Search in sources :

Example 31 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ForgottenPasswordServlet method handleUserVerificationBadAttempt.

private void handleUserVerificationBadAttempt(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final ErrorInformation errorInformation) throws PwmUnrecoverableException {
    LOGGER.debug(pwmRequest, errorInformation);
    setLastError(pwmRequest, errorInformation);
    final UserIdentity userIdentity = forgottenPasswordBean == null ? null : forgottenPasswordBean.getUserIdentity();
    if (userIdentity != null) {
        final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), PwmAuthenticationSource.FORGOTTEN_PASSWORD);
        sessionAuthenticator.simulateBadPassword(userIdentity);
        pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userIdentity, pwmRequest.getPwmSession());
    }
    pwmRequest.getPwmApplication().getIntruderManager().convenience().markAddressAndSession(pwmRequest.getPwmSession());
    StatisticsManager.incrementStat(pwmRequest, Statistic.RECOVERY_FAILURES);
}
Also used : SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) UserIdentity(password.pwm.bean.UserIdentity)

Example 32 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class GuestRegistrationServlet method handleSearchRequest.

protected void handleSearchRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    LOGGER.trace(pwmRequest, "Enter: handleSearchRequest(...)");
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ChaiProvider chaiProvider = pwmSession.getSessionManager().getChaiProvider();
    final Configuration config = pwmApplication.getConfig();
    final String adminDnAttribute = config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE);
    final Boolean origAdminOnly = config.readSettingAsBoolean(PwmSetting.GUEST_EDIT_ORIG_ADMIN_ONLY);
    final String usernameParam = pwmRequest.readParameterAsString("username");
    final GuestRegistrationBean guBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
    final SearchConfiguration searchConfiguration = SearchConfiguration.builder().chaiProvider(chaiProvider).contexts(Collections.singletonList(config.readSettingAsString(PwmSetting.GUEST_CONTEXT))).enableContextValidation(false).username(usernameParam).build();
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    try {
        final UserIdentity theGuest = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
        final FormMap formProps = guBean.getFormValues();
        try {
            final List<FormConfiguration> guestUpdateForm = config.readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
            final Set<String> involvedAttrs = new HashSet<>();
            for (final FormConfiguration formItem : guestUpdateForm) {
                if (!formItem.getName().equalsIgnoreCase(HTTP_PARAM_EXPIRATION_DATE)) {
                    involvedAttrs.add(formItem.getName());
                }
            }
            final UserInfo guestUserInfo = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), pwmRequest.getLocale(), theGuest, pwmSession.getSessionManager().getChaiProvider());
            final Map<String, String> userAttrValues = guestUserInfo.readStringAttributes(involvedAttrs);
            if (origAdminOnly && adminDnAttribute != null && adminDnAttribute.length() > 0) {
                final String origAdminDn = userAttrValues.get(adminDnAttribute);
                if (origAdminDn != null && origAdminDn.length() > 0) {
                    if (!pwmSession.getUserInfo().getUserIdentity().getUserDN().equalsIgnoreCase(origAdminDn)) {
                        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ORIG_ADMIN_ONLY);
                        setLastError(pwmRequest, info);
                        LOGGER.warn(pwmSession, info);
                        this.forwardToJSP(pwmRequest, guestRegistrationBean);
                    }
                }
            }
            final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            if (expirationAttribute != null && expirationAttribute.length() > 0) {
                final Instant expiration = guestUserInfo.readDateAttribute(expirationAttribute);
                if (expiration != null) {
                    guBean.setUpdateUserExpirationDate(expiration);
                }
            }
            for (final FormConfiguration formItem : guestUpdateForm) {
                final String key = formItem.getName();
                final String value = userAttrValues.get(key);
                if (value != null) {
                    formProps.put(key, value);
                }
            }
            guBean.setUpdateUserIdentity(theGuest);
            this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
            return;
        } catch (PwmUnrecoverableException e) {
            LOGGER.warn(pwmSession, "error reading current attributes for user: " + e.getMessage());
        }
    } catch (PwmOperationalException e) {
        final ErrorInformation error = e.getErrorInformation();
        setLastError(pwmRequest, error);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
        return;
    }
    this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) Instant(java.time.Instant) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) FormMap(password.pwm.util.FormMap) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) GuestRegistrationBean(password.pwm.http.bean.GuestRegistrationBean) HashSet(java.util.HashSet)

Example 33 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class GuestRegistrationServlet method handleCreateRequest.

private void handleCreateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final Configuration config = pwmApplication.getConfig();
    final Locale locale = ssBean.getLocale();
    final List<FormConfiguration> guestUserForm = config.readSettingAsForm(PwmSetting.GUEST_FORM);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, guestUserForm, locale);
        // read the expiration date from the request.
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, locale);
        // read new user DN
        final String guestUserDN = determineUserDN(formValues, config);
        // read a chai provider to make the user
        final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
        // set up the user creation attributes
        final Map<String, String> createAttributes = new HashMap<>();
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formItem = entry.getKey();
            final String value = entry.getValue();
            LOGGER.debug(pwmSession, "Attribute from form: " + formItem.getName() + " = " + value);
            final String n = formItem.getName();
            final String v = formValues.get(formItem);
            if (n != null && n.length() > 0 && v != null && v.length() > 0) {
                createAttributes.put(n, v);
            }
        }
        // Write creator DN
        createAttributes.put(config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE), pwmSession.getUserInfo().getUserIdentity().getUserDN());
        // read the creation object classes.
        final Set<String> createObjectClasses = new HashSet<>(config.readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
        provider.createEntry(guestUserDN, createObjectClasses, createAttributes);
        LOGGER.info(pwmSession, "created user object: " + guestUserDN);
        final ChaiUser theUser = provider.getEntryFactory().newChaiUser(guestUserDN);
        final UserIdentity userIdentity = new UserIdentity(guestUserDN, pwmSession.getUserInfo().getUserIdentity().getLdapProfileID());
        // write the expiration date:
        if (expirationDate != null) {
            final String expirationAttr = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            theUser.writeDateAttribute(expirationAttr, expirationDate);
        }
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, pwmSession.getLabel(), userIdentity, theUser, locale);
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), passwordPolicy, pwmApplication);
        theUser.setPassword(newPassword.getStringValue());
        {
            // execute configured actions
            LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final List<ActionConfiguration> actions = pwmApplication.getConfig().readSettingAsAction(PwmSetting.GUEST_WRITE_ATTRIBUTES);
            if (actions != null && !actions.isEmpty()) {
                final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
                final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, theUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
                actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
            }
        }
        // everything good so forward to success page.
        this.sendGuestUserEmailConfirmation(pwmRequest, userIdentity);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateGuest);
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, "error creating user: " + e.getMessage());
        setLastError(pwmRequest, info);
        LOGGER.warn(pwmSession, info);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    }
}
Also used : Locale(java.util.Locale) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) FormConfiguration(password.pwm.config.value.data.FormConfiguration) List(java.util.List) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) HashSet(java.util.HashSet) ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) MacroMachine(password.pwm.util.macro.MacroMachine) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) PwmSession(password.pwm.http.PwmSession) Map(java.util.Map) FormMap(password.pwm.util.FormMap) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 34 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ActivateUserServlet method handleActivateRequest.

@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            throw new PwmUnrecoverableException(errorInfo);
        }
    }
    pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
    final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        // read the values from the request
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
        // check for intruders
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // read the context attr
        final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
        // read the profile attr
        final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
        // read an ldap user object based on the params
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
        }
        ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
        final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
        if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
            final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
            pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            throw new PwmUnrecoverableException(errorInformation);
        }
        final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
        activateUserBean.setUserIdentity(userIdentity);
        activateUserBean.setFormValidated(true);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
    } catch (PwmOperationalException e) {
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
    }
    return ProcessStatus.Continue;
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) Configuration(password.pwm.config.Configuration) HashMap(java.util.HashMap) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActivateUserBean(password.pwm.http.bean.ActivateUserBean) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) UserPermission(password.pwm.config.value.data.UserPermission)

Example 35 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ConfigEditorServlet method restResetSetting.

@ActionHandler(action = "resetSetting")
private ProcessStatus restResetSetting(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
    final ConfigManagerBean configManagerBean = getBean(pwmRequest);
    final StoredConfigurationImpl storedConfig = configManagerBean.getStoredConfiguration();
    final UserIdentity loggedInUser = pwmRequest.getUserInfoIfLoggedIn();
    final String key = pwmRequest.readParameterAsString("key");
    final PwmSetting setting = PwmSetting.forKey(key);
    if (key.startsWith("localeBundle")) {
        final StringTokenizer st = new StringTokenizer(key, "-");
        st.nextToken();
        final PwmLocaleBundle bundleName = PwmLocaleBundle.valueOf(st.nextToken());
        final String keyName = st.nextToken();
        storedConfig.resetLocaleBundleMap(bundleName.getTheClass().getName(), keyName);
    } else {
        final String profileID = setting.getCategory().hasProfiles() ? pwmRequest.readParameterAsString("profile") : null;
        storedConfig.resetSetting(setting, profileID, loggedInUser);
    }
    pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown));
    return ProcessStatus.Halt;
}
Also used : PwmSetting(password.pwm.config.PwmSetting) ConfigManagerBean(password.pwm.http.bean.ConfigManagerBean) StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl) StringTokenizer(java.util.StringTokenizer) PwmLocaleBundle(password.pwm.i18n.PwmLocaleBundle) UserIdentity(password.pwm.bean.UserIdentity)

Aggregations

UserIdentity (password.pwm.bean.UserIdentity)101 ErrorInformation (password.pwm.error.ErrorInformation)62 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48 PwmOperationalException (password.pwm.error.PwmOperationalException)45 ChaiUser (com.novell.ldapchai.ChaiUser)30 PwmApplication (password.pwm.PwmApplication)27 Map (java.util.Map)21 PwmSession (password.pwm.http.PwmSession)20 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19 PwmException (password.pwm.error.PwmException)18 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 LinkedHashMap (java.util.LinkedHashMap)17 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16 Instant (java.time.Instant)16 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 ArrayList (java.util.ArrayList)15 UserInfo (password.pwm.ldap.UserInfo)15 RestResultBean (password.pwm.ws.server.RestResultBean)15