Examples with LocalSessionStateBean password.pwm.bean.LocalSessionStateBean used on opensource projects

Example 11 with LocalSessionStateBean

use of password.pwm.bean.LocalSessionStateBean in project pwm by pwm-project.

the class ForgottenUsernameServlet method handleSearchRequest.

public void handleSearchRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            LOGGER.debug(pwmRequest, errorInfo);
            setLastError(pwmRequest, errorInfo);
            forwardToFormJsp(pwmRequest);
            return;
        }
    }
    final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
    final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
    final List<FormConfiguration> forgottenUsernameForm = pwmApplication.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_USERNAME_FORM);
    // read the values from the request
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, forgottenUsernameForm, ssBean.getLocale());
        // check for intruder search
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(pwmRequest.getConfig(), formValues, ssBean.getLocale());
        final String searchFilter;
        {
            final String configuredSearchFilter = pwmApplication.getConfig().readSettingAsString(PwmSetting.FORGOTTEN_USERNAME_SEARCH_FILTER);
            if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
                searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, forgottenUsernameForm);
                LOGGER.trace(pwmSession, "auto generated ldap search filter: " + searchFilter);
            } else {
                searchFilter = configuredSearchFilter;
            }
        }
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).contexts(Collections.singletonList(contextParam)).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
        }
        if (userIdentity == null) {
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_FAILURES);
            setLastError(pwmRequest, PwmError.ERROR_CANT_MATCH_USER.toInfo());
            forwardToFormJsp(pwmRequest);
            return;
        }
        // make sure the user isn't locked.
        pwmApplication.getIntruderManager().convenience().checkUserIdentity(userIdentity);
        final UserInfo forgottenUserInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
        // send username
        sendUsername(pwmApplication, pwmSession, forgottenUserInfo);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_SUCCESSES);
        // redirect user to success page.
        forwardToCompletePage(pwmRequest, userIdentity);
        return;
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInfo;
        errorInfo = e.getError() == PwmError.ERROR_UNKNOWN ? new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER, e.getErrorInformation().getDetailedErrorMsg(), e.getErrorInformation().getFieldValues()) : e.getErrorInformation();
        setLastError(pwmRequest, errorInfo);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
    }
    pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_FAILURES);
    forwardToFormJsp(pwmRequest);
}

Example 12 with LocalSessionStateBean

use of password.pwm.bean.LocalSessionStateBean in project pwm by pwm-project.

the class SessionAuthenticator method postAuthenticationSequence.

private void postAuthenticationSequence(final UserIdentity userIdentity, final AuthenticationResult authenticationResult) throws PwmUnrecoverableException, ChaiUnavailableException {
    final IntruderManager intruderManager = pwmApplication.getIntruderManager();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    // auth succeed
    loginInfoBean.setAuthenticated(true);
    loginInfoBean.setUserIdentity(userIdentity);
    // update the session connection
    pwmSession.getSessionManager().setChaiProvider(authenticationResult.getUserProvider());
    // update the actor user info bean
    {
        final UserInfo userInfoBean;
        if (authenticationResult.getAuthenticationType() == AuthenticationType.AUTH_BIND_INHIBIT) {
            userInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), ssBean.getLocale(), userIdentity, pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()));
        } else {
            userInfoBean = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmSession.getLabel(), userIdentity, ssBean.getLocale(), authenticationResult.getUserPassword());
        }
        pwmSession.setUserInfo(userInfoBean);
    }
    // mark the auth time
    pwmSession.getLoginInfoBean().setAuthTime(Instant.now());
    // update the resulting authType
    pwmSession.getLoginInfoBean().setType(authenticationResult.getAuthenticationType());
    pwmSession.getLoginInfoBean().setAuthSource(authenticationSource);
    // save the password in the login bean
    final PasswordData userPassword = authenticationResult.getUserPassword();
    pwmSession.getLoginInfoBean().setUserCurrentPassword(userPassword);
    // notify the intruder manager with a successful login
    intruderManager.clear(RecordType.USERNAME, pwmSession.getUserInfo().getUsername());
    intruderManager.convenience().clearUserIdentity(userIdentity);
    intruderManager.convenience().clearAddressAndSession(pwmSession);
    if (pwmApplication.getStatisticsManager() != null) {
        final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
        if (pwmSession.getUserInfo().getPasswordStatus().isWarnPeriod()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED_WARNING);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isPreExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_PRE_EXPIRED);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED);
        }
    }
    // clear permission cache - needs rechecking after login
    LOGGER.debug(pwmSession, "clearing permission cache");
    pwmSession.getUserSessionDataCacheBean().clearPermissions();
}

Example 13 with LocalSessionStateBean

use of password.pwm.bean.LocalSessionStateBean in project pwm by pwm-project.

the class SessionTrackService method infoBeanFromPwmSession.

private static SessionStateInfoBean infoBeanFromPwmSession(final PwmSession loopSession) {
    final LocalSessionStateBean loopSsBean = loopSession.getSessionStateBean();
    final LoginInfoBean loginInfoBean = loopSession.getLoginInfoBean();
    final SessionStateInfoBean sessionStateInfoBean = new SessionStateInfoBean();
    sessionStateInfoBean.setLabel(loopSession.getSessionStateBean().getSessionID());
    sessionStateInfoBean.setCreateTime(loopSession.getSessionStateBean().getSessionCreationTime());
    sessionStateInfoBean.setLastTime(loopSession.getSessionStateBean().getSessionLastAccessedTime());
    sessionStateInfoBean.setIdle(loopSession.getIdleTime().asCompactString());
    sessionStateInfoBean.setLocale(loopSsBean.getLocale());
    sessionStateInfoBean.setSrcAddress(loopSsBean.getSrcAddress());
    sessionStateInfoBean.setSrcHost(loopSsBean.getSrcHostname());
    sessionStateInfoBean.setLastUrl(loopSsBean.getLastRequestURL());
    sessionStateInfoBean.setIntruderAttempts(loopSsBean.getIntruderAttempts());
    if (loopSession.isAuthenticated()) {
        final UserInfo loopUiBean = loopSession.getUserInfo();
        sessionStateInfoBean.setLdapProfile(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getLdapProfileID() : "");
        sessionStateInfoBean.setUserDN(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getUserDN() : "");
        try {
            sessionStateInfoBean.setUserID(loginInfoBean.isAuthenticated() ? loopUiBean.getUsername() : "");
        } catch (PwmUnrecoverableException e) {
            LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
        }
    }
    return sessionStateInfoBean;
}

Example 14 with LocalSessionStateBean

use of password.pwm.bean.LocalSessionStateBean in project pwm by pwm-project.

the class SessionFilter method handleStandardRequestOperations.

private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    // debug the http session headers
    if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
        LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
        pwmSession.getSessionStateBean().setDebugInitialized(true);
    }
    try {
        pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
    }
    // mark last url
    if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
        ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
    }
    // mark last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    // check the page leave notice
    if (checkPageLeaveNotice(pwmSession, config)) {
        LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
        pwmRequest.invalidateSession();
        resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
        return ProcessStatus.Halt;
    }
    // override session locale due to parameter
    handleLocaleParam(pwmRequest);
    // set the session's theme
    handleThemeParam(pwmRequest);
    // check the sso override flag
    handleSsoOverrideParam(pwmRequest);
    // check for session verification failure
    if (!ssBean.isSessionVerified()) {
        // ignore resource requests
        final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
        if (mode == SessionVerificationMode.OFF) {
            ssBean.setSessionVerified(true);
        } else {
            if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
                return ProcessStatus.Halt;
            }
        }
    }
    {
        final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
        final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
        if (forwardURL != null && forwardURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setForwardURL(forwardURL);
            LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
        }
    }
    {
        final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
        final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
        if (logoutURL != null && logoutURL.length() > 0) {
            try {
                checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
            } catch (PwmOperationalException e) {
                LOGGER.error(pwmRequest, e.getErrorInformation());
                pwmRequest.respondWithError(e.getErrorInformation());
                return ProcessStatus.Halt;
            }
            ssBean.setLogoutURL(logoutURL);
            LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
        }
    }
    {
        final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
        if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
            LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
            pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        }
    }
    // update last request time.
    ssBean.setSessionLastAccessedTime(Instant.now());
    if (pwmApplication.getStatisticsManager() != null) {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
    }
    return ProcessStatus.Continue;
}

Example 15 with LocalSessionStateBean

use of password.pwm.bean.LocalSessionStateBean in project pwm by pwm-project.

the class RequestInitializationFilter method handleRequestInitialization.

public static void handleRequestInitialization(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final PwmURL pwmURL = pwmRequest.getURL();
    // mark if first request
    if (ssBean.getSessionCreationTime() == null) {
        ssBean.setSessionCreationTime(Instant.now());
        ssBean.setSessionLastAccessedTime(Instant.now());
    }
    // mark session ip address
    if (ssBean.getSrcAddress() == null) {
        ssBean.setSrcAddress(readUserIPAddress(pwmRequest.getHttpServletRequest(), pwmRequest.getConfig()));
    }
    // mark the user's hostname in the session bean
    if (ssBean.getSrcHostname() == null) {
        ssBean.setSrcHostname(readUserHostname(pwmRequest.getHttpServletRequest(), pwmRequest.getConfig()));
    }
    // update the privateUrlAccessed flag
    if (pwmURL.isPrivateUrl()) {
        ssBean.setPrivateUrlAccessed(true);
    }
    // initialize the session's locale
    if (ssBean.getLocale() == null) {
        initializeLocaleAndTheme(pwmRequest);
    }
    // set idle timeout
    PwmSessionWrapper.setHttpSessionIdleTimeout(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), pwmRequest.getHttpServletRequest().getSession());
}