Examples with UserIdentity password.pwm.bean.UserIdentity used on opensource projects

Search in sources :

Example 1 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class LDAPStatusChecker method doLdapTestUserCheck.

@SuppressWarnings("checkstyle:MethodLength")
public List<HealthRecord> doLdapTestUserCheck(final Configuration config, final LdapProfile ldapProfile, final PwmApplication pwmApplication) {
    String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
    String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
    final PasswordData proxyUserPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
    final List<HealthRecord> returnRecords = new ArrayList<>();
    if (testUserDN == null || testUserDN.length() < 1) {
        return returnRecords;
    }
    try {
        testUserDN = ldapProfile.readCanonicalDN(pwmApplication, testUserDN);
        proxyUserDN = ldapProfile.readCanonicalDN(pwmApplication, proxyUserDN);
    } catch (PwmUnrecoverableException e) {
        final String msgString = e.getMessage();
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
        return returnRecords;
    }
    if (proxyUserDN.equalsIgnoreCase(testUserDN)) {
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_ProxyTestSameUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_PROXY_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE)));
        return returnRecords;
    }
    ChaiUser theUser = null;
    ChaiProvider chaiProvider = null;
    try {
        try {
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyUserDN, proxyUserPW);
            theUser = chaiProvider.getEntryFactory().newChaiUser(testUserDN);
        } catch (ChaiUnavailableException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnavailable, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        } catch (Throwable e) {
            final String msgString = e.getMessage();
            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
            return returnRecords;
        }
        try {
            theUser.readObjectClass();
        } catch (ChaiException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        }
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
        try {
            final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD) && theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY;
            if (readPwdEnabled) {
                try {
                    theUser.readPassword();
                } catch (Exception e) {
                    LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
                    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError, PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                    return returnRecords;
                }
            } else {
                final Locale locale = PwmConstants.DEFAULT_LOCALE;
                final UserIdentity userIdentity = new UserIdentity(testUserDN, ldapProfile.getIdentifier());
                final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, theUser, locale);
                boolean doPasswordChange = true;
                final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
                if (minLifetimeSeconds > 0) {
                    final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, userIdentity);
                    final PasswordStatus passwordStatus;
                    {
                        final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, locale, userIdentity, chaiProvider);
                        passwordStatus = userInfo.getPasswordStatus();
                    }
                    {
                        final boolean withinMinLifetime = PasswordUtility.isPasswordWithinMinimumLifetimeImpl(theUser, SessionLabel.HEALTH_SESSION_LABEL, passwordPolicy, pwdLastModified, passwordStatus);
                        if (withinMinLifetime) {
                            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime");
                            doPasswordChange = false;
                        }
                    }
                }
                if (doPasswordChange) {
                    final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
                    try {
                        theUser.setPassword(newPassword.getStringValue());
                        LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
                    } catch (ChaiException e) {
                        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                        return returnRecords;
                    }
                }
            }
        } catch (Exception e) {
            final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msg));
            return returnRecords;
        }
        try {
            final UserIdentity userIdentity = new UserIdentity(theUser.getEntryDN(), ldapProfile.getIdentifier());
            final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, PwmConstants.DEFAULT_LOCALE, userIdentity, chaiProvider);
            userInfo.getPasswordStatus();
            userInfo.getAccountExpirationTime();
            userInfo.getResponseInfoBean();
            userInfo.getPasswordPolicy();
            userInfo.getChallengeProfile();
            userInfo.getProfileIDs();
            userInfo.getOtpUserRecord();
            userInfo.getUserGuid();
            userInfo.getUsername();
            userInfo.getUserEmailAddress();
            userInfo.getUserSmsNumber();
        } catch (PwmUnrecoverableException e) {
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), "unable to read test user data: " + e.getMessage()));
            return returnRecords;
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            // ignore
            }
        }
    }
    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserOK, ldapProfile.getDisplayName(PwmConstants.DEFAULT_LOCALE)));
    return returnRecords;
}
Also used : Locale(java.util.Locale) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) Instant(java.time.Instant) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PasswordStatus(password.pwm.bean.PasswordStatus) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 2 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class SessionManager method getActor.

public ChaiUser getActor(final PwmApplication pwmApplication, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    try {
        if (!pwmSession.isAuthenticated()) {
            throw new PwmUnrecoverableException(PwmError.ERROR_AUTHENTICATION_REQUIRED);
        }
        final UserIdentity thisIdentity = pwmSession.getUserInfo().getUserIdentity();
        if (thisIdentity.getLdapProfileID() == null || userIdentity.getLdapProfileID() == null) {
            throw new PwmUnrecoverableException(PwmError.ERROR_NO_LDAP_CONNECTION);
        }
        final ChaiProvider provider = this.getChaiProvider();
        return provider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 3 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class PwmSession method getLabel.

public SessionLabel getLabel() {
    final LocalSessionStateBean ssBean = this.getSessionStateBean();
    String userID = null;
    try {
        userID = isAuthenticated() ? this.getUserInfo().getUsername() : null;
    } catch (PwmUnrecoverableException e) {
        LOGGER.error("unexpected error reading username: " + e.getMessage(), e);
    }
    final UserIdentity userIdentity = isAuthenticated() ? this.getUserInfo().getUserIdentity() : null;
    return new SessionLabel(ssBean.getSessionID(), userIdentity, userID, ssBean.getSrcAddress(), ssBean.getSrcAddress());
}
Also used : SessionLabel(password.pwm.bean.SessionLabel) UserIdentity(password.pwm.bean.UserIdentity) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 4 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class LdapOperationsHelper method readAllUsersFromLdap.

public static Iterator<UserIdentity> readAllUsersFromLdap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final String searchFilter, final int maxResults) throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException, PwmOperationalException {
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    final SearchConfiguration searchConfiguration;
    {
        final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
        builder.enableValueEscaping(false);
        builder.searchTimeout(Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT)));
        if (searchFilter == null) {
            builder.username("*");
        } else {
            builder.filter(searchFilter);
        }
        searchConfiguration = builder.build();
    }
    LOGGER.debug(sessionLabel, "beginning user search using parameters: " + (JsonUtil.serialize(searchConfiguration)));
    final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(searchConfiguration, maxResults, Collections.emptyList(), sessionLabel);
    LOGGER.debug(sessionLabel, "user search found " + searchResults.size() + " users");
    final Queue<UserIdentity> tempQueue = new LinkedList<>(searchResults.keySet());
    return new Iterator<UserIdentity>() {

        @Override
        public boolean hasNext() {
            return tempQueue.peek() != null;
        }

        @Override
        public UserIdentity next() {
            return tempQueue.poll();
        }
    };
}
Also used : UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) Iterator(java.util.Iterator) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) Map(java.util.Map) HashMap(java.util.HashMap) LinkedList(java.util.LinkedList)

Example 5 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class SessionAuthenticator method authUserWithUnknownPassword.

public void authUserWithUnknownPassword(final String username, final AuthenticationType requestedAuthType) throws ImpossiblePasswordPolicyException, PwmUnrecoverableException, PwmOperationalException {
    pwmApplication.getIntruderManager().check(RecordType.USERNAME, username);
    UserIdentity userIdentity = null;
    try {
        final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
        userIdentity = userSearchEngine.resolveUsername(username, null, null, sessionLabel);
        final AuthenticationRequest authEngine = LDAPAuthenticationRequest.createLDAPAuthenticationRequest(pwmApplication, sessionLabel, userIdentity, requestedAuthType, authenticationSource);
        final AuthenticationResult authResult = authEngine.authUsingUnknownPw();
        postAuthenticationSequence(userIdentity, authResult);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    } catch (PwmOperationalException e) {
        postFailureSequence(e, username, userIdentity);
        throw e;
    }
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

UserIdentity (password.pwm.bean.UserIdentity)101 ErrorInformation (password.pwm.error.ErrorInformation)62 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48 PwmOperationalException (password.pwm.error.PwmOperationalException)45 ChaiUser (com.novell.ldapchai.ChaiUser)30 PwmApplication (password.pwm.PwmApplication)27 Map (java.util.Map)21 PwmSession (password.pwm.http.PwmSession)20 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19 PwmException (password.pwm.error.PwmException)18 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 LinkedHashMap (java.util.LinkedHashMap)17 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16 Instant (java.time.Instant)16 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 ArrayList (java.util.ArrayList)15 UserInfo (password.pwm.ldap.UserInfo)15 RestResultBean (password.pwm.ws.server.RestResultBean)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial