use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class CryptoCookieLoginImpl method readLoginSessionState.
@Override
public void readLoginSessionState(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final LoginInfoBean remoteLoginCookie;
try {
remoteLoginCookie = pwmRequest.readEncryptedCookie(cookieName, LoginInfoBean.class);
} catch (PwmUnrecoverableException e) {
final String errorMsg = "unexpected error reading login cookie, will clear and ignore; error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(pwmRequest, errorInformation);
clearLoginSession(pwmRequest);
return;
}
if (remoteLoginCookie != null) {
try {
try {
checkIfRemoteLoginCookieIsValid(pwmRequest, remoteLoginCookie);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmRequest, e.getErrorInformation().toDebugStr());
clearLoginSession(pwmRequest);
return;
}
checkIfLoginCookieIsForeign(pwmRequest, remoteLoginCookie);
importRemoteCookie(pwmRequest, remoteLoginCookie);
} catch (Exception e) {
final String errorMsg = "unexpected error authenticating using crypto session cookie: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(pwmRequest, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
}
}
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class OAuthMachine method checkOAuthExpiration.
public boolean checkOAuthExpiration(final PwmRequest pwmRequest) {
if (!Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.OAUTH_ENABLE_TOKEN_REFRESH))) {
return false;
}
final LoginInfoBean loginInfoBean = pwmRequest.getPwmSession().getLoginInfoBean();
final Instant expirationDate = loginInfoBean.getOauthExp();
if (expirationDate == null || Instant.now().isBefore(expirationDate)) {
// not expired
return false;
}
LOGGER.trace(pwmRequest, "oauth access token has expired, attempting to refresh");
try {
final OAuthResolveResults resolveResults = makeOAuthRefreshRequest(pwmRequest, loginInfoBean.getOauthRefToken());
if (resolveResults != null) {
if (resolveResults.getExpiresSeconds() > 0) {
final Instant accessTokenExpirationDate = Instant.ofEpochMilli(System.currentTimeMillis() + 1000 * resolveResults.getExpiresSeconds());
LOGGER.trace(pwmRequest, "noted oauth access token expiration at timestamp " + JavaHelper.toIsoDate(accessTokenExpirationDate));
loginInfoBean.setOauthExp(accessTokenExpirationDate);
loginInfoBean.setOauthRefToken(resolveResults.getRefreshToken());
return false;
}
}
} catch (PwmUnrecoverableException e) {
LOGGER.error(pwmRequest, "error while processing oauth token refresh: " + e.getMessage());
}
LOGGER.error(pwmRequest, "unable to refresh oauth token for user, unauthenticated session");
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
return true;
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class SessionAuthenticator method postAuthenticationSequence.
private void postAuthenticationSequence(final UserIdentity userIdentity, final AuthenticationResult authenticationResult) throws PwmUnrecoverableException, ChaiUnavailableException {
final IntruderManager intruderManager = pwmApplication.getIntruderManager();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
// auth succeed
loginInfoBean.setAuthenticated(true);
loginInfoBean.setUserIdentity(userIdentity);
// update the session connection
pwmSession.getSessionManager().setChaiProvider(authenticationResult.getUserProvider());
// update the actor user info bean
{
final UserInfo userInfoBean;
if (authenticationResult.getAuthenticationType() == AuthenticationType.AUTH_BIND_INHIBIT) {
userInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), ssBean.getLocale(), userIdentity, pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()));
} else {
userInfoBean = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmSession.getLabel(), userIdentity, ssBean.getLocale(), authenticationResult.getUserPassword());
}
pwmSession.setUserInfo(userInfoBean);
}
// mark the auth time
pwmSession.getLoginInfoBean().setAuthTime(Instant.now());
// update the resulting authType
pwmSession.getLoginInfoBean().setType(authenticationResult.getAuthenticationType());
pwmSession.getLoginInfoBean().setAuthSource(authenticationSource);
// save the password in the login bean
final PasswordData userPassword = authenticationResult.getUserPassword();
pwmSession.getLoginInfoBean().setUserCurrentPassword(userPassword);
// notify the intruder manager with a successful login
intruderManager.clear(RecordType.USERNAME, pwmSession.getUserInfo().getUsername());
intruderManager.convenience().clearUserIdentity(userIdentity);
intruderManager.convenience().clearAddressAndSession(pwmSession);
if (pwmApplication.getStatisticsManager() != null) {
final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
if (pwmSession.getUserInfo().getPasswordStatus().isWarnPeriod()) {
statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED_WARNING);
} else if (pwmSession.getUserInfo().getPasswordStatus().isPreExpired()) {
statisticsManager.incrementValue(Statistic.AUTHENTICATION_PRE_EXPIRED);
} else if (pwmSession.getUserInfo().getPasswordStatus().isExpired()) {
statisticsManager.incrementValue(Statistic.AUTHENTICATION_EXPIRED);
}
}
// clear permission cache - needs rechecking after login
LOGGER.debug(pwmSession, "clearing permission cache");
pwmSession.getUserSessionDataCacheBean().clearPermissions();
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class SessionTrackService method infoBeanFromPwmSession.
private static SessionStateInfoBean infoBeanFromPwmSession(final PwmSession loopSession) {
final LocalSessionStateBean loopSsBean = loopSession.getSessionStateBean();
final LoginInfoBean loginInfoBean = loopSession.getLoginInfoBean();
final SessionStateInfoBean sessionStateInfoBean = new SessionStateInfoBean();
sessionStateInfoBean.setLabel(loopSession.getSessionStateBean().getSessionID());
sessionStateInfoBean.setCreateTime(loopSession.getSessionStateBean().getSessionCreationTime());
sessionStateInfoBean.setLastTime(loopSession.getSessionStateBean().getSessionLastAccessedTime());
sessionStateInfoBean.setIdle(loopSession.getIdleTime().asCompactString());
sessionStateInfoBean.setLocale(loopSsBean.getLocale());
sessionStateInfoBean.setSrcAddress(loopSsBean.getSrcAddress());
sessionStateInfoBean.setSrcHost(loopSsBean.getSrcHostname());
sessionStateInfoBean.setLastUrl(loopSsBean.getLastRequestURL());
sessionStateInfoBean.setIntruderAttempts(loopSsBean.getIntruderAttempts());
if (loopSession.isAuthenticated()) {
final UserInfo loopUiBean = loopSession.getUserInfo();
sessionStateInfoBean.setLdapProfile(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getLdapProfileID() : "");
sessionStateInfoBean.setUserDN(loginInfoBean.isAuthenticated() ? loopUiBean.getUserIdentity().getUserDN() : "");
try {
sessionStateInfoBean.setUserID(loginInfoBean.isAuthenticated() ? loopUiBean.getUsername() : "");
} catch (PwmUnrecoverableException e) {
LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
}
}
return sessionStateInfoBean;
}
use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.
the class PasswordUtility method sendNewPassword.
public static String sendNewPassword(final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword, final Locale userLocale, final MessageSendMethod messageSendMethod) throws PwmOperationalException, PwmUnrecoverableException {
final String emailAddress = userInfo.getUserEmailAddress();
final String smsNumber = userInfo.getUserSmsNumber();
String returnToAddress = emailAddress;
final MacroMachine macroMachine;
{
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
loginInfoBean.setUserIdentity(userInfo.getUserIdentity());
macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
}
final ErrorInformation error;
switch(messageSendMethod) {
case SMSONLY:
// Only try SMS
error = sendNewPasswordSms(userInfo, pwmApplication, macroMachine, newPassword, smsNumber, userLocale);
returnToAddress = smsNumber;
break;
case EMAILONLY:
default:
// Only try email
error = sendNewPasswordEmail(userInfo, pwmApplication, macroMachine, newPassword, emailAddress, userLocale);
break;
}
if (error != null) {
throw new PwmOperationalException(error);
}
return returnToAddress;
}
Aggregations