Example 71 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class FormUtility method validateFormValueUniqueness.
@SuppressWarnings("checkstyle:MethodLength")
public static void validateFormValueUniqueness(final PwmApplication pwmApplication, final Map<FormConfiguration, String> formValues, final Locale locale, final Collection<UserIdentity> excludeDN, final ValidationFlag... validationFlags) throws PwmDataValidationException, PwmUnrecoverableException {
final boolean allowResultCaching = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.allowResultCaching);
final boolean checkReadOnlyAndHidden = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.checkReadOnlyAndHidden);
final Map<String, String> filterClauses = new HashMap<>();
final Map<String, String> labelMap = new HashMap<>();
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
if (formItem.isUnique()) {
if (checkReadOnlyAndHidden || formItem.isReadonly()) {
if (checkReadOnlyAndHidden || (formItem.getType() != FormConfiguration.Type.hidden)) {
final String value = entry.getValue();
if (value != null && value.length() > 0) {
filterClauses.put(formItem.getName(), value);
labelMap.put(formItem.getName(), formItem.getLabel(locale));
}
}
}
}
}
if (filterClauses.isEmpty()) {
// nothing to search
return;
}
final StringBuilder filter = new StringBuilder();
{
// outer;
filter.append("(&");
// object classes;
filter.append("(|");
for (final String objectClass : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filter.append("(objectClass=").append(objectClass).append(")");
}
filter.append(")");
// attributes
filter.append("(|");
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
filter.append("(").append(name).append("=").append(StringUtil.escapeLdapFilter(value)).append(")");
}
filter.append(")");
filter.append(")");
}
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = CacheKey.makeCacheKey(Validator.class, null, "attr_unique_check_" + filter.toString());
if (allowResultCaching && cacheService != null) {
final String cacheValue = cacheService.get(cacheKey);
if (cacheValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cacheValue)) {
return;
} else {
final ErrorInformation errorInformation = JsonUtil.deserialize(cacheValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilterAnd(filterClauses);
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(filter.toString()).build();
final int resultSearchSizeLimit = 1 + (excludeDN == null ? 0 : excludeDN.size());
final long cacheLifetimeMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CACHE_FORM_UNIQUE_VALUE_LIFETIME_MS));
final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new LinkedHashMap<>(userSearchEngine.performMultiUserSearch(searchConfiguration, resultSearchSizeLimit, Collections.emptyList(), SessionLabel.SYSTEM_LABEL));
if (excludeDN != null && !excludeDN.isEmpty()) {
for (final UserIdentity loopIgnoreIdentity : excludeDN) {
results.keySet().removeIf(loopIgnoreIdentity::equals);
}
}
if (!results.isEmpty()) {
final UserIdentity userIdentity = results.keySet().iterator().next();
if (labelMap.size() == 1) {
// since only one value searched, it must be that one value
final String attributeName = labelMap.values().iterator().next();
LOGGER.trace("found duplicate value for attribute '" + attributeName + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { attributeName });
throw new PwmDataValidationException(error);
}
// do a compare on a user values to find one that matches.
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
final boolean compareResult;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
compareResult = theUser.compareStringAttribute(name, value);
} catch (ChaiOperationException | ChaiUnavailableException e) {
final PwmError error = PwmError.forChaiError(e.getErrorCode());
throw new PwmUnrecoverableException(error.toInfo());
}
if (compareResult) {
final String label = labelMap.get(name);
LOGGER.trace("found duplicate value for attribute '" + label + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { label });
throw new PwmDataValidationException(error);
}
}
// user didn't match on the compare.. shouldn't read here but just in case
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null);
throw new PwmDataValidationException(error);
}
} catch (PwmOperationalException e) {
if (cacheService != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
throw new PwmDataValidationException(e.getErrorInformation());
}
if (allowResultCaching && cacheService != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
LinkedHashMap(java.util.LinkedHashMap)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
CacheKey(password.pwm.svc.cache.CacheKey)
CacheService(password.pwm.svc.cache.CacheService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
SearchConfiguration(password.pwm.ldap.search.SearchConfiguration)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
CachePolicy(password.pwm.svc.cache.CachePolicy)
ChaiUser(com.novell.ldapchai.ChaiUser)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 72 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class LdapTokenMachine method retrieveToken.
public TokenPayload retrieveToken(final TokenKey tokenKey) throws PwmOperationalException, PwmUnrecoverableException {
final String searchFilter;
{
final String storedHash = tokenKey.getStoredHash();
final SearchHelper tempSearchHelper = new SearchHelper();
final Map<String, String> filterAttributes = new HashMap<>();
for (final String loopStr : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filterAttributes.put("objectClass", loopStr);
}
filterAttributes.put(tokenAttribute, storedHash + "*");
tempSearchHelper.setFilterAnd(filterAttributes);
searchFilter = tempSearchHelper.getFilter();
}
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).build();
final UserIdentity user = userSearchEngine.performSingleUserSearch(searchConfiguration, null);
if (user == null) {
return null;
}
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, null, user, null);
final String tokenAttributeValue = userInfo.readStringAttribute(tokenAttribute);
if (tokenAttribute != null && tokenAttributeValue.length() > 0) {
final String[] splitString = tokenAttributeValue.split(KEY_VALUE_DELIMITER);
if (splitString.length != 2) {
final String errorMsg = "error parsing ldap stored token, not enough delimited values";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
throw new PwmOperationalException(errorInformation);
}
return tokenService.fromEncryptedString(splitString[1]);
}
} catch (PwmOperationalException e) {
if (e.getError() == PwmError.ERROR_CANT_MATCH_USER) {
return null;
}
throw e;
} catch (PwmUnrecoverableException e) {
final String errorMsg = "unexpected ldap error searching for token: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
throw new PwmOperationalException(errorInformation);
}
return null;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
UserIdentity(password.pwm.bean.UserIdentity)
SearchConfiguration(password.pwm.ldap.search.SearchConfiguration)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
HashMap(java.util.HashMap)
Map(java.util.Map)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 73 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class LdapTokenMachine method removeToken.
public void removeToken(final TokenKey tokenKey) throws PwmOperationalException, PwmUnrecoverableException {
final TokenPayload payload = retrieveToken(tokenKey);
if (payload != null) {
final UserIdentity userIdentity = payload.getUserIdentity();
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userIdentity);
chaiUser.deleteAttribute(tokenAttribute, null);
} catch (ChaiException e) {
final String errorMsg = "unexpected ldap error removing token: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
ChaiException(com.novell.ldapchai.exception.ChaiException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 74 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class ResponseStatsCommand method doCommand.
@Override
void doCommand() throws Exception {
final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
out("searching for users");
final List<UserIdentity> userIdentities = readAllUsersFromLdap(pwmApplication);
out("found " + userIdentities.size() + " users, reading....");
final ResponseStats responseStats = makeStatistics(pwmApplication, userIdentities);
final File outputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_NEW_OUTPUT_FILE.getName());
final long startTime = System.currentTimeMillis();
out("beginning output to " + outputFile.getAbsolutePath());
try (FileOutputStream fileOutputStream = new FileOutputStream(outputFile, true)) {
fileOutputStream.write(JsonUtil.serialize(responseStats, JsonUtil.Flag.PrettyPrint).getBytes(PwmConstants.DEFAULT_CHARSET));
}
out("completed writing stats output in " + TimeDuration.fromCurrent(startTime).asLongString());
}
Also used :
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Example 75 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class ImportResponsesCommand method doCommand.
@Override
void doCommand() throws Exception {
final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
try (BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()))) {
out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
int counter = 0;
String line;
final long startTime = System.currentTimeMillis();
while ((line = reader.readLine()) != null) {
counter++;
final RestChallengesServer.JsonChallengesData inputData;
inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
if (user.exists()) {
out("writing responses to user '" + user.getEntryDN() + "'");
try {
final ChallengeProfile challengeProfile = pwmApplication.getCrService().readUserChallengeProfile(null, userIdentity, user, PwmPasswordPolicy.defaultPolicy(), PwmConstants.DEFAULT_LOCALE);
final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
final ResponseInfoBean responseInfoBean = inputData.toResponseInfoBean(PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
pwmApplication.getCrService().writeResponses(userIdentity, user, userGuid, responseInfoBean);
} catch (Exception e) {
out("error writing responses to user '" + user.getEntryDN() + "', error: " + e.getMessage());
return;
}
} else {
out("user '" + user.getEntryDN() + "' is not a valid userDN");
return;
}
}
out("output complete, " + counter + " responses imported in " + TimeDuration.fromCurrent(startTime).asCompactString());
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
InputStreamReader(java.io.InputStreamReader)
UserIdentity(password.pwm.bean.UserIdentity)
ChallengeProfile(password.pwm.config.profile.ChallengeProfile)
ResponseInfoBean(password.pwm.bean.ResponseInfoBean)
FileInputStream(java.io.FileInputStream)
ChaiUser(com.novell.ldapchai.ChaiUser)
BufferedReader(java.io.BufferedReader)
RestChallengesServer(password.pwm.ws.server.rest.RestChallengesServer)
File(java.io.File)
Aggregations
UserIdentity (password.pwm.bean.UserIdentity)101
ErrorInformation (password.pwm.error.ErrorInformation)62
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48
PwmOperationalException (password.pwm.error.PwmOperationalException)45
ChaiUser (com.novell.ldapchai.ChaiUser)30
PwmApplication (password.pwm.PwmApplication)27
Map (java.util.Map)21
PwmSession (password.pwm.http.PwmSession)20
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19
PwmException (password.pwm.error.PwmException)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
LinkedHashMap (java.util.LinkedHashMap)17
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16
Instant (java.time.Instant)16
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16
ArrayList (java.util.ArrayList)15
UserInfo (password.pwm.ldap.UserInfo)15
RestResultBean (password.pwm.ws.server.RestResultBean)15
