Example 41 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class RestUtility method resolveRequestedUsername.
public static RestServlet.TargetUserIdentity resolveRequestedUsername(final RestRequest restRequest, final String username) throws PwmUnrecoverableException {
final PwmApplication pwmApplication = restRequest.getPwmApplication();
if (StringUtil.isEmpty(username)) {
if (restRequest.getRestAuthentication().getType() == RestAuthenticationType.NAMED_SECRET) {
throw PwmUnrecoverableException.newException(PwmError.ERROR_REST_INVOCATION_ERROR, "username field required when using external web services secrets for authentication ");
}
} else {
if (!restRequest.getRestAuthentication().isThirdPartyEnabled()) {
throw PwmUnrecoverableException.newException(PwmError.ERROR_UNAUTHORIZED, "username specified in request, however third party permission is not granted to the authenticated login.");
}
}
if (StringUtil.isEmpty(username)) {
if (restRequest.getRestAuthentication().getType() == RestAuthenticationType.LDAP) {
return new RestServlet.TargetUserIdentity(restRequest, restRequest.getRestAuthentication().getLdapIdentity(), true);
}
}
final String ldapProfileID;
final String effectiveUsername;
if (username.contains("|")) {
final int pipeIndex = username.indexOf("|");
ldapProfileID = username.substring(0, pipeIndex);
effectiveUsername = username.substring(pipeIndex + 1, username.length());
} else {
ldapProfileID = null;
effectiveUsername = username;
}
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final UserIdentity userIdentity = userSearchEngine.resolveUsername(effectiveUsername, null, ldapProfileID, restRequest.getSessionLabel());
final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
if (ldapProfile != null) {
{
final UserIdentity testUser = ldapProfile.getTestUser(pwmApplication);
if (testUser != null && testUser.canonicalEquals(userIdentity, pwmApplication)) {
final String msg = "rest services can not be invoked against the configured LDAP profile test user";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_REST_INVOCATION_ERROR, msg);
throw new PwmUnrecoverableException(errorInformation);
}
}
{
final UserIdentity proxyUser = ldapProfile.getProxyUser(pwmApplication);
if (proxyUser != null && proxyUser.canonicalEquals(userIdentity, pwmApplication)) {
final String msg = "rest services can not be invoked against the configured LDAP profile proxy user";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_REST_INVOCATION_ERROR, msg);
throw new PwmUnrecoverableException(errorInformation);
}
}
}
return new RestServlet.TargetUserIdentity(restRequest, userIdentity, false);
} catch (PwmOperationalException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
LdapProfile(password.pwm.config.profile.LdapProfile)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 42 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class MacroTest method testUserMacros.
@Test
public void testUserMacros() throws Exception {
final String userDN = "cn=test1,ou=test,o=org";
final MacroMachine macroMachine;
{
final PwmApplication pwmApplication = mock(PwmApplication.class);
when(pwmApplication.getApplicationMode()).thenReturn(PwmApplicationMode.RUNNING);
when(pwmApplication.getConfig()).thenReturn(new Configuration(StoredConfigurationImpl.newStoredConfiguration()));
final UserInfo userInfo = mock(UserInfo.class);
final UserIdentity userIdentity = new UserIdentity(userDN, "profile");
when(userInfo.getUserIdentity()).thenReturn(userIdentity);
when(userInfo.readStringAttribute("givenName")).thenReturn("Jason");
final LoginInfoBean loginInfoBean = mock(LoginInfoBean.class);
when(loginInfoBean.isAuthenticated()).thenReturn(true);
when(loginInfoBean.getUserIdentity()).thenReturn(userIdentity);
macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
}
{
// userDN macro
final String goal = userDN;
final String expanded = macroMachine.expandMacros("@LDAP:dn@");
Assert.assertEquals(goal, expanded);
}
{
// userDN + urlEncoding macro
final String goal = "test cn%3Dtest1%2Cou%3Dtest%2Co%3Dorg";
final String expanded = macroMachine.expandMacros("test @Encode:urlPath:[[@LDAP:dn@]]@");
Assert.assertEquals(goal, expanded);
}
{
// user attribute macro
final String goal = "test Jason test";
final String expanded = macroMachine.expandMacros("test @LDAP:givenName@ test");
Assert.assertEquals(goal, expanded);
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
LoginInfoBean(password.pwm.bean.LoginInfoBean)
Configuration(password.pwm.config.Configuration)
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
Test(org.junit.Test)
Example 43 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class LdapCertImportFunction method provideFunction.
@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final StringArrayValue ldapUrlsValue = (StringArrayValue) storedConfiguration.readSetting(PwmSetting.LDAP_SERVER_URLS, profile);
final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();
try {
if (ldapUrlsValue != null && ldapUrlsValue.toNativeObject() != null) {
final List<String> ldapUrlStrings = ldapUrlsValue.toNativeObject();
for (final String ldapUrlString : ldapUrlStrings) {
final URI ldapURI = new URI(ldapUrlString);
final List<X509Certificate> certs = X509Utils.readRemoteCertificates(ldapURI);
if (certs != null) {
resultCertificates.addAll(certs);
}
}
}
} catch (Exception e) {
if (e instanceof PwmException) {
throw new PwmOperationalException(((PwmException) e).getErrorInformation());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error importing certificates: " + e.getMessage());
throw new PwmOperationalException(errorInformation);
}
final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
storedConfiguration.writeSetting(setting, profile, new X509CertificateValue(resultCertificates), userIdentity);
return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
URI(java.net.URI)
X509Certificate(java.security.cert.X509Certificate)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSession(password.pwm.http.PwmSession)
StringArrayValue(password.pwm.config.value.StringArrayValue)
Example 44 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class SyslogCertImportFunction method provideFunction.
@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
boolean error = false;
Exception exeception = null;
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();
final List<String> syslogConfigStrs = (List<String>) storedConfiguration.readSetting(PwmSetting.AUDIT_SYSLOG_SERVERS).toNativeObject();
if (syslogConfigStrs != null && !syslogConfigStrs.isEmpty()) {
for (String entry : syslogConfigStrs) {
if (entry.toUpperCase().startsWith("TLS")) {
final SyslogAuditService.SyslogConfig syslogConfig = SyslogAuditService.SyslogConfig.fromConfigString(entry);
if (syslogConfig != null) {
try {
final List<X509Certificate> certs = X509Utils.readRemoteCertificates(syslogConfig.getHost(), syslogConfig.getPort());
if (certs != null) {
resultCertificates.addAll(certs);
error = false;
}
} catch (Exception e) {
error = true;
exeception = e;
}
}
}
}
}
if (!error) {
final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
storedConfiguration.writeSetting(setting, new X509CertificateValue(resultCertificates), userIdentity);
return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
} else {
if (exeception instanceof PwmException) {
throw new PwmOperationalException(((PwmException) exeception).getErrorInformation());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error importing certificates: " + exeception.getMessage());
throw new PwmOperationalException(errorInformation);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PwmApplication(password.pwm.PwmApplication)
SyslogAuditService(password.pwm.svc.event.SyslogAuditService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
X509Certificate(java.security.cert.X509Certificate)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
List(java.util.List)
PwmSession(password.pwm.http.PwmSession)
Example 45 with UserIdentity
use of password.pwm.bean.UserIdentity in project pwm by pwm-project.
the class NewUserProfile method getNewUserPasswordPolicy.
public PwmPasswordPolicy getNewUserPasswordPolicy(final PwmApplication pwmApplication, final Locale userLocale) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final long maxNewUserCacheMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_NEWUSER_PASSWORD_POLICY_CACHE_MS));
if (newUserPasswordPolicyCacheTime != null && TimeDuration.fromCurrent(newUserPasswordPolicyCacheTime).isLongerThan(maxNewUserCacheMS)) {
newUserPasswordPolicyCacheTime = Instant.now();
newUserPasswordPolicyCache.clear();
}
final PwmPasswordPolicy cachedPolicy = newUserPasswordPolicyCache.get(userLocale);
if (cachedPolicy != null) {
return cachedPolicy;
}
final PwmPasswordPolicy thePolicy;
final LdapProfile defaultLdapProfile = config.getDefaultLdapProfile();
final String configuredNewUserPasswordDN = readSettingAsString(PwmSetting.NEWUSER_PASSWORD_POLICY_USER);
if (configuredNewUserPasswordDN == null || configuredNewUserPasswordDN.length() < 1) {
final String errorMsg = "the setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must have a value";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
} else {
final String lookupDN;
if ("TESTUSER".equalsIgnoreCase(configuredNewUserPasswordDN)) {
lookupDN = defaultLdapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
if (lookupDN == null || lookupDN.isEmpty()) {
final String errorMsg = "setting " + PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(defaultLdapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must be configured since setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " is set to TESTUSER";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
}
} else {
lookupDN = configuredNewUserPasswordDN;
}
if (lookupDN.isEmpty()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "user ldap dn in setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE) + " can not be resolved"));
} else {
try {
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(defaultLdapProfile.getIdentifier());
final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(lookupDN);
final UserIdentity userIdentity = new UserIdentity(lookupDN, defaultLdapProfile.getIdentifier());
thePolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, chaiUser, userLocale);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
}
newUserPasswordPolicyCache.put(userLocale, thePolicy);
return thePolicy;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Configuration(password.pwm.config.Configuration)
StoredConfiguration(password.pwm.config.stored.StoredConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Aggregations
UserIdentity (password.pwm.bean.UserIdentity)101
ErrorInformation (password.pwm.error.ErrorInformation)62
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)48
PwmOperationalException (password.pwm.error.PwmOperationalException)45
ChaiUser (com.novell.ldapchai.ChaiUser)30
PwmApplication (password.pwm.PwmApplication)27
Map (java.util.Map)21
PwmSession (password.pwm.http.PwmSession)20
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)19
PwmException (password.pwm.error.PwmException)18
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
LinkedHashMap (java.util.LinkedHashMap)17
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)17
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)16
Instant (java.time.Instant)16
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16
ArrayList (java.util.ArrayList)15
UserInfo (password.pwm.ldap.UserInfo)15
RestResultBean (password.pwm.ws.server.RestResultBean)15
