Example 6 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class SessionAuthenticator method searchAndAuthenticateUser.
public void searchAndAuthenticateUser(final String username, final PasswordData password, final String context, final String ldapProfile) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
pwmApplication.getIntruderManager().check(RecordType.USERNAME, username);
UserIdentity userIdentity = null;
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
userIdentity = userSearchEngine.resolveUsername(username, context, ldapProfile, sessionLabel);
final AuthenticationRequest authEngine = LDAPAuthenticationRequest.createLDAPAuthenticationRequest(pwmApplication, sessionLabel, userIdentity, AuthenticationType.AUTHENTICATED, authenticationSource);
final AuthenticationResult authResult = authEngine.authenticateUser(password);
postAuthenticationSequence(userIdentity, authResult);
} catch (PwmOperationalException e) {
postFailureSequence(e, username, userIdentity);
if (readHiddenErrorTypes().contains(e.getError())) {
if (pwmApplication.determineIfDetailErrorMsgShown()) {
LOGGER.debug(pwmSession, "allowing error " + e.getError() + " to be returned though it is configured as a hidden type; " + "app is currently permitting detailed error messages");
} else {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD);
LOGGER.debug(pwmSession, "converting error from ldap " + e.getError() + " to " + PwmError.ERROR_WRONGPASSWORD + " due to app property " + AppProperty.SECURITY_LOGIN_HIDDEN_ERROR_TYPES.getKey());
throw new PwmOperationalException(errorInformation);
}
}
throw e;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
UserIdentity(password.pwm.bean.UserIdentity)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 7 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class DatabaseUserHistory method updateUserHistory.
@Override
public void updateUserHistory(final UserAuditRecord auditRecord) throws PwmUnrecoverableException {
// user info
final UserIdentity userIdentity;
if (auditRecord instanceof HelpdeskAuditRecord && auditRecord.getType() == AuditEvent.Type.HELPDESK) {
final HelpdeskAuditRecord helpdeskAuditRecord = (HelpdeskAuditRecord) auditRecord;
userIdentity = new UserIdentity(helpdeskAuditRecord.getTargetDN(), helpdeskAuditRecord.getTargetLdapProfile());
} else {
userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(), auditRecord.getPerpetratorLdapProfile());
}
final String guid;
try {
guid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
} catch (ChaiUnavailableException e) {
LOGGER.error("unable to read guid for user '" + userIdentity + "', cannot update user history, error: " + e.getMessage());
return;
}
try {
final StoredHistory storedHistory;
storedHistory = readStoredHistory(guid);
storedHistory.getRecords().add(auditRecord);
writeStoredHistory(guid, storedHistory);
} catch (DatabaseException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DB_UNAVAILABLE, e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
DatabaseException(password.pwm.util.db.DatabaseException)
Example 8 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class LdapXmlUserHistory method updateUserHistoryImpl.
private void updateUserHistoryImpl(final UserAuditRecord auditRecord) throws PwmUnrecoverableException, ChaiUnavailableException {
// user info
final UserIdentity userIdentity;
if (auditRecord instanceof HelpdeskAuditRecord && auditRecord.getType() == AuditEvent.Type.HELPDESK) {
final HelpdeskAuditRecord helpdeskAuditRecord = (HelpdeskAuditRecord) auditRecord;
userIdentity = new UserIdentity(helpdeskAuditRecord.getTargetDN(), helpdeskAuditRecord.getTargetLdapProfile());
} else {
userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(), auditRecord.getPerpetratorLdapProfile());
}
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
// settings
final String corRecordIdentifer = COR_RECORD_ID;
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String corAttribute = ldapProfile.readSettingAsString(PwmSetting.EVENTS_LDAP_ATTRIBUTE);
// quit if settings no good;
if (corAttribute == null || corAttribute.length() < 1) {
LOGGER.debug("no user event log attribute configured, skipping write of log data");
return;
}
// read current value;
final StoredHistory storedHistory;
final ConfigObjectRecord theCor;
final List corList;
try {
corList = ConfigObjectRecord.readRecordFromLDAP(theUser, corAttribute, corRecordIdentifer, null, null);
} catch (Exception e) {
final String errorMsg = "error reading LDAP user event history for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(errorInformation.toDebugStr(), e);
throw new PwmUnrecoverableException(errorInformation, e);
}
try {
if (!corList.isEmpty()) {
theCor = (ConfigObjectRecord) corList.get(0);
} else {
theCor = ConfigObjectRecord.createNew(theUser, corAttribute, corRecordIdentifer, null, null);
}
storedHistory = StoredHistory.fromXml(theCor.getPayload());
} catch (Exception e) {
LOGGER.error("ldap error writing user event log: " + e.getMessage());
return;
}
// add next record to blob
final StoredEvent storedEvent = StoredEvent.fromAuditRecord(auditRecord);
storedHistory.addEvent(storedEvent);
// trim the blob.
final int maxUserEvents = (int) pwmApplication.getConfig().readSettingAsLong(PwmSetting.EVENTS_LDAP_MAX_EVENTS);
storedHistory.trim(maxUserEvents);
// write the blob.
try {
theCor.updatePayload(storedHistory.toXml());
} catch (ChaiOperationException e) {
LOGGER.error("ldap error writing user event log: " + e.getMessage());
}
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
ConfigObjectRecord(com.novell.ldapchai.util.ConfigObjectRecord)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
LdapProfile(password.pwm.config.profile.LdapProfile)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
JDOMException(org.jdom2.JDOMException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
IOException(java.io.IOException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
LinkedList(java.util.LinkedList)
List(java.util.List)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 9 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class PwNotifyEngine method executeJob.
void executeJob() throws ChaiUnavailableException, ChaiOperationException, PwmOperationalException, PwmUnrecoverableException {
startTime = Instant.now();
examinedCount = 0;
noticeCount = 0;
try {
internalLog.delete(0, internalLog.length());
running = true;
if (!canRunOnThisServer()) {
return;
}
if (JavaHelper.isEmpty(permissionList)) {
log("no users are included in permission list setting " + PwmSetting.PW_EXPY_NOTIFY_PERMISSION.toMenuLocationDebug(null, null) + ", exiting.");
return;
}
log("starting job, beginning ldap search");
final Iterator<UserIdentity> workQueue = LdapOperationsHelper.readAllUsersFromLdap(pwmApplication, null, null, settings.getMaxLdapSearchSize());
log("ldap search complete, examining users...");
while (workQueue.hasNext()) {
if (!checkIfRunningOnMaster()) {
final String msg = "job interrupted, server is no longer the cluster master.";
log(msg);
throw PwmUnrecoverableException.newException(PwmError.ERROR_SERVICE_NOT_AVAILABLE, msg);
}
checkIfRunningOnMaster();
examinedCount++;
final List<UserIdentity> batch = new ArrayList<>();
final int batchSize = settings.getBatchCount();
while (batch.size() < batchSize && workQueue.hasNext()) {
batch.add(workQueue.next());
}
final Instant startBatch = Instant.now();
examinedCount += batch.size();
noticeCount += processBatch(batch);
eventRateMeter.markEvents(batchSize);
final TimeDuration batchTime = TimeDuration.fromCurrent(startBatch);
final TimeDuration pauseTime = new TimeDuration(settings.getBatchTimeMultiplier().multiply(new BigDecimal(batchTime.getTotalMilliseconds())).longValue(), TimeUnit.MILLISECONDS);
pauseTime.pause();
debugOutputTask.conditionallyExecuteTask();
}
log("job complete, " + examinedCount + " users evaluated in " + TimeDuration.fromCurrent(startTime).asCompactString() + ", sent " + noticeCount + " notices.");
} finally {
running = false;
}
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
Instant(java.time.Instant)
ArrayList(java.util.ArrayList)
TimeDuration(password.pwm.util.java.TimeDuration)
BigDecimal(java.math.BigDecimal)
Example 10 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class PasswordUtility method helpdeskSetUserPassword.
public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final SessionLabel sessionLabel = pwmSession.getLabel();
final UserIdentity userIdentity = userInfo.getUserIdentity();
if (!pwmSession.isAuthenticated()) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
if (helpdeskProfile == null) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
// create a proxy user object for pwm to update/read the user.
final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// update statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
{
// execute configured actions
LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
final List<ActionConfiguration> actions = new ArrayList<>();
actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
if (!actions.isEmpty()) {
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
if (settingClearResponses == HelpdeskClearResponseMode.yes) {
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// send email notification
sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
// expire if so configured
if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
try {
proxiedUser.expirePassword();
} catch (ChaiOperationException e) {
LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
}
}
// send password
final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
if (sendPassword) {
final MessageSendMethod messageSendMethod;
{
final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
}
PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
}
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
LoginInfoBean(password.pwm.bean.LoginInfoBean)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
MessageSendMethod(password.pwm.config.option.MessageSendMethod)
PwmOperationalException(password.pwm.error.PwmOperationalException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
SessionLabel(password.pwm.bean.SessionLabel)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode)
MacroMachine(password.pwm.util.macro.MacroMachine)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Aggregations
UserIdentity (password.pwm.bean.UserIdentity)101
ErrorInformation (password.pwm.error.ErrorInformation)62
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48
PwmOperationalException (password.pwm.error.PwmOperationalException)45
ChaiUser (com.novell.ldapchai.ChaiUser)30
PwmApplication (password.pwm.PwmApplication)27
Map (java.util.Map)21
PwmSession (password.pwm.http.PwmSession)20
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19
PwmException (password.pwm.error.PwmException)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
LinkedHashMap (java.util.LinkedHashMap)17
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16
Instant (java.time.Instant)16
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16
ArrayList (java.util.ArrayList)15
UserInfo (password.pwm.ldap.UserInfo)15
RestResultBean (password.pwm.ws.server.RestResultBean)15
