use of password.pwm.bean.SessionLabel in project pwm by pwm-project.
the class PwmSession method getLabel.
public SessionLabel getLabel() {
final LocalSessionStateBean ssBean = this.getSessionStateBean();
String userID = null;
try {
userID = isAuthenticated() ? this.getUserInfo().getUsername() : null;
} catch (PwmUnrecoverableException e) {
LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
}
final UserIdentity userIdentity = isAuthenticated() ? this.getUserInfo().getUserIdentity() : null;
return new SessionLabel(ssBean.getSessionID(), userIdentity, userID, ssBean.getSrcAddress(), ssBean.getSrcAddress());
}
use of password.pwm.bean.SessionLabel in project pwm by pwm-project.
the class PasswordUtility method helpdeskSetUserPassword.
public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final SessionLabel sessionLabel = pwmSession.getLabel();
final UserIdentity userIdentity = userInfo.getUserIdentity();
if (!pwmSession.isAuthenticated()) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
if (helpdeskProfile == null) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
// create a proxy user object for pwm to update/read the user.
final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// update statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
{
// execute configured actions
LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
final List<ActionConfiguration> actions = new ArrayList<>();
actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
if (!actions.isEmpty()) {
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
if (settingClearResponses == HelpdeskClearResponseMode.yes) {
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// send email notification
sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
// expire if so configured
if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
try {
proxiedUser.expirePassword();
} catch (ChaiOperationException e) {
LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
}
}
// send password
final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
if (sendPassword) {
final MessageSendMethod messageSendMethod;
{
final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
}
PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
}
}
use of password.pwm.bean.SessionLabel in project pwm by pwm-project.
the class PwmLogger method doPwmSessionLogEvent.
private void doPwmSessionLogEvent(final PwmLogLevel level, final PwmSession pwmSession, final Object message, final Throwable e) {
final SessionLabel sessionLabel = pwmSession != null ? pwmSession.getLabel() : null;
Object cleanedMessage = message;
if (pwmSession != null && message != null) {
try {
cleanedMessage = PwmLogger.removeUserDataFromString(pwmSession.getLoginInfoBean(), message.toString());
} catch (PwmUnrecoverableException e1) {
/* can't be logged */
}
}
doLogEvent(level, sessionLabel, cleanedMessage, e);
}
use of password.pwm.bean.SessionLabel in project pwm by pwm-project.
the class RestServlet method service.
protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
final Instant startTime = Instant.now();
RestResultBean restResultBean = RestResultBean.fromError(new ErrorInformation(PwmError.ERROR_APP_UNAVAILABLE), false);
final PwmApplication pwmApplication;
try {
pwmApplication = ContextManager.getContextManager(req.getServletContext()).getPwmApplication();
} catch (PwmUnrecoverableException e) {
outputRestResultBean(restResultBean, req, resp);
return;
}
final Locale locale;
{
final List<Locale> knownLocales = pwmApplication.getConfig().getKnownLocales();
locale = LocaleHelper.localeResolver(req.getLocale(), knownLocales);
}
final SessionLabel sessionLabel;
try {
sessionLabel = new SessionLabel("rest-" + REQUEST_COUNTER.next(), null, null, RequestInitializationFilter.readUserIPAddress(req, pwmApplication.getConfig()), RequestInitializationFilter.readUserHostname(req, pwmApplication.getConfig()));
} catch (PwmUnrecoverableException e) {
restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
outputRestResultBean(restResultBean, req, resp);
return;
}
LOGGER.trace(sessionLabel, "beginning rest service invocation");
if (pwmApplication.getApplicationMode() != PwmApplicationMode.RUNNING) {
outputRestResultBean(restResultBean, req, resp);
return;
}
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.ENABLE_EXTERNAL_WEBSERVICES)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "webservices are not enabled");
restResultBean = RestResultBean.fromError(errorInformation, pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
outputRestResultBean(restResultBean, req, resp);
return;
}
try {
final RestAuthentication restAuthentication = new RestAuthenticationProcessor(pwmApplication, sessionLabel, req).readRestAuthentication();
LOGGER.debug(sessionLabel, "rest request authentication status: " + JsonUtil.serialize(restAuthentication));
final RestRequest restRequest = RestRequest.forRequest(pwmApplication, restAuthentication, sessionLabel, req);
RequestInitializationFilter.addStaticResponseHeaders(pwmApplication, resp);
preCheck(restRequest);
preCheckRequest(restRequest);
restResultBean = invokeWebService(restRequest);
} catch (PwmUnrecoverableException e) {
restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
} catch (Throwable e) {
final String errorMsg = "internal error during rest service invocation: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
restResultBean = RestResultBean.fromError(errorInformation, pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
LOGGER.error(sessionLabel, errorInformation);
}
outputRestResultBean(restResultBean, req, resp);
LOGGER.trace(sessionLabel, "completed rest invocation in " + TimeDuration.compactFromCurrent(startTime) + " success=" + !restResultBean.isError());
}
use of password.pwm.bean.SessionLabel in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
Aggregations