Example 26 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method processRandomPasswordAction.
@ActionHandler(action = "randomPassword")
private ProcessStatus processRandomPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final RestRandomPasswordServer.JsonInput input = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestRandomPasswordServer.JsonInput.class);
final UserIdentity userIdentity = UserIdentity.fromKey(input.getUsername(), pwmRequest.getPwmApplication());
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
final RandomPasswordGenerator.RandomGeneratorConfig.RandomGeneratorConfigBuilder randomConfigBuilder = RandomPasswordGenerator.RandomGeneratorConfig.builder();
randomConfigBuilder.passwordPolicy(userInfo.getPasswordPolicy());
final RandomPasswordGenerator.RandomGeneratorConfig randomConfig = randomConfigBuilder.build();
final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getPwmSession().getLabel(), randomConfig, pwmRequest.getPwmApplication());
final RestRandomPasswordServer.JsonOutput jsonOutput = new RestRandomPasswordServer.JsonOutput();
jsonOutput.setPassword(randomPassword.getStringValue());
final RestResultBean restResultBean = RestResultBean.withData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
UserInfo(password.pwm.ldap.UserInfo)
RestRandomPasswordServer(password.pwm.ws.server.rest.RestRandomPasswordServer)
ChaiUser(com.novell.ldapchai.ChaiUser)
PasswordData(password.pwm.util.PasswordData)
RandomPasswordGenerator(password.pwm.util.RandomPasswordGenerator)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 27 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class HelpdeskServlet method restClearOtpSecret.
@ActionHandler(action = "clearOtpSecret")
private ProcessStatus restClearOtpSecret(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Map<String, String> bodyMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
final UserIdentity userIdentity = HelpdeskServletUtil.userIdentityFromMap(pwmRequest, bodyMap);
if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_CLEAR_OTP_BUTTON)) {
final String errorMsg = "clear otp request, but helpdesk clear otp button is not enabled";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
LOGGER.error(pwmRequest, errorMsg);
pwmRequest.respondWithError(errorInformation);
return ProcessStatus.Halt;
}
// clear pwm intruder setting.
pwmRequest.getPwmApplication().getIntruderManager().convenience().clearUserIdentity(userIdentity);
try {
final OtpService service = pwmRequest.getPwmApplication().getOtpService();
service.clearOTPUserConfiguration(pwmRequest.getPwmSession(), userIdentity);
{
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_OTP_SECRET, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
} catch (PwmOperationalException e) {
final PwmError returnMsg = e.getError();
final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
pwmRequest.respondWithError(error);
LOGGER.warn(pwmRequest, "error clearing OTP secret for user '" + userIdentity + "'' " + error.toDebugStr() + ", " + e.getMessage());
return ProcessStatus.Halt;
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
OtpService(password.pwm.util.operations.OtpService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
PwmOperationalException(password.pwm.error.PwmOperationalException)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 28 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckAttributes.
@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
// final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.isBogusUser()) {
final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
// add a bit of jitter to pretend like we're checking a data source
JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
if (forgottenPasswordBean.getUserSearchValues() != null) {
final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
// check attributes
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
final Locale userLocale = pwmRequest.getLocale();
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
if (requiredAttributesForm.isEmpty()) {
return ProcessStatus.Continue;
}
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formConfiguration = entry.getKey();
final String attrName = formConfiguration.getName();
try {
if (theUser.compareStringAttribute(attrName, entry.getValue())) {
LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
} else {
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
} catch (ChaiOperationException e) {
LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
} catch (PwmDataValidationException e) {
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
}
return ProcessStatus.Continue;
}
Also used :
Locale(java.util.Locale)
UserIdentity(password.pwm.bean.UserIdentity)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
Example 29 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class ForgottenPasswordServlet method processOAuthReturn.
@ActionHandler(action = "oauthReturn")
private ProcessStatus processOAuthReturn(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getProgress().getInProgressVerificationMethod() != IdentityVerificationMethod.OAUTH) {
LOGGER.debug(pwmRequest, "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence");
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
return ProcessStatus.Halt;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
LOGGER.debug(pwmRequest, "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence");
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
return ProcessStatus.Halt;
}
final String encryptedResult = pwmRequest.readParameterAsString(PwmConstants.PARAM_RECOVERY_OAUTH_RESULT, PwmHttpRequestWrapper.Flag.BypassValidation);
final OAuthForgottenPasswordResults results = pwmRequest.getPwmApplication().getSecureService().decryptObject(encryptedResult, OAuthForgottenPasswordResults.class);
LOGGER.trace(pwmRequest, "received ");
final String userDNfromOAuth = results.getUsername();
if (userDNfromOAuth == null || userDNfromOAuth.isEmpty()) {
final String errorMsg = "oauth server coderesolver endpoint did not return a username value";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
final UserIdentity oauthUserIdentity;
{
final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
try {
oauthUserIdentity = userSearchEngine.resolveUsername(userDNfromOAuth, null, null, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
final String errorMsg = "unexpected error searching for oauth supplied username in ldap; error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
final boolean userMatch;
{
final UserIdentity userIdentityInBean = forgottenPasswordBean.getUserIdentity();
userMatch = userIdentityInBean != null && userIdentityInBean.equals(oauthUserIdentity);
}
if (userMatch) {
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.OAUTH);
} else {
final String errorMsg = "oauth server username does not match previously identified user";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
return ProcessStatus.Continue;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
UserIdentity(password.pwm.bean.UserIdentity)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
OAuthForgottenPasswordResults(password.pwm.http.servlet.oauth.OAuthForgottenPasswordResults)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 30 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckResponses.
@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
// read the supplied responses from the user
final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
final boolean responsesPassed;
try {
responsesPassed = responseSet.test(crMap);
} catch (ChaiUnavailableException e) {
if (e.getCause() instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) e.getCause();
}
throw e;
}
// special case for nmas, clear out existing challenges and input fields.
if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
}
if (responsesPassed) {
LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
} else {
final String errorMsg = "incorrect response to one or more challenges";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
} catch (ChaiValidationException e) {
LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
return ProcessStatus.Continue;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Challenge(com.novell.ldapchai.cr.Challenge)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
NMASCrOperator(password.pwm.util.operations.cr.NMASCrOperator)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Aggregations
UserIdentity (password.pwm.bean.UserIdentity)101
ErrorInformation (password.pwm.error.ErrorInformation)62
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48
PwmOperationalException (password.pwm.error.PwmOperationalException)45
ChaiUser (com.novell.ldapchai.ChaiUser)30
PwmApplication (password.pwm.PwmApplication)27
Map (java.util.Map)21
PwmSession (password.pwm.http.PwmSession)20
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19
PwmException (password.pwm.error.PwmException)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
LinkedHashMap (java.util.LinkedHashMap)17
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16
Instant (java.time.Instant)16
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16
ArrayList (java.util.ArrayList)15
UserInfo (password.pwm.ldap.UserInfo)15
RestResultBean (password.pwm.ws.server.RestResultBean)15
