use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class PasswordUtility method helpdeskSetUserPassword.
public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final SessionLabel sessionLabel = pwmSession.getLabel();
final UserIdentity userIdentity = userInfo.getUserIdentity();
if (!pwmSession.isAuthenticated()) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
if (helpdeskProfile == null) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
// create a proxy user object for pwm to update/read the user.
final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// update statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
{
// execute configured actions
LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
final List<ActionConfiguration> actions = new ArrayList<>();
actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
if (!actions.isEmpty()) {
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
if (settingClearResponses == HelpdeskClearResponseMode.yes) {
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// send email notification
sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
// expire if so configured
if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
try {
proxiedUser.expirePassword();
} catch (ChaiOperationException e) {
LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
}
}
// send password
final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
if (sendPassword) {
final MessageSendMethod messageSendMethod;
{
final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
}
PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
}
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class ChangePasswordServlet method processFormAction.
@ActionHandler(action = "form")
ProcessStatus processFormAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
final LoginInfoBean loginBean = pwmRequest.getPwmSession().getLoginInfoBean();
final PasswordData currentPassword = pwmRequest.readParameterAsPassword("currentPassword");
// check the current password
if (cpb.isCurrentPasswordRequired() && loginBean.getUserCurrentPassword() != null) {
if (currentPassword == null) {
LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is missing");
setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER));
return ProcessStatus.Continue;
}
final boolean passed;
{
final boolean caseSensitive = Boolean.parseBoolean(userInfo.getPasswordPolicy().getValue(PwmPasswordRule.CaseSensitive));
final PasswordData storedPassword = loginBean.getUserCurrentPassword();
passed = caseSensitive ? storedPassword.equals(currentPassword) : storedPassword.equalsIgnoreCase(currentPassword);
}
if (!passed) {
pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is incorrect");
setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_BAD_CURRENT_PASSWORD));
return ProcessStatus.Continue;
}
cpb.setCurrentPasswordPassed(true);
}
final List<FormConfiguration> formItem = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PASSWORD_REQUIRE_FORM);
try {
// read the values from the request
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItem, ssBean.getLocale());
ChangePasswordServletUtil.validateParamsAgainstLDAP(formValues, pwmRequest.getPwmSession(), pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication()));
cpb.setFormPassed(true);
} catch (PwmOperationalException e) {
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAddressAndSession(pwmRequest.getPwmSession());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
LOGGER.debug(pwmRequest, e.getErrorInformation());
setLastError(pwmRequest, e.getErrorInformation());
return ProcessStatus.Continue;
}
return ProcessStatus.Continue;
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class MacroTest method testUserMacros.
@Test
public void testUserMacros() throws Exception {
final String userDN = "cn=test1,ou=test,o=org";
final MacroMachine macroMachine;
{
final PwmApplication pwmApplication = mock(PwmApplication.class);
when(pwmApplication.getApplicationMode()).thenReturn(PwmApplicationMode.RUNNING);
when(pwmApplication.getConfig()).thenReturn(new Configuration(StoredConfigurationImpl.newStoredConfiguration()));
final UserInfo userInfo = mock(UserInfo.class);
final UserIdentity userIdentity = new UserIdentity(userDN, "profile");
when(userInfo.getUserIdentity()).thenReturn(userIdentity);
when(userInfo.readStringAttribute("givenName")).thenReturn("Jason");
final LoginInfoBean loginInfoBean = mock(LoginInfoBean.class);
when(loginInfoBean.isAuthenticated()).thenReturn(true);
when(loginInfoBean.getUserIdentity()).thenReturn(userIdentity);
macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
}
{
// userDN macro
final String goal = userDN;
final String expanded = macroMachine.expandMacros("@LDAP:dn@");
Assert.assertEquals(goal, expanded);
}
{
// userDN + urlEncoding macro
final String goal = "test cn%3Dtest1%2Cou%3Dtest%2Co%3Dorg";
final String expanded = macroMachine.expandMacros("test @Encode:urlPath:[[@LDAP:dn@]]@");
Assert.assertEquals(goal, expanded);
}
{
// user attribute macro
final String goal = "test Jason test";
final String expanded = macroMachine.expandMacros("test @LDAP:givenName@ test");
Assert.assertEquals(goal, expanded);
}
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class CryptoCookieLoginImpl method saveLoginSessionState.
@Override
public void saveLoginSessionState(final PwmRequest pwmRequest) {
try {
final LoginInfoBean loginInfoBean = pwmRequest.getPwmSession().getLoginInfoBean();
loginInfoBean.setReqTime(Instant.now());
pwmRequest.getPwmResponse().writeEncryptedCookie(cookieName, loginInfoBean, COOKIE_PATH);
LOGGER.trace(pwmRequest, "wrote LoginInfoBean=" + loginInfoBean.toDebugString());
} catch (PwmUnrecoverableException e) {
final String errorMsg = "unexpected error writing login cookie to response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(pwmRequest, errorInformation);
}
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class CryptoCookieLoginImpl method importRemoteCookie.
private static void importRemoteCookie(final PwmRequest pwmRequest, final LoginInfoBean remoteLoginCookie) throws PwmUnrecoverableException {
if (remoteLoginCookie == null) {
return;
}
final LoginInfoBean localLoginCookie = pwmRequest.getPwmSession().getLoginInfoBean();
if (remoteLoginCookie.isAuthenticated()) {
if (localLoginCookie.isAuthenticated()) {
// should never get here unless one of container session and app session key are swapped between users.
final UserIdentity remoteIdentity = remoteLoginCookie.getUserIdentity();
final UserIdentity localIdentity = localLoginCookie.getUserIdentity();
if (remoteIdentity != null && localIdentity != null && !remoteIdentity.equals(localIdentity)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_BAD_SESSION, "remote and local session identities differ"));
}
} else {
LOGGER.debug(pwmRequest, "triggering authentication because request contains an authenticated session but local session is unauthenticated");
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), remoteLoginCookie.getAuthSource());
try {
if (remoteLoginCookie.getUserIdentity() == null) {
sessionAuthenticator.authUserWithUnknownPassword(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getType());
} else {
sessionAuthenticator.authenticateUser(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getUserCurrentPassword());
}
remoteLoginCookie.getAuthFlags().add(AuthenticationType.AUTH_FROM_REQ_COOKIE);
LOGGER.debug(pwmRequest, "logged in using encrypted request cookie = " + JsonUtil.serialize(remoteLoginCookie));
} catch (Exception e) {
final String errorMsg = "unexpected error reading session cookie: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(pwmRequest, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
}
}
}
if (pwmRequest.getConfig().isDevDebugMode()) {
LOGGER.trace(pwmRequest, "imported LoginInfoBean=" + remoteLoginCookie.toDebugString());
}
pwmRequest.getPwmSession().setLoginInfoBean(remoteLoginCookie);
}
Aggregations