Examples with UserIdentity password.pwm.bean.UserIdentity used on opensource projects

Example 56 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class CryptoCookieLoginImpl method importRemoteCookie.

private static void importRemoteCookie(final PwmRequest pwmRequest, final LoginInfoBean remoteLoginCookie) throws PwmUnrecoverableException {
    if (remoteLoginCookie == null) {
        return;
    }
    final LoginInfoBean localLoginCookie = pwmRequest.getPwmSession().getLoginInfoBean();
    if (remoteLoginCookie.isAuthenticated()) {
        if (localLoginCookie.isAuthenticated()) {
            // should never get here unless one of container session and app session key are swapped between users.
            final UserIdentity remoteIdentity = remoteLoginCookie.getUserIdentity();
            final UserIdentity localIdentity = localLoginCookie.getUserIdentity();
            if (remoteIdentity != null && localIdentity != null && !remoteIdentity.equals(localIdentity)) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_BAD_SESSION, "remote and local session identities differ"));
            }
        } else {
            LOGGER.debug(pwmRequest, "triggering authentication because request contains an authenticated session but local session is unauthenticated");
            final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), remoteLoginCookie.getAuthSource());
            try {
                if (remoteLoginCookie.getUserIdentity() == null) {
                    sessionAuthenticator.authUserWithUnknownPassword(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getType());
                } else {
                    sessionAuthenticator.authenticateUser(remoteLoginCookie.getUserIdentity(), remoteLoginCookie.getUserCurrentPassword());
                }
                remoteLoginCookie.getAuthFlags().add(AuthenticationType.AUTH_FROM_REQ_COOKIE);
                LOGGER.debug(pwmRequest, "logged in using encrypted request cookie = " + JsonUtil.serialize(remoteLoginCookie));
            } catch (Exception e) {
                final String errorMsg = "unexpected error reading session cookie: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                LOGGER.error(pwmRequest, errorInformation);
                throw new PwmUnrecoverableException(errorInformation);
            }
        }
    }
    if (pwmRequest.getConfig().isDevDebugMode()) {
        LOGGER.trace(pwmRequest, "imported LoginInfoBean=" + remoteLoginCookie.toDebugString());
    }
    pwmRequest.getPwmSession().setLoginInfoBean(remoteLoginCookie);
}

Example 57 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class PeopleSearchDataReader method makeUserDetailRequest.

UserDetailBean makeUserDetailRequest(final String userKey) throws PwmUnrecoverableException, PwmOperationalException, ChaiUnavailableException {
    final Instant startTime = Instant.now();
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    final CacheKey cacheKey = makeCacheKey(UserDetailBean.class.getSimpleName(), userIdentity.toDelimitedKey());
    {
        final String cachedOutput = pwmRequest.getPwmApplication().getCacheService().get(cacheKey);
        if (cachedOutput != null) {
            StatisticsManager.incrementStat(pwmRequest, Statistic.PEOPLESEARCH_CACHE_HITS);
            return JsonUtil.deserialize(cachedOutput, UserDetailBean.class);
        } else {
            StatisticsManager.incrementStat(pwmRequest, Statistic.PEOPLESEARCH_CACHE_MISSES);
        }
    }
    try {
        checkIfUserIdentityViewable(userIdentity);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmRequest.getPwmSession(), "error during detail results request while checking if requested userIdentity is within search scope: " + e.getMessage());
        throw e;
    }
    final UserSearchResults detailResults = doDetailLookup(userIdentity);
    final Map<String, String> searchResults = detailResults.getResults().get(userIdentity);
    final UserDetailBean userDetailBean = new UserDetailBean();
    userDetailBean.setUserKey(userKey);
    final List<FormConfiguration> detailFormConfig = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PEOPLE_SEARCH_DETAIL_FORM);
    final Map<String, AttributeDetailBean> attributeBeans = convertResultMapToBeans(pwmRequest, userIdentity, detailFormConfig, searchResults);
    userDetailBean.setDetail(attributeBeans);
    final String photoURL = figurePhotoURL(pwmRequest, userIdentity);
    if (photoURL != null) {
        userDetailBean.setPhotoURL(photoURL);
    }
    final List<String> displayName = figureDisplaynames(pwmRequest, userIdentity);
    if (displayName != null) {
        userDetailBean.setDisplayNames(displayName);
    }
    userDetailBean.setLinks(makeUserDetailLinks(userIdentity));
    LOGGER.trace(pwmRequest.getPwmSession(), "finished building userDetail result in " + TimeDuration.fromCurrent(startTime).asCompactString());
    storeDataInCache(pwmRequest.getPwmApplication(), cacheKey, userDetailBean);
    return userDetailBean;
}

Example 58 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class PeopleSearchServlet method processUserPhotoImageRequest.

@ActionHandler(action = "photo")
private ProcessStatus processUserPhotoImageRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final String userKey = pwmRequest.readParameterAsString(PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PARAM_USERKEY + " parameter is missing");
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final PeopleSearchDataReader peopleSearchDataReader = new PeopleSearchDataReader(pwmRequest);
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    try {
        peopleSearchDataReader.checkIfUserIdentityViewable(userIdentity);
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "error during photo request while checking if requested userIdentity is within search scope: " + e.getMessage());
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    LOGGER.debug(pwmRequest, "received user photo request to view user " + userIdentity.toString());
    final PhotoDataBean photoData;
    try {
        photoData = peopleSearchDataReader.readPhotoDataFromLdap(userIdentity);
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInformation = e.getErrorInformation();
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    addExpiresHeadersToResponse(pwmRequest);
    try (OutputStream outputStream = pwmRequest.getPwmResponse().getOutputStream()) {
        final HttpServletResponse resp = pwmRequest.getPwmResponse().getHttpServletResponse();
        resp.setContentType(photoData.getMimeType());
        outputStream.write(photoData.getContents());
    }
    return ProcessStatus.Halt;
}

Example 59 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class UserSearchEngine method performMultiUserSearchFromForm.

public UserSearchResults performMultiUserSearchFromForm(final Locale locale, final SearchConfiguration searchConfiguration, final int maxResults, final List<FormConfiguration> formItem, final SessionLabel sessionLabel) throws PwmUnrecoverableException, PwmOperationalException {
    final Map<String, String> attributeHeaderMap = UserSearchResults.fromFormConfiguration(formItem, locale);
    final Map<UserIdentity, Map<String, String>> searchResults = performMultiUserSearch(searchConfiguration, maxResults + 1, attributeHeaderMap.keySet(), sessionLabel);
    final boolean resultsExceeded = searchResults.size() > maxResults;
    final Map<UserIdentity, Map<String, String>> returnData = new LinkedHashMap<>();
    for (final Map.Entry<UserIdentity, Map<String, String>> entry : searchResults.entrySet()) {
        final UserIdentity loopUser = entry.getKey();
        returnData.put(loopUser, entry.getValue());
        if (returnData.size() >= maxResults) {
            break;
        }
    }
    return new UserSearchResults(attributeHeaderMap, returnData, resultsExceeded);
}

Example 60 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class UserSearchEngine method executeSearchJobs.

private Map<UserIdentity, Map<String, String>> executeSearchJobs(final Collection<UserSearchJob> userSearchJobs, final SessionLabel sessionLabel, final int searchID) throws PwmUnrecoverableException {
    // create jobs
    final List<JobInfo> jobs = new ArrayList<>();
    {
        int jobID = 0;
        for (UserSearchJob userSearchJob : userSearchJobs) {
            final int loopJobID = jobID++;
            final FutureTask<Map<UserIdentity, Map<String, String>>> futureTask = new FutureTask<>(() -> executeSearch(userSearchJob, sessionLabel, searchID, loopJobID));
            final JobInfo jobInfo = new JobInfo(searchID, loopJobID, userSearchJob, futureTask);
            jobs.add(jobInfo);
        }
    }
    final Instant startTime = Instant.now();
    {
        final String filterText = jobs.isEmpty() ? "" : ", filter: " + jobs.iterator().next().getUserSearchJob().getSearchFilter();
        log(PwmLogLevel.DEBUG, sessionLabel, searchID, -1, "beginning user search process with " + jobs.size() + " search jobs" + filterText);
    }
    // execute jobs
    for (Iterator<JobInfo> iterator = jobs.iterator(); iterator.hasNext(); ) {
        final JobInfo jobInfo = iterator.next();
        boolean submittedToExecutor = false;
        // use current thread to execute one (the last in the loop) task.
        if (executor != null && iterator.hasNext()) {
            try {
                executor.submit(jobInfo.getFutureTask());
                submittedToExecutor = true;
                backgroundJobCounter.incrementAndGet();
            } catch (RejectedExecutionException e) {
                // executor is full, so revert to running locally
                rejectionJobCounter.incrementAndGet();
            }
        }
        if (!submittedToExecutor) {
            try {
                jobInfo.getFutureTask().run();
                foregroundJobCounter.incrementAndGet();
            } catch (Throwable t) {
                log(PwmLogLevel.ERROR, sessionLabel, searchID, jobInfo.getJobID(), "unexpected error running job in local thread: " + t.getMessage());
            }
        }
    }
    // aggregate results
    final Map<UserIdentity, Map<String, String>> results = new LinkedHashMap<>();
    for (final JobInfo jobInfo : jobs) {
        if (results.size() > jobInfo.getUserSearchJob().getMaxResults()) {
            final FutureTask futureTask = jobInfo.getFutureTask();
            if (!futureTask.isDone()) {
                canceledJobCounter.incrementAndGet();
            }
            jobInfo.getFutureTask().cancel(false);
        } else {
            final long maxWaitTime = jobInfo.getUserSearchJob().getTimeoutMs() * 3;
            try {
                results.putAll(jobInfo.getFutureTask().get(maxWaitTime, TimeUnit.MILLISECONDS));
            } catch (InterruptedException e) {
                final String errorMsg = "unexpected interruption during search job execution: " + e.getMessage();
                log(PwmLogLevel.WARN, sessionLabel, searchID, jobInfo.getJobID(), errorMsg);
                LOGGER.error(sessionLabel, errorMsg, e);
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
            } catch (ExecutionException e) {
                final Throwable t = e.getCause();
                final ErrorInformation errorInformation;
                final String errorMsg = "unexpected error during ldap search (" + "profile=" + jobInfo.getUserSearchJob().getLdapProfile().getIdentifier() + ")" + ", error: " + (t instanceof PwmException ? t.getMessage() : JavaHelper.readHostileExceptionMessage(t));
                if (t instanceof PwmException) {
                    errorInformation = new ErrorInformation(((PwmException) t).getError(), errorMsg);
                } else {
                    errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                }
                log(PwmLogLevel.WARN, sessionLabel, searchID, jobInfo.getJobID(), "error during user search: " + errorInformation.toDebugStr());
                throw new PwmUnrecoverableException(errorInformation);
            } catch (TimeoutException e) {
                final String errorMsg = "background search job timeout after " + jobInfo.getUserSearchJob().getTimeoutMs() + "ms, to ldapProfile '" + jobInfo.getUserSearchJob().getLdapProfile() + "'";
                log(PwmLogLevel.WARN, sessionLabel, searchID, jobInfo.getJobID(), "error during user search: " + errorMsg);
                jobTimeoutCounter.incrementAndGet();
            }
        }
    }
    log(PwmLogLevel.DEBUG, sessionLabel, searchID, -1, "completed user search process in " + TimeDuration.fromCurrent(startTime).asCompactString() + ", intermediate result size=" + results.size());
    return Collections.unmodifiableMap(results);
}