1024);
try {
final boolean passed = otpService.validateToken(pwmRequest.getSessionLabel(), pwmSession.getUserInfo().getUserIdentity(), otpUserRecord, code, false);
final RestResultBean restResultBean = RestResultBean.withData(passed);
LOGGER.trace(pwmSession, "returning result for restValidateCode: " + JsonUtil.serialize(restResultBean));
pwmRequest.outputJsonResult(restResultBean);
} catch (PwmOperationalException e) {
final String errorMsg = "error during otp code validation: " + e.getMessage();
LOGGER.error(pwmSession, errorMsg);
pwmRequest.outputJsonResult(RestResultBean.fromError(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg), pwmRequest));
}
return ProcessStatus.Continue;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
OtpService(password.pwm.util.operations.OtpService)
PwmSession(password.pwm.http.PwmSession)
OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)
RestResultBean(password.pwm.ws.server.RestResultBean)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 82 with PwmApplication
use of password.pwm.PwmApplication in project pwm by pwm-project.
the class SetupOtpServlet method handleTestOtpSecret.
@ActionHandler(action = "testOtpSecret")
private ProcessStatus handleTestOtpSecret(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final String otpToken = pwmRequest.readParameterAsString(PwmConstants.PARAM_OTP_TOKEN);
final OtpService otpService = pwmApplication.getOtpService();
if (otpToken != null && otpToken.length() > 0) {
try {
if (pwmRequest.getConfig().isDevDebugMode()) {
LOGGER.trace(pwmRequest, "testing against otp record: " + JsonUtil.serialize(otpBean.getOtpUserRecord()));
}
if (otpService.validateToken(pwmRequest.getSessionLabel(), pwmSession.getUserInfo().getUserIdentity(), otpBean.getOtpUserRecord(), otpToken, false)) {
LOGGER.debug(pwmRequest, "test OTP token returned true, valid OTP secret provided");
otpBean.setConfirmed(true);
otpBean.setChallenge(null);
} else {
LOGGER.debug(pwmRequest, "test OTP token returned false, incorrect OTP secret provided");
setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT));
}
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, "error validating otp token: " + e.getMessage());
setLastError(pwmRequest, e.getErrorInformation());
}
}
return ProcessStatus.Continue;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
SetupOtpBean(password.pwm.http.bean.SetupOtpBean)
OtpService(password.pwm.util.operations.OtpService)
PwmSession(password.pwm.http.PwmSession)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 83 with PwmApplication
use of password.pwm.PwmApplication in project pwm by pwm-project.
the class SetupOtpServlet method initializeBean.
private void initializeBean(final PwmRequest pwmRequest, final SetupOtpBean otpBean) throws PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
// has pre-existing, nothing to do.
if (otpBean.isHasPreExistingOtp()) {
return;
}
final OtpService service = pwmApplication.getOtpService();
final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
// first time here
if (otpBean.getOtpUserRecord() == null) {
final OTPUserRecord existingUserRecord;
try {
existingUserRecord = service.readOTPUserConfiguration(pwmRequest.getSessionLabel(), theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (existingUserRecord != null) {
otpBean.setHasPreExistingOtp(true);
LOGGER.trace(pwmSession, "user has existing otp record");
return;
}
}
// make a new user record.
if (otpBean.getOtpUserRecord() == null) {
try {
final Configuration config = pwmApplication.getConfig();
final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
final String identifierConfigValue = setupOtpProfile.readSettingAsString(PwmSetting.OTP_SECRET_IDENTIFIER);
final String identifier = pwmSession.getSessionManager().getMacroMachine(pwmApplication).expandMacros(identifierConfigValue);
final OTPUserRecord otpUserRecord = new OTPUserRecord();
final List<String> rawRecoveryCodes = pwmApplication.getOtpService().initializeUserRecord(setupOtpProfile, otpUserRecord, pwmRequest.getSessionLabel(), identifier);
otpBean.setOtpUserRecord(otpUserRecord);
otpBean.setRecoveryCodes(rawRecoveryCodes);
LOGGER.trace(pwmSession, "generated new otp record");
if (config.isDevDebugMode()) {
LOGGER.trace(pwmRequest, "newly generated otp record: " + JsonUtil.serialize(otpUserRecord));
}
} catch (Exception e) {
final String errorMsg = "error setting up new OTP secret: " + e.getMessage();
LOGGER.error(pwmSession, errorMsg);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
}
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
SetupOtpProfile(password.pwm.config.profile.SetupOtpProfile)
Configuration(password.pwm.config.Configuration)
OtpService(password.pwm.util.operations.OtpService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
IOException(java.io.IOException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSession(password.pwm.http.PwmSession)
OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)
Example 84 with PwmApplication
use of password.pwm.PwmApplication in project pwm by pwm-project.
the class SetupOtpServlet method nextStep.
@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
if (otpBean.isHasPreExistingOtp()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_EXISTING);
return;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
if (otpBean.isConfirmed()) {
final OtpService otpService = pwmApplication.getOtpService();
final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
try {
otpService.writeOTPUserConfiguration(pwmSession, theUser, otpBean.getOtpUserRecord());
otpBean.setWritten(true);
// Update the current user info bean, so the user can check the code right away
pwmSession.reloadUserInfoBean(pwmApplication);
// mark the event log
final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.SET_OTP_SECRET, pwmSession.getUserInfo(), pwmSession);
pwmApplication.getAuditManager().submit(auditRecord);
if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
pwmApplication.getStatisticsManager().incrementValue(Statistic.SETUP_OTP_SECRET);
}
} catch (Exception e) {
final ErrorInformation errorInformation;
if (e instanceof PwmException) {
errorInformation = ((PwmException) e).getErrorInformation();
} else {
errorInformation = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp secret: " + e.getMessage());
}
LOGGER.error(pwmSession, errorInformation.toDebugStr());
setLastError(pwmRequest, errorInformation);
}
}
if (otpBean.isCodeSeen()) {
if (otpBean.isWritten()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_SUCCESS);
} else {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_TEST);
}
} else {
final String qrCodeValue = makeQrCodeDataImageUrl(pwmRequest, otpBean.getOtpUserRecord());
pwmRequest.setAttribute(PwmRequestAttribute.SetupOtp_QrCodeValue, qrCodeValue);
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET);
}
}
Also used :
PwmException(password.pwm.error.PwmException)
UserAuditRecord(password.pwm.svc.event.UserAuditRecord)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
SetupOtpBean(password.pwm.http.bean.SetupOtpBean)
OtpService(password.pwm.util.operations.OtpService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmSession(password.pwm.http.PwmSession)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
IOException(java.io.IOException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Example 85 with PwmApplication
use of password.pwm.PwmApplication in project pwm by pwm-project.
the class AuthenticationFilter method processUnAuthenticatedSession.
private void processUnAuthenticatedSession(final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
final boolean bypassSso = pwmRequest.getPwmSession().getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.noSso);
if (!bypassSso && pwmRequest.getPwmApplication().getApplicationMode() == PwmApplicationMode.RUNNING) {
final ProcessStatus authenticationProcessStatus = attemptAuthenticationMethods(pwmRequest);
if (authenticationProcessStatus == ProcessStatus.Halt) {
return;
}
}
final String originalRequestedUrl = pwmRequest.getURLwithQueryString();
if (pwmRequest.isAuthenticated()) {
// redirect back to self so request starts over as authenticated.
LOGGER.trace(pwmRequest, "inline authentication occurred during this request, redirecting to current url to restart request");
pwmRequest.getPwmResponse().sendRedirect(originalRequestedUrl);
return;
}
// handle if authenticated during filter process.
if (pwmSession.isAuthenticated()) {
pwmSession.getSessionStateBean().setSessionIdRecycleNeeded(true);
LOGGER.debug(pwmSession, "session authenticated during request, issuing redirect to originally requested url: " + originalRequestedUrl);
pwmRequest.sendRedirect(originalRequestedUrl);
return;
}
if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.BASIC_AUTH_FORCE)) {
final String displayMessage = LocaleHelper.getLocalizedMessage(Display.Title_Application, pwmRequest);
pwmRequest.getPwmResponse().setHeader(HttpHeader.WWW_Authenticate, "Basic realm=\"" + displayMessage + "\"");
pwmRequest.getPwmResponse().setStatus(401);
return;
}
if (pwmRequest.getURL().isLoginServlet()) {
chain.doFilter();
return;
}
// user is not authenticated so forward to LoginPage.
LOGGER.trace(pwmSession.getLabel(), "user requested resource requiring authentication (" + req.getRequestURI() + "), but is not authenticated; redirecting to LoginServlet");
LoginServlet.redirectToLoginServlet(pwmRequest);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PwmApplication(password.pwm.PwmApplication)
ProcessStatus(password.pwm.http.ProcessStatus)
PwmSession(password.pwm.http.PwmSession)
Aggregations
PwmApplication (password.pwm.PwmApplication)120
PwmSession (password.pwm.http.PwmSession)55
ErrorInformation (password.pwm.error.ErrorInformation)54
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)49
PwmOperationalException (password.pwm.error.PwmOperationalException)36
Configuration (password.pwm.config.Configuration)33
UserIdentity (password.pwm.bean.UserIdentity)27
FormConfiguration (password.pwm.config.value.data.FormConfiguration)25
PwmException (password.pwm.error.PwmException)25
IOException (java.io.IOException)22
ServletException (javax.servlet.ServletException)18
UserInfo (password.pwm.ldap.UserInfo)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
ChaiUser (com.novell.ldapchai.ChaiUser)16
Locale (java.util.Locale)13
ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)13
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)13
MacroMachine (password.pwm.util.macro.MacroMachine)12
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)11
Instant (java.time.Instant)10
