Examples with LoginInfoBean password.pwm.bean.LoginInfoBean used on opensource projects

Example 11 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class PasswordUtility method setActorPassword.

/**
 * This is the entry point under which all password changes are managed.
 * The following is the general procedure when this method is invoked.
 * <ul>
 * <li> password is checked against PWM password requirement </li>
 * <li> ldap password set is attempted<br/>
 * <br/>if successful:
 * <ul>
 * <li> uiBean is updated with old and new passwords </li>
 * <li> uiBean's password expire flag is set to false </li>
 * <li> any configured external methods are invoked </li>
 * <li> user email notification is sent </li>
 * <li> return true </li>
 * </ul>
 * <br/>if unsuccessful
 * <ul>
 * <li> ssBean is updated with appropriate error </li>
 * <li> return false </li>
 * </ul>
 * </li>
 * </ul>
 *
 * @param newPassword the new password that is being set.
 * @param pwmSession  beanmanager for config and user info lookup
 * @throws com.novell.ldapchai.exception.ChaiUnavailableException if the ldap directory is not unavailable
 * @throws password.pwm.error.PwmUnrecoverableException           if user is not authenticated
 */
public static void setActorPassword(final PwmSession pwmSession, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final UserInfo userInfo = pwmSession.getUserInfo();
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.CHANGE_PASSWORD)) {
        final String errorMsg = "attempt to setActorPassword, but user does not have password change permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // but we do it just in case.
    try {
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, userInfo.getPasswordPolicy());
        pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, pwmSession.getSessionManager().getActor(pwmApplication));
    } catch (PwmDataValidationException e) {
        final String errorMsg = "attempt to setActorPassword, but password does not pass local policy validator";
        final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // retrieve the user's old password from the userInfoBean in the session
    final PasswordData oldPassword = pwmSession.getLoginInfoBean().getUserCurrentPassword();
    boolean setPasswordWithoutOld = false;
    if (oldPassword == null) {
        if (pwmSession.getSessionManager().getActor(pwmApplication).getChaiProvider().getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY) {
            setPasswordWithoutOld = true;
        }
    }
    if (!setPasswordWithoutOld) {
        // Check to make sure we actually have an old password
        if (oldPassword == null) {
            final String errorMsg = "cannot set password for user, old password is not available";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
    final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
    setPassword(pwmApplication, pwmSession.getLabel(), provider, userInfo, setPasswordWithoutOld ? null : oldPassword, newPassword);
    // update the session state bean's password modified flag
    pwmSession.getSessionStateBean().setPasswordModified(true);
    // update the login info bean with the user's new password
    pwmSession.getLoginInfoBean().setUserCurrentPassword(newPassword);
    // close any outstanding ldap connections (since they cache the old password)
    pwmSession.getSessionManager().updateUserPassword(pwmApplication, userInfo.getUserIdentity(), newPassword);
    // clear the "requires new password flag"
    pwmSession.getLoginInfoBean().getLoginFlags().remove(LoginInfoBean.LoginFlag.forcePwChange);
    // mark the auth type as authenticatePd now that we have the user's natural password.
    pwmSession.getLoginInfoBean().setType(AuthenticationType.AUTHENTICATED);
    // update the uibean's "password expired flag".
    pwmSession.reloadUserInfoBean(pwmApplication);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmSession.getSessionManager().getActor(pwmApplication);
    // update statistics
    {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.PASSWORD_CHANGES);
    }
    // invoke post password change actions
    invokePostChangePasswordActions(pwmSession, newPassword.getStringValue());
    {
        // execute configured actions
        LOGGER.debug(pwmSession, "executing configured actions to user " + proxiedUser.getEntryDN());
        final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES);
        if (configValues != null && !configValues.isEmpty()) {
            final LoginInfoBean clonedLoginInfoBean = JsonUtil.cloneUsingJson(pwmSession.getLoginInfoBean(), LoginInfoBean.class);
            clonedLoginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, pwmSession.getLabel(), pwmSession.getUserInfo(), clonedLoginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userInfo.getUserIdentity()).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(configValues, pwmSession.getLabel());
        }
    }
    // update the current last password update field in ldap
    LdapOperationsHelper.updateLastPasswordUpdateAttribute(pwmApplication, pwmSession.getLabel(), userInfo.getUserIdentity());
}

Example 12 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class AuthenticationFilter method forceRequiredRedirects.

public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmURL pwmURL = pwmRequest.getURL();
    final UserInfo userInfo = pwmSession.getUserInfo();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
        return ProcessStatus.Continue;
    }
    if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
        return ProcessStatus.Continue;
    }
    // high priority pw change
    if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
        if (!pwmURL.isChangePasswordURL()) {
            LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
            pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    // if change password in progress and req is for ChangePassword servlet, then allow request as is
    if (pwmURL.isChangePasswordURL()) {
        final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
        final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
        if (progressTracker != null && progressTracker.getBeginTime() != null) {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresResponseConfig()) {
        if (!pwmURL.isSetupResponsesURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
        if (!pwmURL.isSetupOtpSecretURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresUpdateProfile()) {
        if (!pwmURL.isProfileUpdateURL()) {
            LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (!pwmURL.isChangePasswordURL()) {
        if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
            LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
            LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    return ProcessStatus.Continue;
}

Example 13 with LoginInfoBean

use of password.pwm.bean.LoginInfoBean in project pwm by pwm-project.

the class NewUserUtils method createMacroMachineForNewUser.

static MacroMachine createMacroMachineForNewUser(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final NewUserForm newUserForm, final TokenDestinationItem tokenDestinationItem) throws PwmUnrecoverableException {
    final Map<String, String> formValues = newUserForm.getFormData();
    final String emailAddressAttribute = pwmApplication.getConfig().getDefaultLdapProfile().readSettingAsString(PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE);
    final String usernameAttribute = pwmApplication.getConfig().getDefaultLdapProfile().readSettingAsString(PwmSetting.LDAP_USERNAME_ATTRIBUTE);
    final LoginInfoBean stubLoginBean = new LoginInfoBean();
    stubLoginBean.setUserCurrentPassword(newUserForm.getNewUserPassword());
    final UserInfoBean stubUserBean = UserInfoBean.builder().userEmailAddress(formValues.get(emailAddressAttribute)).username(formValues.get(usernameAttribute)).attributes(formValues).build();
    final MacroMachine.StringReplacer stringReplacer = tokenDestinationItem == null ? null : TokenUtil.makeTokenDestStringReplacer(tokenDestinationItem);
    return MacroMachine.forUser(pwmApplication, sessionLabel, stubUserBean, stubLoginBean, stringReplacer);
}