Examples with LoginInfoBean password.pwm.bean.LoginInfoBean used on opensource projects

Example 1 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class PasswordUtility method helpdeskSetUserPassword.

public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final SessionLabel sessionLabel = pwmSession.getLabel();
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    if (!pwmSession.isAuthenticated()) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
    if (helpdeskProfile == null) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // mark the event log
    {
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // update statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
    {
        // execute configured actions
        LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
        final List<ActionConfiguration> actions = new ArrayList<>();
        actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
        actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
        if (!actions.isEmpty()) {
            final LoginInfoBean loginInfoBean = new LoginInfoBean();
            loginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
    if (settingClearResponses == HelpdeskClearResponseMode.yes) {
        final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
        // mark the event log
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // send email notification
    sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
    // expire if so configured
    if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
        LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
        try {
            proxiedUser.expirePassword();
        } catch (ChaiOperationException e) {
            LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
        }
    }
    // send password
    final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
    if (sendPassword) {
        final MessageSendMethod messageSendMethod;
        {
            final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
            final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
            messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        }
        PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
    }
}

Example 2 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class ChangePasswordServlet method processFormAction.

@ActionHandler(action = "form")
ProcessStatus processFormAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
    final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
    final LoginInfoBean loginBean = pwmRequest.getPwmSession().getLoginInfoBean();
    final PasswordData currentPassword = pwmRequest.readParameterAsPassword("currentPassword");
    // check the current password
    if (cpb.isCurrentPasswordRequired() && loginBean.getUserCurrentPassword() != null) {
        if (currentPassword == null) {
            LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is missing");
            setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER));
            return ProcessStatus.Continue;
        }
        final boolean passed;
        {
            final boolean caseSensitive = Boolean.parseBoolean(userInfo.getPasswordPolicy().getValue(PwmPasswordRule.CaseSensitive));
            final PasswordData storedPassword = loginBean.getUserCurrentPassword();
            passed = caseSensitive ? storedPassword.equals(currentPassword) : storedPassword.equalsIgnoreCase(currentPassword);
        }
        if (!passed) {
            pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
            LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is incorrect");
            setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_BAD_CURRENT_PASSWORD));
            return ProcessStatus.Continue;
        }
        cpb.setCurrentPasswordPassed(true);
    }
    final List<FormConfiguration> formItem = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PASSWORD_REQUIRE_FORM);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItem, ssBean.getLocale());
        ChangePasswordServletUtil.validateParamsAgainstLDAP(formValues, pwmRequest.getPwmSession(), pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication()));
        cpb.setFormPassed(true);
    } catch (PwmOperationalException e) {
        pwmRequest.getPwmApplication().getIntruderManager().convenience().markAddressAndSession(pwmRequest.getPwmSession());
        pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
        LOGGER.debug(pwmRequest, e.getErrorInformation());
        setLastError(pwmRequest, e.getErrorInformation());
        return ProcessStatus.Continue;
    }
    return ProcessStatus.Continue;
}

Example 3 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class MacroTest method testUserMacros.

@Test
public void testUserMacros() throws Exception {
    final String userDN = "cn=test1,ou=test,o=org";
    final MacroMachine macroMachine;
    {
        final PwmApplication pwmApplication = mock(PwmApplication.class);
        when(pwmApplication.getApplicationMode()).thenReturn(PwmApplicationMode.RUNNING);
        when(pwmApplication.getConfig()).thenReturn(new Configuration(StoredConfigurationImpl.newStoredConfiguration()));
        final UserInfo userInfo = mock(UserInfo.class);
        final UserIdentity userIdentity = new UserIdentity(userDN, "profile");
        when(userInfo.getUserIdentity()).thenReturn(userIdentity);
        when(userInfo.readStringAttribute("givenName")).thenReturn("Jason");
        final LoginInfoBean loginInfoBean = mock(LoginInfoBean.class);
        when(loginInfoBean.isAuthenticated()).thenReturn(true);
        when(loginInfoBean.getUserIdentity()).thenReturn(userIdentity);
        macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
    }
    {
        // userDN macro
        final String goal = userDN;
        final String expanded = macroMachine.expandMacros("@LDAP:dn@");
        Assert.assertEquals(goal, expanded);
    }
    {
        // userDN + urlEncoding macro
        final String goal = "test cn%3Dtest1%2Cou%3Dtest%2Co%3Dorg";
        final String expanded = macroMachine.expandMacros("test @Encode:urlPath:[[@LDAP:dn@]]@");
        Assert.assertEquals(goal, expanded);
    }
    {
        // user attribute macro
        final String goal = "test Jason test";
        final String expanded = macroMachine.expandMacros("test @LDAP:givenName@ test");
        Assert.assertEquals(goal, expanded);
    }
}

Example 4 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class CryptoCookieLoginImpl method saveLoginSessionState.

@Override
public void saveLoginSessionState(final PwmRequest pwmRequest) {
    try {
        final LoginInfoBean loginInfoBean = pwmRequest.getPwmSession().getLoginInfoBean();
        loginInfoBean.setReqTime(Instant.now());
        pwmRequest.getPwmResponse().writeEncryptedCookie(cookieName, loginInfoBean, COOKIE_PATH);
        LOGGER.trace(pwmRequest, "wrote LoginInfoBean=" + loginInfoBean.toDebugString());
    } catch (PwmUnrecoverableException e) {
        final String errorMsg = "unexpected error writing login cookie to response: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.error(pwmRequest, errorInformation);
    }
}

Example 5 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class CryptoCookieLoginImpl method importRemoteCookie.

private static void importRemoteCookie(final PwmRequest pwmRequest, final LoginInfoBean remoteLoginCookie) throws PwmUnrecoverableException {
    if (remoteLoginCookie == null) {
        return;
    }
    final LoginInfoBean localLoginCookie = pwmRequest.getPwmSession().getLoginInfoBean();
    if (remoteLoginCookie.isAuthenticated()) {
        if (localLoginCookie.isAuthenticated()) {
            // should never get here unless one of container session and app session key are swapped between users.
            final UserIdentity remoteIdentity = remoteLoginCookie.getUserIdentity();
            final UserIdentity localIdentity = localLoginCookie.getUserIdentity();
            if (remoteIdentity != null && localIdentity != null && !remoteIdentity.equals(localIdentity)) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_BAD_SESSION, "remote and local session identities differ"));
            }
        } else {
            LOGGER.debug(pwmRequest, "triggering authentication because request contains an authenticated session but local session is unauthenticated");
            final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), remoteLoginCookie.getAuthSource());
            try {
                if (remoteLoginCookie.getUserIdentity() == null) {
                    sessionAuthenticator.authUserWithUnknownPassword(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getType());
                } else {
                    sessionAuthenticator.authenticateUser(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getUserCurrentPassword());
                }
                remoteLoginCookie.getAuthFlags().add(AuthenticationType.AUTH_FROM_REQ_COOKIE);
                LOGGER.debug(pwmRequest, "logged in using encrypted request cookie = " + JsonUtil.serialize(remoteLoginCookie));
            } catch (Exception e) {
                final String errorMsg = "unexpected error reading session cookie: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                LOGGER.error(pwmRequest, errorInformation);
                throw new PwmUnrecoverableException(errorInformation);
            }
        }
    }
    if (pwmRequest.getConfig().isDevDebugMode()) {
        LOGGER.trace(pwmRequest, "imported LoginInfoBean=" + remoteLoginCookie.toDebugString());
    }
    pwmRequest.getPwmSession().setLoginInfoBean(remoteLoginCookie);
}