Example 21 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method restValidateOtpCodeRequest.
@ActionHandler(action = "validateOtpCode")
private ProcessStatus restValidateOtpCodeRequest(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException, ChaiUnavailableException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Instant startTime = Instant.now();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), HelpdeskVerificationRequestBean.class);
final String userKey = helpdeskVerificationRequestBean.getUserKey();
if (userKey == null || userKey.isEmpty()) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
if (!helpdeskProfile.readOptionalVerificationMethods().contains(IdentityVerificationMethod.OTP)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password otp verification request, but otp verify is not enabled");
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation);
return ProcessStatus.Halt;
}
final String code = helpdeskVerificationRequestBean.getCode();
final OTPUserRecord otpUserRecord = pwmRequest.getPwmApplication().getOtpService().readOTPUserConfiguration(pwmRequest.getSessionLabel(), userIdentity);
try {
final boolean passed = pwmRequest.getPwmApplication().getOtpService().validateToken(pwmRequest.getSessionLabel(), userIdentity, otpUserRecord, code, false);
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_OTP, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
StatisticsManager.incrementStat(pwmRequest, Statistic.HELPDESK_VERIFY_OTP);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.OTP);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_OTP_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
} catch (PwmOperationalException e) {
pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
}
return ProcessStatus.Halt;
}
Also used :
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
PwmSession(password.pwm.http.PwmSession)
OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 22 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method processSetPasswordAction.
@ActionHandler(action = "setPassword")
private ProcessStatus processSetPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskProfile helpdeskProfile = pwmRequest.getPwmSession().getSessionManager().getHelpdeskProfile(pwmRequest.getPwmApplication());
final RestSetPasswordServer.JsonInputData jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestSetPasswordServer.JsonInputData.class);
final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
if (mode == HelpdeskUIMode.none) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
}
final PasswordData newPassword;
if (jsonInput.getPassword() == null) {
if (mode != HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to " + mode + " and no password is included in request"));
}
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, chaiUser, pwmRequest.getLocale());
newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), passwordPolicy, pwmRequest.getPwmApplication());
} else {
if (mode == HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to autogen yet a password is included in request"));
}
newPassword = new PasswordData(jsonInput.getPassword());
}
try {
PasswordUtility.helpdeskSetUserPassword(pwmRequest.getPwmSession(), chaiUser, userInfo, pwmRequest.getPwmApplication(), newPassword);
} catch (PwmException e) {
LOGGER.error("error during set password REST operation: " + e.getMessage());
pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
return ProcessStatus.Halt;
}
pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_ChangedHelpdeskPassword, userInfo.getUsername()));
return ProcessStatus.Halt;
}
Also used :
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskUIMode(password.pwm.config.option.HelpdeskUIMode)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
RestSetPasswordServer(password.pwm.ws.server.rest.RestSetPasswordServer)
Example 23 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method restValidateAttributes.
@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Instant startTime = Instant.now();
final String bodyString = pwmRequest.readRequestBodyAsString();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
boolean passed = false;
{
final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
if (verificationForms == null || verificationForms.isEmpty()) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
throw new PwmUnrecoverableException(errorInformation);
}
final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
final ChaiUser chaiUser;
try {
chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
int successCount = 0;
for (final FormConfiguration formConfiguration : verificationForms) {
final String name = formConfiguration.getName();
final String suppliedValue = bodyMap.get(name);
try {
if (chaiUser.compareStringAttribute(name, suppliedValue)) {
successCount++;
}
} catch (ChaiException e) {
LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
}
}
if (successCount == verificationForms.size()) {
passed = true;
}
}
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
List(java.util.List)
ArrayList(java.util.ArrayList)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiException(com.novell.ldapchai.exception.ChaiException)
PwmSession(password.pwm.http.PwmSession)
Map(java.util.Map)
HashMap(java.util.HashMap)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 24 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method restSearchRequest.
@ActionHandler(action = "search")
private ProcessStatus restSearchRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Map<String, String> valueMap = pwmRequest.readBodyAsJsonStringMap();
final String username = valueMap.get("username");
final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
final List<FormConfiguration> searchForm = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_SEARCH_FORM);
final int maxResults = (int) helpdeskProfile.readSettingAsLong(PwmSetting.HELPDESK_RESULT_LIMIT);
if (username == null || username.isEmpty()) {
final HelpdeskSearchResultsBean emptyResults = new HelpdeskSearchResultsBean();
emptyResults.setSearchResults(new ArrayList<>());
emptyResults.setSizeExceeded(false);
final RestResultBean restResultBean = RestResultBean.withData(emptyResults);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
final SearchConfiguration searchConfiguration;
{
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
builder.contexts(helpdeskProfile.readSettingAsStringArray(PwmSetting.HELPDESK_SEARCH_BASE));
builder.enableContextValidation(false);
builder.username(username);
builder.enableValueEscaping(false);
builder.filter(HelpdeskServletUtil.getSearchFilter(pwmRequest.getConfig(), helpdeskProfile));
builder.enableSplitWhitespace(true);
if (!useProxy) {
final UserIdentity loggedInUser = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
builder.ldapProfile(loggedInUser.getLdapProfileID());
builder.chaiProvider(getChaiUser(pwmRequest, helpdeskProfile, loggedInUser).getChaiProvider());
}
searchConfiguration = builder.build();
}
final UserSearchResults results;
final boolean sizeExceeded;
try {
final Locale locale = pwmRequest.getLocale();
results = userSearchEngine.performMultiUserSearchFromForm(locale, searchConfiguration, maxResults, searchForm, pwmRequest.getSessionLabel());
sizeExceeded = results.isSizeExceeded();
} catch (PwmOperationalException e) {
final ErrorInformation errorInformation = e.getErrorInformation();
LOGGER.error(pwmRequest, errorInformation);
final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
final HelpdeskSearchResultsBean outputData = new HelpdeskSearchResultsBean();
outputData.setSearchResults(results.resultsAsJsonOutput(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn()));
outputData.setSizeExceeded(sizeExceeded);
final RestResultBean restResultBean = RestResultBean.withData(outputData);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
Locale(java.util.Locale)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
UserIdentity(password.pwm.bean.UserIdentity)
UserSearchResults(password.pwm.ldap.search.UserSearchResults)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
SearchConfiguration(password.pwm.ldap.search.SearchConfiguration)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 25 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method processUserPhotoImageRequest.
@ActionHandler(action = "photo")
private ProcessStatus processUserPhotoImageRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final UserIdentity userIdentity = readUserKeyRequestParameter(pwmRequest);
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
LOGGER.debug(pwmRequest, "received user photo request to view user " + userIdentity.toString());
final PhotoDataBean photoData;
try {
photoData = LdapOperationsHelper.readPhotoDataFromLdap(pwmRequest.getConfig(), chaiUser, userIdentity);
} catch (PwmOperationalException e) {
final ErrorInformation errorInformation = e.getErrorInformation();
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
try (OutputStream outputStream = pwmRequest.getPwmResponse().getOutputStream()) {
final HttpServletResponse resp = pwmRequest.getPwmResponse().getHttpServletResponse();
resp.setContentType(photoData.getMimeType());
outputStream.write(photoData.getContents());
}
return ProcessStatus.Halt;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PhotoDataBean(password.pwm.ldap.PhotoDataBean)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
OutputStream(java.io.OutputStream)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Aggregations
UserIdentity (password.pwm.bean.UserIdentity)101
ErrorInformation (password.pwm.error.ErrorInformation)62
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48
PwmOperationalException (password.pwm.error.PwmOperationalException)45
ChaiUser (com.novell.ldapchai.ChaiUser)30
PwmApplication (password.pwm.PwmApplication)27
Map (java.util.Map)21
PwmSession (password.pwm.http.PwmSession)20
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19
PwmException (password.pwm.error.PwmException)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
LinkedHashMap (java.util.LinkedHashMap)17
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16
Instant (java.time.Instant)16
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16
ArrayList (java.util.ArrayList)15
UserInfo (password.pwm.ldap.UserInfo)15
RestResultBean (password.pwm.ws.server.RestResultBean)15
