Examples with UserIdentity password.pwm.bean.UserIdentity used on opensource projects

Example 76 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class PasswordUtility method setPassword.

public static void setPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final ChaiProvider chaiProvider, final UserInfo userInfo, final PasswordData oldPassword, final PasswordData newPassword) throws PwmUnrecoverableException, PwmOperationalException {
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    final Instant startTime = Instant.now();
    final boolean bindIsSelf;
    final String bindDN;
    try {
        final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
        final Locale locale = PwmConstants.DEFAULT_LOCALE;
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, theUser, locale);
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
        pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, theUser);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    } catch (PwmException e) {
        throw new PwmUnrecoverableException(e.getErrorInformation());
    }
    try {
        final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
        bindDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
        bindIsSelf = userIdentity.canonicalEquals(new UserIdentity(bindDN, userIdentity.getLdapProfileID()), pwmApplication);
        LOGGER.trace(sessionLabel, "preparing to setActorPassword for '" + theUser.getEntryDN() + "', using bind DN: " + bindDN);
        final boolean settingEnableChange = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE));
        if (settingEnableChange) {
            if (oldPassword == null) {
                theUser.setPassword(newPassword.getStringValue(), true);
            } else {
                theUser.changePassword(oldPassword.getStringValue(), newPassword.getStringValue());
            }
        } else {
            LOGGER.debug(sessionLabel, "skipping actual ldap password change operation due to app property " + AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE.getKey() + "=false");
        }
    } catch (ChaiPasswordPolicyException e) {
        final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
        final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError, errorMsg);
        throw new PwmOperationalException(error);
    } catch (ChaiOperationException e) {
        final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.getMessage();
        final PwmError pwmError = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(pwmError, errorMsg);
        throw new PwmOperationalException(error);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    // add the old password to the global history list (if the old password is known)
    if (oldPassword != null && pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PASSWORD_SHAREDHISTORY_ENABLE)) {
        pwmApplication.getSharedHistoryManager().addWord(sessionLabel, oldPassword.getStringValue());
    }
    // update stats
    pwmApplication.getStatisticsManager().updateEps(EpsStatistic.PASSWORD_CHANGES, 1);
    final int passwordStrength = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), newPassword.getStringValue());
    pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_STRENGTH, passwordStrength);
    // at this point the password has been changed, so log it.
    final String msg = (bindIsSelf ? "user " + userIdentity.toDisplayString() + " has changed own password" : "password for user '" + userIdentity.toDisplayString() + "' has been changed by " + bindDN) + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
    LOGGER.info(sessionLabel, msg);
}

Example 77 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class RestAuthenticationProcessor method readRestAuthentication.

public RestAuthentication readRestAuthentication() throws PwmUnrecoverableException {
    {
        // named secret auth
        final String namedSecretName = readNamedSecretName();
        if (namedSecretName != null) {
            LOGGER.trace(sessionLabel, "authenticating with named secret '" + namedSecretName + "'");
            final Set<WebServiceUsage> usages = new HashSet<>(JavaHelper.readEnumListFromStringCollection(WebServiceUsage.class, pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET).get(namedSecretName).getUsage()));
            return new RestAuthentication(RestAuthenticationType.NAMED_SECRET, namedSecretName, null, Collections.unmodifiableSet(usages), true, null);
        }
    }
    {
        // ldap auth
        final UserIdentity userIdentity = readLdapUserIdentity();
        if (userIdentity != null) {
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_QUERY_MATCH);
                final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
                if (!result) {
                    final String errorMsg = "user does not have webservice permission due to setting " + PwmSetting.WEBSERVICES_QUERY_MATCH.toMenuLocationDebug(null, httpServletRequest.getLocale());
                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg));
                }
            }
            final boolean thirdParty;
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_THIRDPARTY_QUERY_MATCH);
                thirdParty = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
            }
            final ChaiProvider chaiProvider = authenticateUser(userIdentity);
            verifyAuthUserIsNotSystemUser(userIdentity);
            return new RestAuthentication(RestAuthenticationType.LDAP, null, userIdentity, Collections.unmodifiableSet(new HashSet<>(Arrays.asList(WebServiceUsage.values()))), thirdParty, chaiProvider);
        }
    }
    final Set<WebServiceUsage> publicUsages;
    if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES)) {
        final WebServiceUsage[] usages = { WebServiceUsage.Health, WebServiceUsage.Statistics };
        publicUsages = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(usages)));
    } else {
        publicUsages = Collections.emptySet();
    }
    return new RestAuthentication(RestAuthenticationType.PUBLIC, null, null, publicUsages, false, null);
}

Example 78 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class StoredConfigurationImpl method readSettingMetadata.

public ValueMetaData readSettingMetadata(final PwmSetting setting, final String profileID) {
    final XPathExpression xp = XPathBuilder.xpathForSetting(setting, profileID);
    final Element settingElement = (Element) xp.evaluateFirst(document);
    if (settingElement == null) {
        return null;
    }
    Instant modifyDate = null;
    try {
        if (settingElement.getAttributeValue(XML_ATTRIBUTE_MODIFY_TIME) != null) {
            modifyDate = JavaHelper.parseIsoToInstant(settingElement.getAttributeValue(XML_ATTRIBUTE_MODIFY_TIME));
        }
    } catch (Exception e) {
        LOGGER.error("can't read modifyDate for setting " + setting.getKey() + ", profile " + profileID + ", error: " + e.getMessage());
    }
    UserIdentity userIdentity = null;
    try {
        if (settingElement.getAttributeValue(XML_ATTRIBUTE_MODIFY_USER) != null) {
            userIdentity = UserIdentity.fromDelimitedKey(settingElement.getAttributeValue(XML_ATTRIBUTE_MODIFY_USER));
        }
    } catch (Exception e) {
        LOGGER.error("can't read userIdentity for setting " + setting.getKey() + ", profile " + profileID + ", error: " + e.getMessage());
    }
    return new ValueMetaData(modifyDate, userIdentity);
}

Example 79 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class AbstractUriCertImportFunction method provideFunction.

@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final List<X509Certificate> certs;
    final String urlString = getUri(storedConfiguration, setting, profile, extraData);
    try {
        certs = X509Utils.readRemoteCertificates(URI.create(urlString));
    } catch (Exception e) {
        if (e instanceof PwmException) {
            throw new PwmOperationalException(((PwmException) e).getErrorInformation());
        }
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, "error importing certificates: " + e.getMessage());
        throw new PwmOperationalException(errorInformation);
    }
    final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
    store(certs, storedConfiguration, setting, profile, extraData, userIdentity);
    final StringBuffer returnStr = new StringBuffer();
    for (final X509Certificate loopCert : certs) {
        returnStr.append(X509Utils.makeDebugText(loopCert));
        returnStr.append("\n\n");
    }
    return returnStr.toString();
}

Example 80 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class UserMatchViewerFunction method provideFunction.

@Override
public Serializable provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws Exception {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Date startSearchTime = new Date();
    final int maxResultSize = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_EDITOR_QUERY_FILTER_TEST_LIMIT));
    final Collection<UserIdentity> users = discoverMatchingUsers(pwmApplication, maxResultSize, storedConfiguration, setting, profile);
    final TimeDuration searchDuration = TimeDuration.fromCurrent(startSearchTime);
    final UserMatchViewerResults userMatchViewerResults = new UserMatchViewerResults();
    final boolean sizeExceeded = users.size() >= maxResultSize;
    userMatchViewerResults.setUsers(users);
    userMatchViewerResults.setSearchOperationSummary(LocaleHelper.getLocalizedMessage(Display.Display_SearchResultsInfo, pwmRequest, String.valueOf(users.size()), searchDuration.asLongString(pwmRequest.getLocale())));
    userMatchViewerResults.setSizeExceeded(sizeExceeded);
    return userMatchViewerResults;
}