Examples with LoginInfoBean password.pwm.bean.LoginInfoBean used on opensource projects

Example 6 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class CryptoCookieLoginImpl method readLoginSessionState.

@Override
public void readLoginSessionState(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    final LoginInfoBean remoteLoginCookie;
    try {
        remoteLoginCookie = pwmRequest.readEncryptedCookie(cookieName, LoginInfoBean.class);
    } catch (PwmUnrecoverableException e) {
        final String errorMsg = "unexpected error reading login cookie, will clear and ignore; error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.error(pwmRequest, errorInformation);
        clearLoginSession(pwmRequest);
        return;
    }
    if (remoteLoginCookie != null) {
        try {
            try {
                checkIfRemoteLoginCookieIsValid(pwmRequest, remoteLoginCookie);
            } catch (PwmOperationalException e) {
                LOGGER.debug(pwmRequest, e.getErrorInformation().toDebugStr());
                clearLoginSession(pwmRequest);
                return;
            }
            checkIfLoginCookieIsForeign(pwmRequest, remoteLoginCookie);
            importRemoteCookie(pwmRequest, remoteLoginCookie);
        } catch (Exception e) {
            final String errorMsg = "unexpected error authenticating using crypto session cookie: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
            LOGGER.error(pwmRequest, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
}

Example 7 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class OAuthMachine method checkOAuthExpiration.

public boolean checkOAuthExpiration(final PwmRequest pwmRequest) {
    if (!Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.OAUTH_ENABLE_TOKEN_REFRESH))) {
        return false;
    }
    final LoginInfoBean loginInfoBean = pwmRequest.getPwmSession().getLoginInfoBean();
    final Instant expirationDate = loginInfoBean.getOauthExp();
    if (expirationDate == null || Instant.now().isBefore(expirationDate)) {
        // not expired
        return false;
    }
    LOGGER.trace(pwmRequest, "oauth access token has expired, attempting to refresh");
    try {
        final OAuthResolveResults resolveResults = makeOAuthRefreshRequest(pwmRequest, loginInfoBean.getOauthRefToken());
        if (resolveResults != null) {
            if (resolveResults.getExpiresSeconds() > 0) {
                final Instant accessTokenExpirationDate = Instant.ofEpochMilli(System.currentTimeMillis() + 1000 * resolveResults.getExpiresSeconds());
                LOGGER.trace(pwmRequest, "noted oauth access token expiration at timestamp " + JavaHelper.toIsoDate(accessTokenExpirationDate));
                loginInfoBean.setOauthExp(accessTokenExpirationDate);
                loginInfoBean.setOauthRefToken(resolveResults.getRefreshToken());
                return false;
            }
        }
    } catch (PwmUnrecoverableException e) {
        LOGGER.error(pwmRequest, "error while processing oauth token refresh: " + e.getMessage());
    }
    LOGGER.error(pwmRequest, "unable to refresh oauth token for user, unauthenticated session");
    pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
    return true;
}

Example 8 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class SessionAuthenticator method postAuthenticationSequence.

private void postAuthenticationSequence(final UserIdentity userIdentity, final AuthenticationResult authenticationResult) throws PwmUnrecoverableException, ChaiUnavailableException {
    final IntruderManager intruderManager = pwmApplication.getIntruderManager();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    // auth succeed
    loginInfoBean.setAuthenticated(true);
    loginInfoBean.setUserIdentity(userIdentity);
    // update the session connection
    pwmSession.getSessionManager().setChaiProvider(authenticationResult.getUserProvider());
    // update the actor user info bean
    {
        final UserInfo userInfoBean;
        if (authenticationResult.getAuthenticationType() == AuthenticationType.AUTH_BIND_INHIBIT) {
            userInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), ssBean.getLocale(), userIdentity, pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()));
        } else {
            userInfoBean = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmSession.getLabel(), userIdentity, ssBean.getLocale(), authenticationResult.getUserPassword());
        }
        pwmSession.setUserInfo(userInfoBean);
    }
    // mark the auth time
    pwmSession.getLoginInfoBean().setAuthTime(Instant.now());
    // update the resulting authType
    pwmSession.getLoginInfoBean().setType(authenticationResult.getAuthenticationType());
    pwmSession.getLoginInfoBean().setAuthSource(authenticationSource);
    // save the password in the login bean
    final PasswordData userPassword = authenticationResult.getUserPassword();
    pwmSession.getLoginInfoBean().setUserCurrentPassword(userPassword);
    // notify the intruder manager with a successful login
    intruderManager.clear(RecordType.USERNAME, pwmSession.getUserInfo().getUsername());
    intruderManager.convenience().clearUserIdentity(userIdentity);
    intruderManager.convenience().clearAddressAndSession(pwmSession);
    if (pwmApplication.getStatisticsManager() != null) {
        final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
        if (pwmSession.getUserInfo().getPasswordStatus().isWarnPeriod()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED_WARNING);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isPreExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_PRE_EXPIRED);
        } else if (pwmSession.getUserInfo().getPasswordStatus().isExpired()) {
            statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED);
        }
    }
    // clear permission cache - needs rechecking after login
    LOGGER.debug(pwmSession, "clearing permission cache");
    pwmSession.getUserSessionDataCacheBean().clearPermissions();
}

Example 9 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class SessionTrackService method infoBeanFromPwmSession.

private static SessionStateInfoBean infoBeanFromPwmSession(final PwmSession loopSession) {
    final LocalSessionStateBean loopSsBean = loopSession.getSessionStateBean();
    final LoginInfoBean loginInfoBean = loopSession.getLoginInfoBean();
    final SessionStateInfoBean sessionStateInfoBean = new SessionStateInfoBean();
    sessionStateInfoBean.setLabel(loopSession.getSessionStateBean().getSessionID());
    sessionStateInfoBean.setCreateTime(loopSession.getSessionStateBean().getSessionCreationTime());
    sessionStateInfoBean.setLastTime(loopSession.getSessionStateBean().getSessionLastAccessedTime());
    sessionStateInfoBean.setIdle(loopSession.getIdleTime().asCompactString());
    sessionStateInfoBean.setLocale(loopSsBean.getLocale());
    sessionStateInfoBean.setSrcAddress(loopSsBean.getSrcAddress());
    sessionStateInfoBean.setSrcHost(loopSsBean.getSrcHostname());
    sessionStateInfoBean.setLastUrl(loopSsBean.getLastRequestURL());
    sessionStateInfoBean.setIntruderAttempts(loopSsBean.getIntruderAttempts());
    if (loopSession.isAuthenticated()) {
        final UserInfo loopUiBean = loopSession.getUserInfo();
        sessionStateInfoBean.setLdapProfile(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getLdapProfileID() : "");
        sessionStateInfoBean.setUserDN(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getUserDN() : "");
        try {
            sessionStateInfoBean.setUserID(loginInfoBean.isAuthenticated() ? loopUiBean.getUsername() : "");
        } catch (PwmUnrecoverableException e) {
            LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
        }
    }
    return sessionStateInfoBean;
}

Example 10 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class PasswordUtility method sendNewPassword.

public static String sendNewPassword(final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword, final Locale userLocale, final MessageSendMethod messageSendMethod) throws PwmOperationalException, PwmUnrecoverableException {
    final String emailAddress = userInfo.getUserEmailAddress();
    final String smsNumber = userInfo.getUserSmsNumber();
    String returnToAddress = emailAddress;
    final MacroMachine macroMachine;
    {
        final LoginInfoBean loginInfoBean = new LoginInfoBean();
        loginInfoBean.setUserCurrentPassword(newPassword);
        loginInfoBean.setUserIdentity(userInfo.getUserIdentity());
        macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
    }
    final ErrorInformation error;
    switch(messageSendMethod) {
        case SMSONLY:
            // Only try SMS
            error = sendNewPasswordSms(userInfo, pwmApplication, macroMachine, newPassword, smsNumber, userLocale);
            returnToAddress = smsNumber;
            break;
        case EMAILONLY:
        default:
            // Only try email
            error = sendNewPasswordEmail(userInfo, pwmApplication, macroMachine, newPassword, emailAddress, userLocale);
            break;
    }
    if (error != null) {
        throw new PwmOperationalException(error);
    }
    return returnToAddress;
}