Examples with UserIdentity password.pwm.bean.UserIdentity used on opensource projects

Search in sources :

Example 36 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class DeleteAccountServlet method handleDeleteRequest.

@ActionHandler(action = "delete")
private ProcessStatus handleDeleteRequest(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final DeleteAccountProfile deleteAccountProfile = getProfile(pwmRequest);
    final UserIdentity userIdentity = pwmRequest.getUserInfoIfLoggedIn();
    {
        // execute configured actions
        final List<ActionConfiguration> actions = deleteAccountProfile.readSettingAsAction(PwmSetting.DELETE_ACCOUNT_ACTIONS);
        if (actions != null && !actions.isEmpty()) {
            LOGGER.debug(pwmRequest, "executing configured actions to user " + userIdentity);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            try {
                actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
            } catch (PwmOperationalException e) {
                LOGGER.error("error during user delete action execution: " + e.getMessage());
                throw new PwmUnrecoverableException(e.getErrorInformation(), e.getCause());
            }
        }
    }
    // send notification
    sendProfileUpdateEmailNotice(pwmRequest);
    // mark the event log
    pwmApplication.getAuditManager().submit(AuditEvent.DELETE_ACCOUNT, pwmRequest.getPwmSession().getUserInfo(), pwmRequest.getPwmSession());
    final String nextUrl = deleteAccountProfile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
    if (nextUrl != null && !nextUrl.isEmpty()) {
        final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
        final String macroedUrl = macroMachine.expandMacros(nextUrl);
        LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
        pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
    }
    // perform ldap entry delete.
    if (deleteAccountProfile.readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_DELETE_USER_ENTRY)) {
        final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(pwmRequest.getUserInfoIfLoggedIn());
        try {
            chaiUser.getChaiProvider().deleteEntry(chaiUser.getEntryDN());
        } catch (ChaiException e) {
            final PwmUnrecoverableException pwmException = PwmUnrecoverableException.fromChaiException(e);
            LOGGER.error("error during user delete", pwmException);
            throw pwmException;
        }
    }
    // clear the delete bean
    pwmApplication.getSessionStateService().clearBean(pwmRequest, DeleteAccountBean.class);
    // delete finished, so logout and redirect.
    pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
    pwmRequest.sendRedirectToContinue();
    return ProcessStatus.Halt;
}
Also used : ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) DeleteAccountProfile(password.pwm.config.profile.DeleteAccountProfile) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 37 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class ForgottenUsernameServlet method handleSearchRequest.

public void handleSearchRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            LOGGER.debug(pwmRequest, errorInfo);
            setLastError(pwmRequest, errorInfo);
            forwardToFormJsp(pwmRequest);
            return;
        }
    }
    final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
    final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
    final List<FormConfiguration> forgottenUsernameForm = pwmApplication.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_USERNAME_FORM);
    // read the values from the request
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, forgottenUsernameForm, ssBean.getLocale());
        // check for intruder search
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(pwmRequest.getConfig(), formValues, ssBean.getLocale());
        final String searchFilter;
        {
            final String configuredSearchFilter = pwmApplication.getConfig().readSettingAsString(PwmSetting.FORGOTTEN_USERNAME_SEARCH_FILTER);
            if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
                searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, forgottenUsernameForm);
                LOGGER.trace(pwmSession, "auto generated ldap search filter: " + searchFilter);
            } else {
                searchFilter = configuredSearchFilter;
            }
        }
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).contexts(Collections.singletonList(contextParam)).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
        }
        if (userIdentity == null) {
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_FAILURES);
            setLastError(pwmRequest, PwmError.ERROR_CANT_MATCH_USER.toInfo());
            forwardToFormJsp(pwmRequest);
            return;
        }
        // make sure the user isn't locked.
        pwmApplication.getIntruderManager().convenience().checkUserIdentity(userIdentity);
        final UserInfo forgottenUserInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
        // send username
        sendUsername(pwmApplication, pwmSession, forgottenUserInfo);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_SUCCESSES);
        // redirect user to success page.
        forwardToCompletePage(pwmRequest, userIdentity);
        return;
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInfo;
        errorInfo = e.getError() == PwmError.ERROR_UNKNOWN ? new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER, e.getErrorInformation().getDetailedErrorMsg(), e.getErrorInformation().getFieldValues()) : e.getErrorInformation();
        setLastError(pwmRequest, errorInfo);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
    }
    pwmApplication.getStatisticsManager().incrementValue(Statistic.FORGOTTEN_USERNAME_FAILURES);
    forwardToFormJsp(pwmRequest);
}
Also used : PwmApplication(password.pwm.PwmApplication) HashMap(java.util.HashMap) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) UserInfo(password.pwm.ldap.UserInfo) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession)

Example 38 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class LoginServlet method handleLoginRequest.

private void handleLoginRequest(final PwmRequest pwmRequest, final Map<String, String> valueMap, final boolean passwordOnly) throws PwmOperationalException, ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final String username = valueMap.get(PwmConstants.PARAM_USERNAME);
    final String passwordStr = valueMap.get(PwmConstants.PARAM_PASSWORD);
    final PasswordData password = passwordStr != null && passwordStr.length() > 0 ? new PasswordData(passwordStr) : null;
    final String context = valueMap.get(PwmConstants.PARAM_CONTEXT);
    final String ldapProfile = valueMap.get(PwmConstants.PARAM_LDAP_PROFILE);
    final String recaptchaResponse = valueMap.get("g-recaptcha-response");
    if (!passwordOnly && (username == null || username.isEmpty())) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "missing username parameter"));
    }
    if (password == null) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "missing password parameter"));
    }
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest, recaptchaResponse)) {
            throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE, "captcha incorrect"));
        }
    }
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), PwmAuthenticationSource.LOGIN_FORM);
    if (passwordOnly) {
        final UserIdentity userIdentity = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
        sessionAuthenticator.authenticateUser(userIdentity, password);
    } else {
        sessionAuthenticator.searchAndAuthenticateUser(username, password, context, ldapProfile);
    }
    // if here then login was successful
    // recycle the session to prevent session fixation attack.
    pwmRequest.getPwmSession().getSessionStateBean().setSessionIdRecycleNeeded(true);
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) PasswordData(password.pwm.util.PasswordData) UserIdentity(password.pwm.bean.UserIdentity) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 39 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class SetupOtpServlet method handleClearOtpSecret.

@ActionHandler(action = "clearOtp")
private ProcessStatus handleClearOtpSecret(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException {
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final OtpService service = pwmApplication.getOtpService();
    final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
    try {
        service.clearOTPUserConfiguration(pwmSession, theUser);
    } catch (PwmOperationalException e) {
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.error(pwmRequest, e.getErrorInformation());
        return ProcessStatus.Halt;
    }
    otpBean.setHasPreExistingOtp(false);
    initializeBean(pwmRequest, otpBean);
    return ProcessStatus.Continue;
}
Also used : PwmApplication(password.pwm.PwmApplication) SetupOtpBean(password.pwm.http.bean.SetupOtpBean) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmSession(password.pwm.http.PwmSession) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 40 with UserIdentity

use of password.pwm.bean.UserIdentity in project pwm by pwm-project.

the class RestChallengesServer method doSetChallengeDataJson.

@RestMethodHandler(method = HttpMethod.POST, consumes = HttpContentType.json, produces = HttpContentType.json)
public RestResultBean doSetChallengeDataJson(final RestRequest restRequest) throws IOException, PwmUnrecoverableException {
    final JsonChallengesData jsonInput = RestUtility.deserializeJsonBody(restRequest, JsonChallengesData.class);
    final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, jsonInput.getUsername());
    try {
        final ChaiUser chaiUser;
        final String userGUID;
        final String csIdentifer;
        final UserIdentity userIdentity;
        final CrService crService = restRequest.getPwmApplication().getCrService();
        userIdentity = targetUserIdentity.getUserIdentity();
        chaiUser = targetUserIdentity.getChaiUser();
        userGUID = LdapOperationsHelper.readLdapGuidValue(restRequest.getPwmApplication(), restRequest.getSessionLabel(), userIdentity, false);
        final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), userIdentity, chaiUser, PwmPasswordPolicy.defaultPolicy(), restRequest.getLocale());
        csIdentifer = challengeProfile.getChallengeSet().getIdentifier();
        final ResponseInfoBean responseInfoBean = jsonInput.toResponseInfoBean(restRequest.getLocale(), csIdentifer);
        crService.writeResponses(userIdentity, chaiUser, userGUID, responseInfoBean);
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.forSuccessMessage(restRequest, Message.Success_SetupResponse);
    } catch (Exception e) {
        final String errorMsg = "unexpected error reading json input: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) CrService(password.pwm.util.operations.CrService) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Aggregations

UserIdentity (password.pwm.bean.UserIdentity)101 ErrorInformation (password.pwm.error.ErrorInformation)62 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48 PwmOperationalException (password.pwm.error.PwmOperationalException)45 ChaiUser (com.novell.ldapchai.ChaiUser)30 PwmApplication (password.pwm.PwmApplication)27 Map (java.util.Map)21 PwmSession (password.pwm.http.PwmSession)20 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19 PwmException (password.pwm.error.PwmException)18 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 LinkedHashMap (java.util.LinkedHashMap)17 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16 Instant (java.time.Instant)16 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 ArrayList (java.util.ArrayList)15 UserInfo (password.pwm.ldap.UserInfo)15 RestResultBean (password.pwm.ws.server.RestResultBean)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial