Examples with Configuration password.pwm.config.Configuration used on opensource projects

Example 91 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class RequestInitializationFilter method addPwmResponseHeaders.

public static void addPwmResponseHeaders(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    if (pwmRequest == null) {
        return;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final PwmResponse resp = pwmRequest.getPwmResponse();
    if (resp.isCommitted()) {
        return;
    }
    final boolean includeXSessionID = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XSESSIONID));
    if (includeXSessionID && pwmSession != null) {
        resp.setHeader(HttpHeader.XSessionID, pwmSession.getSessionStateBean().getSessionID());
    }
    final boolean includeContentLanguage = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_CONTENT_LANGUAGE));
    if (includeContentLanguage) {
        resp.setHeader(HttpHeader.Content_Language, pwmRequest.getLocale().toLanguageTag());
    }
    addStaticResponseHeaders(pwmApplication, resp.getHttpServletResponse());
    if (pwmSession != null) {
        final String contentPolicy;
        if (pwmRequest.getURL().isConfigGuideURL() || pwmRequest.getURL().isConfigManagerURL()) {
            contentPolicy = config.readAppProperty(AppProperty.SECURITY_HTTP_CONFIG_CSP_HEADER);
        } else {
            contentPolicy = config.readSettingAsString(PwmSetting.SECURITY_CSP_HEADER);
        }
        if (contentPolicy != null && !contentPolicy.isEmpty()) {
            final String nonce = pwmRequest.getCspNonce();
            final String expandedPolicy = contentPolicy.replace("%NONCE%", nonce);
            resp.setHeader(HttpHeader.ContentSecurityPolicy, expandedPolicy);
        }
    }
}

Example 92 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ConfigGuideServlet method restLdapHealth.

@ActionHandler(action = "ldapHealth")
private ProcessStatus restLdapHealth(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
    final ConfigGuideBean configGuideBean = getBean(pwmRequest);
    final StoredConfigurationImpl storedConfigurationImpl = ConfigGuideForm.generateStoredConfig(configGuideBean);
    final Configuration tempConfiguration = new Configuration(storedConfigurationImpl);
    final PwmApplication tempApplication = new PwmApplication(pwmRequest.getPwmApplication().getPwmEnvironment().makeRuntimeInstance(tempConfiguration));
    final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
    final List<HealthRecord> records = new ArrayList<>();
    final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
    switch(configGuideBean.getStep()) {
        case LDAP_SERVER:
            {
                try {
                    ConfigGuideUtils.checkLdapServer(configGuideBean);
                    records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
                } catch (Exception e) {
                    records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Can not connect to remote server: " + e.getMessage()));
                }
            }
            break;
        case LDAP_PROXY:
            {
                records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, false));
                if (records.isEmpty()) {
                    records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
                }
            }
            break;
        case LDAP_CONTEXT:
            {
                records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, true));
                if (records.isEmpty()) {
                    records.add(new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
                }
            }
            break;
        case LDAP_ADMINS:
            {
                try {
                    final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
                    final Collection<UserIdentity> results = userMatchViewerFunction.discoverMatchingUsers(pwmRequest.getPwmApplication(), 2, storedConfigurationImpl, PwmSetting.QUERY_MATCH_PWM_ADMIN, null);
                    if (results.isEmpty()) {
                        records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
                    } else {
                        records.add(new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
                    }
                } catch (PwmException e) {
                    records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getErrorInformation().toDebugStr()));
                } catch (Exception e) {
                    records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getMessage()));
                }
            }
            break;
        case LDAP_TESTUSER:
            {
                final String testUserValue = configGuideBean.getFormData().get(ConfigGuideFormField.PARAM_LDAP_TEST_USER);
                if (testUserValue != null && !testUserValue.isEmpty()) {
                    records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, false));
                    records.addAll(ldapStatusChecker.doLdapTestUserCheck(tempConfiguration, ldapProfile, tempApplication));
                } else {
                    records.add(new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
                }
            }
            break;
        case DATABASE:
            {
                records.addAll(DatabaseStatusChecker.checkNewDatabaseStatus(pwmRequest.getPwmApplication(), tempConfiguration));
            }
            break;
        default:
            JavaHelper.unhandledSwitchStatement(configGuideBean.getStep());
    }
    final HealthData jsonOutput = new HealthData();
    jsonOutput.records = password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(records, pwmRequest.getLocale(), tempConfiguration);
    jsonOutput.timestamp = Instant.now();
    jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
    final RestResultBean restResultBean = RestResultBean.withData(jsonOutput);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}

Example 93 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ConfigManagerLocalDBServlet method restUploadLocalDB.

void restUploadLocalDB(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final HttpServletRequest req = pwmRequest.getHttpServletRequest();
    if (pwmApplication.getApplicationMode() == PwmApplicationMode.RUNNING) {
        final String errorMsg = "database upload is not permitted when in running mode";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, errorMsg, new String[] { errorMsg });
        pwmRequest.respondWithError(errorInformation, true);
        return;
    }
    if (!ServletFileUpload.isMultipartContent(req)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "no file found in upload");
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
        LOGGER.error(pwmRequest, "error during database import: " + errorInformation.toDebugStr());
        return;
    }
    final InputStream inputStream = pwmRequest.readFileUploadStream(PwmConstants.PARAM_FILE_UPLOAD);
    final ContextManager contextManager = ContextManager.getContextManager(pwmRequest);
    LocalDB localDB = null;
    try {
        final File localDBLocation = pwmApplication.getLocalDB().getFileLocation();
        final Configuration configuration = pwmApplication.getConfig();
        contextManager.shutdown();
        localDB = LocalDBFactory.getInstance(localDBLocation, false, null, configuration);
        final LocalDBUtility localDBUtility = new LocalDBUtility(localDB);
        LOGGER.info(pwmRequest, "beginning LocalDB import");
        localDBUtility.importLocalDB(inputStream, LOGGER.asAppendable(PwmLogLevel.DEBUG, pwmRequest.getSessionLabel()));
        LOGGER.info(pwmRequest, "completed LocalDB import");
    } catch (Exception e) {
        final ErrorInformation errorInformation = e instanceof PwmException ? ((PwmException) e).getErrorInformation() : new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
        LOGGER.error(pwmRequest, "error during LocalDB import: " + errorInformation.toDebugStr());
        return;
    } finally {
        if (localDB != null) {
            try {
                localDB.close();
            } catch (Exception e) {
                LOGGER.error(pwmRequest, "error closing LocalDB after import process: " + e.getMessage());
            }
        }
        contextManager.initialize();
    }
    pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown));
}

Example 94 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ForgottenPasswordServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (!config.readSettingAsBoolean(PwmSetting.FORGOTTEN_PASSWORD_ENABLE)) {
        pwmRequest.respondWithError(PwmError.ERROR_SERVICE_NOT_AVAILABLE.toInfo());
        return ProcessStatus.Halt;
    }
    if (pwmSession.isAuthenticated()) {
        pwmRequest.respondWithError(PwmError.ERROR_USERAUTHENTICATED.toInfo());
        return ProcessStatus.Halt;
    }
    if (forgottenPasswordBean.getUserIdentity() != null) {
        pwmApplication.getIntruderManager().convenience().checkUserIdentity(forgottenPasswordBean.getUserIdentity());
    }
    checkForLocaleSwitch(pwmRequest, forgottenPasswordBean);
    final ProcessAction action = this.readProcessAction(pwmRequest);
    // convert a url command like /public/newuser/12321321 to redirect with a process action.
    if (action == null) {
        if (pwmRequest.convertURLtokenCommand(PwmServletDefinition.ForgottenPassword, ForgottenPasswordAction.enterCode)) {
            return ProcessStatus.Halt;
        }
    }
    return ProcessStatus.Continue;
}

Example 95 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ForgottenPasswordServlet method nextStep.

@Override
@SuppressWarnings("checkstyle:MethodLength")
protected void nextStep(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
    final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
    // check for identified user;
    if (forgottenPasswordBean.getUserIdentity() == null && !forgottenPasswordBean.isBogusUser()) {
        pwmRequest.addFormInfoToRequestAttr(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM, false, false);
        pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_SEARCH);
        return;
    }
    final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    {
        final Map<String, ForgottenPasswordProfile> profileIDList = pwmRequest.getConfig().getForgottenPasswordProfiles();
        final String profileDebugMsg = forgottenPasswordProfile != null && profileIDList != null && profileIDList.size() > 1 ? " profile=" + forgottenPasswordProfile.getIdentifier() + ", " : "";
        LOGGER.trace(pwmRequest, "entering forgotten password progress engine: " + profileDebugMsg + "flags=" + JsonUtil.serialize(recoveryFlags) + ", " + "progress=" + JsonUtil.serialize(progress));
    }
    if (forgottenPasswordProfile == null) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED));
    }
    // check for previous authentication
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH)) {
        if (!progress.getSatisfiedMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH)) {
            final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
            final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, true);
            if (ForgottenPasswordUtil.checkAuthRecord(pwmRequest, userGuid)) {
                LOGGER.debug(pwmRequest, "marking " + IdentityVerificationMethod.PREVIOUS_AUTH + " method as satisfied");
                progress.getSatisfiedMethods().add(IdentityVerificationMethod.PREVIOUS_AUTH);
            }
        }
    }
    // dispatch required auth methods.
    for (final IdentityVerificationMethod method : recoveryFlags.getRequiredAuthMethods()) {
        if (!progress.getSatisfiedMethods().contains(method)) {
            forwardUserBasedOnRecoveryMethod(pwmRequest, method);
            return;
        }
    }
    // redirect if an verification method is in progress
    if (progress.getInProgressVerificationMethod() != null) {
        if (progress.getSatisfiedMethods().contains(progress.getInProgressVerificationMethod())) {
            progress.setInProgressVerificationMethod(null);
        } else {
            pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOptionalPageView, "true");
            forwardUserBasedOnRecoveryMethod(pwmRequest, progress.getInProgressVerificationMethod());
            return;
        }
    }
    // check if more optional methods required
    if (recoveryFlags.getMinimumOptionalAuthMethods() > 0) {
        final Set<IdentityVerificationMethod> satisfiedOptionalMethods = ForgottenPasswordUtil.figureSatisfiedOptionalAuthMethods(recoveryFlags, progress);
        if (satisfiedOptionalMethods.size() < recoveryFlags.getMinimumOptionalAuthMethods()) {
            final Set<IdentityVerificationMethod> remainingAvailableOptionalMethods = ForgottenPasswordUtil.figureRemainingAvailableOptionalAuthMethods(pwmRequest, forgottenPasswordBean);
            if (remainingAvailableOptionalMethods.isEmpty()) {
                final String errorMsg = "additional optional verification methods are needed, however all available optional verification methods have been satisfied by user";
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
                LOGGER.error(pwmRequest, errorInformation);
                pwmRequest.respondWithError(errorInformation);
                return;
            } else {
                if (remainingAvailableOptionalMethods.size() == 1) {
                    final IdentityVerificationMethod remainingMethod = remainingAvailableOptionalMethods.iterator().next();
                    LOGGER.debug(pwmRequest, "only 1 remaining available optional verification method, will redirect to " + remainingMethod.toString());
                    forwardUserBasedOnRecoveryMethod(pwmRequest, remainingMethod);
                    progress.setInProgressVerificationMethod(remainingMethod);
                    return;
                }
            }
            processVerificationChoice(pwmRequest);
            return;
        }
    }
    if (progress.getSatisfiedMethods().isEmpty()) {
        final String errorMsg = "forgotten password recovery sequence completed, but user has not actually satisfied any verification methods";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
        LOGGER.error(pwmRequest, errorInformation);
        clearForgottenPasswordBean(pwmRequest);
        throw new PwmUnrecoverableException(errorInformation);
    }
    {
        final int satisfiedMethods = progress.getSatisfiedMethods().size();
        final int totalMethodsNeeded = recoveryFlags.getRequiredAuthMethods().size() + recoveryFlags.getMinimumOptionalAuthMethods();
        if (satisfiedMethods < totalMethodsNeeded) {
            final String errorMsg = "forgotten password recovery sequence completed " + satisfiedMethods + " methods, " + " but policy requires a total of " + totalMethodsNeeded + " methods";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
            LOGGER.error(pwmRequest, errorInformation);
            clearForgottenPasswordBean(pwmRequest);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        forgottenPasswordBean.getProgress().setAllPassed(true);
        StatisticsManager.incrementStat(pwmRequest, Statistic.RECOVERY_SUCCESSES);
    }
    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
    if (userInfo == null) {
        throw PwmUnrecoverableException.newException(PwmError.ERROR_UNKNOWN, "unable to load userInfo while processing forgotten password controller");
    }
    // check if user's pw is within min lifetime window
    final RecoveryMinLifetimeOption minLifetimeOption = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
    if (minLifetimeOption == RecoveryMinLifetimeOption.NONE || (!userInfo.isPasswordLocked() && minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY)) {
        if (userInfo.isWithinPasswordMinimumLifetime()) {
            PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
        }
    }
    final boolean disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY && userInfo.isPasswordLocked();
    LOGGER.trace(pwmRequest, "all recovery checks passed, proceeding to configured recovery action");
    final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(config, forgottenPasswordBean);
    if (recoveryAction == RecoveryAction.SENDNEWPW || recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
        if (disallowAllButUnlock) {
            PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
        }
        ForgottenPasswordUtil.doActionSendNewPassword(pwmRequest);
        return;
    }
    if (forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.RECOVERY_ALLOW_UNLOCK)) {
        final PasswordStatus passwordStatus = userInfo.getPasswordStatus();
        if (!passwordStatus.isExpired() && !passwordStatus.isPreExpired()) {
            if (userInfo.isPasswordLocked()) {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordInhibitPasswordReset, Boolean.TRUE);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ACTION_CHOICE);
                return;
            }
        }
    }
    this.executeResetPassword(pwmRequest);
}