Search in sources :

Example 1 with SessionLabel

use of password.pwm.bean.SessionLabel in project pwm by pwm-project.

the class PwmSession method getLabel.

public SessionLabel getLabel() {
    final LocalSessionStateBean ssBean = this.getSessionStateBean();
    String userID = null;
    try {
        userID = isAuthenticated() ? this.getUserInfo().getUsername() : null;
    } catch (PwmUnrecoverableException e) {
        LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
    }
    final UserIdentity userIdentity = isAuthenticated() ? this.getUserInfo().getUserIdentity() : null;
    return new SessionLabel(ssBean.getSessionID(), userIdentity, userID, ssBean.getSrcAddress(), ssBean.getSrcAddress());
}
Also used : SessionLabel(password.pwm.bean.SessionLabel) UserIdentity(password.pwm.bean.UserIdentity) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 2 with SessionLabel

use of password.pwm.bean.SessionLabel in project pwm by pwm-project.

the class PasswordUtility method helpdeskSetUserPassword.

public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final SessionLabel sessionLabel = pwmSession.getLabel();
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    if (!pwmSession.isAuthenticated()) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
    if (helpdeskProfile == null) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // mark the event log
    {
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // update statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
    {
        // execute configured actions
        LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
        final List<ActionConfiguration> actions = new ArrayList<>();
        actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
        actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
        if (!actions.isEmpty()) {
            final LoginInfoBean loginInfoBean = new LoginInfoBean();
            loginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
    if (settingClearResponses == HelpdeskClearResponseMode.yes) {
        final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
        // mark the event log
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // send email notification
    sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
    // expire if so configured
    if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
        LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
        try {
            proxiedUser.expirePassword();
        } catch (ChaiOperationException e) {
            LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
        }
    }
    // send password
    final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
    if (sendPassword) {
        final MessageSendMethod messageSendMethod;
        {
            final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
            final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
            messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        }
        PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) LoginInfoBean(password.pwm.bean.LoginInfoBean) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmOperationalException(password.pwm.error.PwmOperationalException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 3 with SessionLabel

use of password.pwm.bean.SessionLabel in project pwm by pwm-project.

the class PwmLogger method doPwmSessionLogEvent.

private void doPwmSessionLogEvent(final PwmLogLevel level, final PwmSession pwmSession, final Object message, final Throwable e) {
    final SessionLabel sessionLabel = pwmSession != null ? pwmSession.getLabel() : null;
    Object cleanedMessage = message;
    if (pwmSession != null && message != null) {
        try {
            cleanedMessage = PwmLogger.removeUserDataFromString(pwmSession.getLoginInfoBean(), message.toString());
        } catch (PwmUnrecoverableException e1) {
        /* can't be logged */
        }
    }
    doLogEvent(level, sessionLabel, cleanedMessage, e);
}
Also used : SessionLabel(password.pwm.bean.SessionLabel) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 4 with SessionLabel

use of password.pwm.bean.SessionLabel in project pwm by pwm-project.

the class RestServlet method service.

protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    final Instant startTime = Instant.now();
    RestResultBean restResultBean = RestResultBean.fromError(new ErrorInformation(PwmError.ERROR_APP_UNAVAILABLE), false);
    final PwmApplication pwmApplication;
    try {
        pwmApplication = ContextManager.getContextManager(req.getServletContext()).getPwmApplication();
    } catch (PwmUnrecoverableException e) {
        outputRestResultBean(restResultBean, req, resp);
        return;
    }
    final Locale locale;
    {
        final List<Locale> knownLocales = pwmApplication.getConfig().getKnownLocales();
        locale = LocaleHelper.localeResolver(req.getLocale(), knownLocales);
    }
    final SessionLabel sessionLabel;
    try {
        sessionLabel = new SessionLabel("rest-" + REQUEST_COUNTER.next(), null, null, RequestInitializationFilter.readUserIPAddress(req, pwmApplication.getConfig()), RequestInitializationFilter.readUserHostname(req, pwmApplication.getConfig()));
    } catch (PwmUnrecoverableException e) {
        restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
        outputRestResultBean(restResultBean, req, resp);
        return;
    }
    LOGGER.trace(sessionLabel, "beginning rest service invocation");
    if (pwmApplication.getApplicationMode() != PwmApplicationMode.RUNNING) {
        outputRestResultBean(restResultBean, req, resp);
        return;
    }
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.ENABLE_EXTERNAL_WEBSERVICES)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "webservices are not enabled");
        restResultBean = RestResultBean.fromError(errorInformation, pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
        outputRestResultBean(restResultBean, req, resp);
        return;
    }
    try {
        final RestAuthentication restAuthentication = new RestAuthenticationProcessor(pwmApplication, sessionLabel, req).readRestAuthentication();
        LOGGER.debug(sessionLabel, "rest request authentication status: " + JsonUtil.serialize(restAuthentication));
        final RestRequest restRequest = RestRequest.forRequest(pwmApplication, restAuthentication, sessionLabel, req);
        RequestInitializationFilter.addStaticResponseHeaders(pwmApplication, resp);
        preCheck(restRequest);
        preCheckRequest(restRequest);
        restResultBean = invokeWebService(restRequest);
    } catch (PwmUnrecoverableException e) {
        restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
    } catch (Throwable e) {
        final String errorMsg = "internal error during rest service invocation: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        restResultBean = RestResultBean.fromError(errorInformation, pwmApplication, locale, pwmApplication.getConfig(), pwmApplication.determineIfDetailErrorMsgShown());
        LOGGER.error(sessionLabel, errorInformation);
    }
    outputRestResultBean(restResultBean, req, resp);
    LOGGER.trace(sessionLabel, "completed rest invocation in " + TimeDuration.compactFromCurrent(startTime) + " success=" + !restResultBean.isError());
}
Also used : Locale(java.util.Locale) PwmApplication(password.pwm.PwmApplication) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ErrorInformation(password.pwm.error.ErrorInformation) SessionLabel(password.pwm.bean.SessionLabel) List(java.util.List)

Example 5 with SessionLabel

use of password.pwm.bean.SessionLabel in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}
Also used : Locale(java.util.Locale) ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

SessionLabel (password.pwm.bean.SessionLabel)5 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)4 ErrorInformation (password.pwm.error.ErrorInformation)3 ChaiUser (com.novell.ldapchai.ChaiUser)2 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)2 List (java.util.List)2 Locale (java.util.Locale)2 PwmApplication (password.pwm.PwmApplication)2 UserIdentity (password.pwm.bean.UserIdentity)2 ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)2 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)1 ResponseSet (com.novell.ldapchai.cr.ResponseSet)1 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)1 Instant (java.time.Instant)1 ArrayList (java.util.ArrayList)1 LocalSessionStateBean (password.pwm.bean.LocalSessionStateBean)1 LoginInfoBean (password.pwm.bean.LoginInfoBean)1 HelpdeskClearResponseMode (password.pwm.config.option.HelpdeskClearResponseMode)1 IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)1