Search in sources :

Example 1 with VerificationMethodSystem

use of password.pwm.VerificationMethodSystem in project pwm by pwm-project.

the class ForgottenPasswordServlet method processEnterRemoteResponse.

@ActionHandler(action = "enterRemoteResponse")
private ProcessStatus processEnterRemoteResponse(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final String prefix = "remote-";
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final VerificationMethodSystem remoteRecoveryMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
    final Map<String, String> remoteResponses = new LinkedHashMap<>();
    {
        final Map<String, String> inputMap = pwmRequest.readParametersAsMap();
        for (final Map.Entry<String, String> entry : inputMap.entrySet()) {
            final String name = entry.getKey();
            if (name != null && name.startsWith(prefix)) {
                final String strippedName = name.substring(prefix.length(), name.length());
                final String value = entry.getValue();
                remoteResponses.put(strippedName, value);
            }
        }
    }
    final ErrorInformation errorInformation = remoteRecoveryMethod.respondToPrompts(remoteResponses);
    if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.COMPLETE) {
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.REMOTE_RESPONSES);
    }
    if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.FAILED) {
        forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(null);
        pwmRequest.respondWithError(errorInformation, true);
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
        LOGGER.debug(pwmRequest, "unsuccessful remote response verification input: " + errorInformation.toDebugStr());
        return ProcessStatus.Continue;
    }
    if (errorInformation != null) {
        setLastError(pwmRequest, errorInformation);
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap) VerificationMethodSystem(password.pwm.VerificationMethodSystem) LinkedHashMap(java.util.LinkedHashMap)

Example 2 with VerificationMethodSystem

use of password.pwm.VerificationMethodSystem in project pwm by pwm-project.

the class ForgottenPasswordServlet method forwardUserBasedOnRecoveryMethod.

private void forwardUserBasedOnRecoveryMethod(final PwmRequest pwmRequest, final IdentityVerificationMethod method) throws ServletException, PwmUnrecoverableException, IOException {
    LOGGER.debug(pwmRequest, "attempting to forward request to handle verification method " + method.toString());
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    ForgottenPasswordUtil.verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, method);
    switch(method) {
        case PREVIOUS_AUTH:
            {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "previous authentication is required, but user has not previously authenticated"));
            }
        case ATTRIBUTES:
            {
                pwmRequest.addFormInfoToRequestAttr(forgottenPasswordBean.getAttributeForm(), Collections.emptyMap(), false, false);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ATTRIBUTES);
            }
            break;
        case CHALLENGE_RESPONSES:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordChallengeSet, forgottenPasswordBean.getPresentableChallengeSet());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_RESPONSES);
            }
            break;
        case OTP:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOtpRecord, ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean).getOtpUserRecord());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ENTER_OTP);
            }
            break;
        case TOKEN:
            {
                final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
                final List<TokenDestinationItem> tokenDestinations = ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
                if (progress.getTokenDestination() == null) {
                    final boolean autoSelect = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST));
                    if (autoSelect && tokenDestinations.size() == 1) {
                        final TokenDestinationItem singleItem = tokenDestinations.iterator().next();
                        progress.setTokenDestination(singleItem);
                    }
                }
                if (progress.getTokenDestination() == null) {
                    forwardToTokenChoiceJsp(pwmRequest);
                    return;
                }
                if (!progress.isTokenSent()) {
                    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                    ForgottenPasswordUtil.initializeAndSendToken(pwmRequest, userInfo, progress.getTokenDestination());
                    progress.setTokenSent(true);
                }
                if (!progress.getSatisfiedMethods().contains(IdentityVerificationMethod.TOKEN)) {
                    forwardToEnterTokenJsp(pwmRequest);
                    return;
                }
            }
            break;
        case REMOTE_RESPONSES:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                final VerificationMethodSystem remoteMethod;
                if (forgottenPasswordBean.getProgress().getRemoteRecoveryMethod() == null) {
                    remoteMethod = new RemoteVerificationMethod();
                    remoteMethod.init(pwmRequest.getPwmApplication(), userInfo, pwmRequest.getSessionLabel(), pwmRequest.getLocale());
                    forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(remoteMethod);
                } else {
                    remoteMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
                }
                final List<VerificationMethodSystem.UserPrompt> prompts = remoteMethod.getCurrentPrompts();
                final String displayInstructions = remoteMethod.getCurrentDisplayInstructions();
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordPrompts, new ArrayList<>(prompts));
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordInstructions, displayInstructions);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_REMOTE);
            }
            break;
        case OAUTH:
            forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.OAUTH);
            final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
            final OAuthSettings oAuthSettings = OAuthSettings.forForgottenPassword(forgottenPasswordProfile);
            final OAuthMachine oAuthMachine = new OAuthMachine(oAuthSettings);
            pwmRequest.getPwmApplication().getSessionStateService().saveSessionBeans(pwmRequest);
            final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
            oAuthMachine.redirectUserToOAuthServer(pwmRequest, null, userIdentity, forgottenPasswordProfile.getIdentifier());
            break;
        default:
            throw new UnsupportedOperationException("unexpected method during forward: " + method.toString());
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) UserIdentity(password.pwm.bean.UserIdentity) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) OAuthMachine(password.pwm.http.servlet.oauth.OAuthMachine) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) VerificationMethodSystem(password.pwm.VerificationMethodSystem) ErrorInformation(password.pwm.error.ErrorInformation) List(java.util.List) ArrayList(java.util.ArrayList) OAuthSettings(password.pwm.http.servlet.oauth.OAuthSettings) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

VerificationMethodSystem (password.pwm.VerificationMethodSystem)2 ErrorInformation (password.pwm.error.ErrorInformation)2 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)2 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 List (java.util.List)1 Map (java.util.Map)1 TokenDestinationItem (password.pwm.bean.TokenDestinationItem)1 UserIdentity (password.pwm.bean.UserIdentity)1 ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)1 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)1 OAuthMachine (password.pwm.http.servlet.oauth.OAuthMachine)1 OAuthSettings (password.pwm.http.servlet.oauth.OAuthSettings)1 UserInfo (password.pwm.ldap.UserInfo)1