Examples with UserIdentity password.pwm.bean.UserIdentity used on opensource projects

Example 81 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class SetupOtpServlet method initializeBean.

private void initializeBean(final PwmRequest pwmRequest, final SetupOtpBean otpBean) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    // has pre-existing, nothing to do.
    if (otpBean.isHasPreExistingOtp()) {
        return;
    }
    final OtpService service = pwmApplication.getOtpService();
    final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
    // first time here
    if (otpBean.getOtpUserRecord() == null) {
        final OTPUserRecord existingUserRecord;
        try {
            existingUserRecord = service.readOTPUserConfiguration(pwmRequest.getSessionLabel(), theUser);
        } catch (ChaiUnavailableException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (existingUserRecord != null) {
            otpBean.setHasPreExistingOtp(true);
            LOGGER.trace(pwmSession, "user has existing otp record");
            return;
        }
    }
    // make a new user record.
    if (otpBean.getOtpUserRecord() == null) {
        try {
            final Configuration config = pwmApplication.getConfig();
            final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
            final String identifierConfigValue = setupOtpProfile.readSettingAsString(PwmSetting.OTP_SECRET_IDENTIFIER);
            final String identifier = pwmSession.getSessionManager().getMacroMachine(pwmApplication).expandMacros(identifierConfigValue);
            final OTPUserRecord otpUserRecord = new OTPUserRecord();
            final List<String> rawRecoveryCodes = pwmApplication.getOtpService().initializeUserRecord(setupOtpProfile, otpUserRecord, pwmRequest.getSessionLabel(), identifier);
            otpBean.setOtpUserRecord(otpUserRecord);
            otpBean.setRecoveryCodes(rawRecoveryCodes);
            LOGGER.trace(pwmSession, "generated new otp record");
            if (config.isDevDebugMode()) {
                LOGGER.trace(pwmRequest, "newly generated otp record: " + JsonUtil.serialize(otpUserRecord));
            }
        } catch (Exception e) {
            final String errorMsg = "error setting up new OTP secret: " + e.getMessage();
            LOGGER.error(pwmSession, errorMsg);
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
        }
    }
}

Example 82 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class SetupOtpServlet method nextStep.

@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    if (otpBean.isHasPreExistingOtp()) {
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_EXISTING);
        return;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    if (otpBean.isConfirmed()) {
        final OtpService otpService = pwmApplication.getOtpService();
        final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
        try {
            otpService.writeOTPUserConfiguration(pwmSession, theUser, otpBean.getOtpUserRecord());
            otpBean.setWritten(true);
            // Update the current user info bean, so the user can check the code right away
            pwmSession.reloadUserInfoBean(pwmApplication);
            // mark the event log
            final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.SET_OTP_SECRET, pwmSession.getUserInfo(), pwmSession);
            pwmApplication.getAuditManager().submit(auditRecord);
            if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
                pwmApplication.getStatisticsManager().incrementValue(Statistic.SETUP_OTP_SECRET);
            }
        } catch (Exception e) {
            final ErrorInformation errorInformation;
            if (e instanceof PwmException) {
                errorInformation = ((PwmException) e).getErrorInformation();
            } else {
                errorInformation = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp secret: " + e.getMessage());
            }
            LOGGER.error(pwmSession, errorInformation.toDebugStr());
            setLastError(pwmRequest, errorInformation);
        }
    }
    if (otpBean.isCodeSeen()) {
        if (otpBean.isWritten()) {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_SUCCESS);
        } else {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_TEST);
        }
    } else {
        final String qrCodeValue = makeQrCodeDataImageUrl(pwmRequest, otpBean.getOtpUserRecord());
        pwmRequest.setAttribute(PwmRequestAttribute.SetupOtp_QrCodeValue, qrCodeValue);
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET);
    }
}

Example 83 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeResetPassword.

private void executeResetPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmSession, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
    }
    try {
        final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.FORGOTTEN_PASSWORD);
        sessionAuthenticator.authUserWithUnknownPassword(userIdentity, AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        pwmSession.getLoginInfoBean().getAuthFlags().add(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        LOGGER.info(pwmSession, "user successfully supplied password recovery responses, forward to change password page: " + theUser.getEntryDN());
        // mark the event log
        pwmApplication.getAuditManager().submit(AuditEvent.RECOVER_PASSWORD, pwmSession.getUserInfo(), pwmSession);
        // add the post-forgotten password actions
        addPostChangeAction(pwmRequest, userIdentity);
        // mark user as requiring a new password.
        pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        // redirect user to change password screen.
        pwmRequest.sendRedirect(PwmServletDefinition.PublicChangePassword.servletUrlName());
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmSession, "unexpected error authenticating during forgotten password recovery process user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}

Example 84 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ForgottenPasswordServlet method processSearch.

@ActionHandler(action = "search")
private ProcessStatus processSearch(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Locale userLocale = pwmRequest.getLocale();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
    final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
    final boolean bogusUserModeEnabled = pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.RECOVERY_BOGUS_USER_ENABLE);
    // clear the bean
    clearForgottenPasswordBean(pwmRequest);
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            LOGGER.debug(pwmRequest, errorInfo);
            setLastError(pwmRequest, errorInfo);
            return ProcessStatus.Continue;
        }
    }
    final List<FormConfiguration> forgottenPasswordForm = pwmApplication.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
    Map<FormConfiguration, String> formValues = new LinkedHashMap<>();
    try {
        // read the values from the request
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, forgottenPasswordForm, userLocale);
        // check for intruder search values
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(pwmRequest.getConfig(), formValues, userLocale);
        final String searchFilter;
        {
            final String configuredSearchFilter = pwmApplication.getConfig().readSettingAsString(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FILTER);
            if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
                searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, forgottenPasswordForm);
                LOGGER.trace(pwmSession, "auto generated ldap search filter: " + searchFilter);
            } else {
                searchFilter = configuredSearchFilter;
            }
        }
        // convert the username field to an identity
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).formValues(formValues).contexts(Collections.singletonList(contextParam)).ldapProfile(ldapProfile).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
        }
        if (userIdentity == null) {
            throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
        }
        AuthenticationUtility.checkIfUserEligibleToAuthentication(pwmApplication, userIdentity);
        final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
        ForgottenPasswordUtil.initForgottenPasswordBean(pwmRequest, userIdentity, forgottenPasswordBean);
        // clear intruder search values
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        return ProcessStatus.Continue;
    } catch (PwmOperationalException e) {
        if (e.getError() != PwmError.ERROR_CANT_MATCH_USER || !bogusUserModeEnabled) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, e.getErrorInformation().getDetailedErrorMsg(), e.getErrorInformation().getFieldValues());
            pwmApplication.getStatisticsManager().incrementValue(Statistic.RECOVERY_FAILURES);
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
            LOGGER.debug(pwmSession, errorInfo.toDebugStr());
            setLastError(pwmRequest, errorInfo);
            return ProcessStatus.Continue;
        }
    }
    if (bogusUserModeEnabled) {
        ForgottenPasswordUtil.initBogusForgottenPasswordBean(pwmRequest);
        forgottenPasswordBean(pwmRequest).setUserSearchValues(FormUtility.asStringMap(formValues));
    }
    return ProcessStatus.Continue;
}

Example 85 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeUnlock.

private void executeUnlock(final PwmRequest pwmRequest) throws IOException, ServletException, ChaiUnavailableException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
        theUser.unlockPassword();
        // mark the event log
        final UserInfo userInfoBean = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        pwmApplication.getAuditManager().submit(AuditEvent.UNLOCK_PASSWORD, userInfoBean, pwmSession);
        ForgottenPasswordUtil.sendUnlockNoticeEmail(pwmRequest, forgottenPasswordBean);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UnlockAccount);
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + userIdentity + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation, true);
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}