Search in sources :

Example 6 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class IdleTimeoutCalculator method idleTimeoutForRequest.

public static TimeDuration idleTimeoutForRequest(final PwmURL pwmURL, final PwmApplication pwmApplication, final PwmSession pwmSession) throws PwmUnrecoverableException {
    if (pwmURL.isResourceURL()) {
        return figureMaxSessionTimeout(pwmApplication, pwmSession).getIdleTimeout();
    }
    final Configuration config = pwmApplication.getConfig();
    if (pwmURL.isPwmServletURL(PwmServletDefinition.Helpdesk)) {
        if (config.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE)) {
            final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
            if (helpdeskProfile != null) {
                final long helpdeskIdleTimeout = helpdeskProfile.readSettingAsLong(PwmSetting.HELPDESK_IDLE_TIMEOUT_SECONDS);
                if (helpdeskIdleTimeout > 0) {
                    return new TimeDuration(helpdeskIdleTimeout, TimeUnit.SECONDS);
                }
            }
        }
    }
    if ((pwmURL.isPwmServletURL(PwmServletDefinition.PrivatePeopleSearch) || pwmURL.isPwmServletURL(PwmServletDefinition.PublicPeopleSearch)) && pwmURL.isPrivateUrl()) {
        if (config.readSettingAsBoolean(PwmSetting.PEOPLE_SEARCH_ENABLE)) {
            final long peopleSearchIdleTimeout = config.readSettingAsLong(PwmSetting.PEOPLE_SEARCH_IDLE_TIMEOUT_SECONDS);
            if (peopleSearchIdleTimeout > 0) {
                return new TimeDuration(peopleSearchIdleTimeout, TimeUnit.SECONDS);
            }
        }
    }
    if (pwmURL.isPwmServletURL(PwmServletDefinition.ConfigEditor)) {
        try {
            if (pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.PWMADMIN)) {
                final long configEditorIdleTimeout = Long.parseLong(config.readAppProperty(AppProperty.CONFIG_EDITOR_IDLE_TIMEOUT));
                if (configEditorIdleTimeout > 0) {
                    return new TimeDuration(configEditorIdleTimeout, TimeUnit.SECONDS);
                }
            }
        } catch (PwmUnrecoverableException e) {
            LOGGER.error(pwmSession, "error while figuring max idle timeout for session: " + e.getMessage());
        }
    }
    if (pwmURL.isPwmServletURL(PwmServletDefinition.ConfigGuide)) {
        if (pwmApplication.getApplicationMode() == PwmApplicationMode.NEW) {
            final long configGuideIdleTimeout = Long.parseLong(config.readAppProperty(AppProperty.CONFIG_GUIDE_IDLE_TIMEOUT));
            if (configGuideIdleTimeout > 0) {
                return new TimeDuration(configGuideIdleTimeout, TimeUnit.SECONDS);
            }
        }
    }
    final long idleTimeout = config.readSettingAsLong(PwmSetting.IDLE_TIMEOUT_SECONDS);
    return new TimeDuration(idleTimeout, TimeUnit.SECONDS);
}
Also used : Configuration(password.pwm.config.Configuration) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) TimeDuration(password.pwm.util.java.TimeDuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 7 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class RequestInitializationFilter method addStaticResponseHeaders.

public static void addStaticResponseHeaders(final PwmApplication pwmApplication, final HttpServletResponse resp) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final String serverHeader = config.readAppProperty(AppProperty.HTTP_HEADER_SERVER);
    final boolean includeXInstance = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XINSTANCE));
    final boolean includeXVersion = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XVERSION));
    final boolean includeXContentTypeOptions = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XCONTENTTYPEOPTIONS));
    final boolean includeXXSSProtection = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XXSSPROTECTION));
    final boolean includeXFrameDeny = config.readSettingAsBoolean(PwmSetting.SECURITY_PREVENT_FRAMING);
    final boolean includeXAmb = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XAMB));
    {
        final String noiseHeader = makeNoiseHeader(config);
        if (noiseHeader != null) {
            resp.setHeader(HttpHeader.XNoise.getHttpName(), noiseHeader);
        }
    }
    if (includeXVersion) {
        resp.setHeader(HttpHeader.XVersion.getHttpName(), PwmConstants.SERVLET_VERSION);
    }
    if (includeXContentTypeOptions) {
        resp.setHeader(HttpHeader.XContentTypeOptions.getHttpName(), "nosniff");
    }
    if (includeXXSSProtection) {
        resp.setHeader(HttpHeader.XXSSProtection.getHttpName(), "1");
    }
    if (includeXInstance) {
        resp.setHeader(HttpHeader.XInstance.getHttpName(), String.valueOf(pwmApplication.getInstanceID()));
    }
    if (serverHeader != null && !serverHeader.isEmpty()) {
        final String value = MacroMachine.forNonUserSpecific(pwmApplication, null).expandMacros(serverHeader);
        resp.setHeader(HttpHeader.Server.getHttpName(), value);
    }
    if (includeXFrameDeny) {
        resp.setHeader(HttpHeader.XFrameOptions.getHttpName(), "DENY");
    }
    if (includeXAmb) {
        resp.setHeader(HttpHeader.XAmb.getHttpName(), PwmConstants.X_AMB_HEADER.get(PwmRandom.getInstance().nextInt(PwmConstants.X_AMB_HEADER.size())));
    }
    resp.setHeader(HttpHeader.Cache_Control.getHttpName(), "no-cache, no-store, must-revalidate, proxy-revalidate");
}
Also used : Configuration(password.pwm.config.Configuration)

Example 8 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ConfigurationChecker method doHealthCheck.

public List<HealthRecord> doHealthCheck(final PwmApplication pwmApplication) {
    if (pwmApplication.getConfig() == null) {
        return Collections.emptyList();
    }
    final Configuration config = pwmApplication.getConfig();
    final List<HealthRecord> records = new ArrayList<>();
    if (pwmApplication.getApplicationMode() == PwmApplicationMode.CONFIGURATION) {
        records.add(HealthRecord.forMessage(HealthMessage.Config_ConfigMode));
    }
    if (config.readSettingAsBoolean(PwmSetting.NEWUSER_ENABLE)) {
        for (final NewUserProfile newUserProfile : config.getNewUserProfiles().values()) {
            try {
                newUserProfile.getNewUserPasswordPolicy(pwmApplication, PwmConstants.DEFAULT_LOCALE);
            } catch (PwmUnrecoverableException e) {
                records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.Configuration, e.getMessage()));
            }
        }
    }
    records.addAll(doHealthCheck(config, PwmConstants.DEFAULT_LOCALE));
    return records;
}
Also used : Configuration(password.pwm.config.Configuration) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) NewUserProfile(password.pwm.config.profile.NewUserProfile)

Example 9 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class UserInfoReader method isRequiresUpdateProfile.

@Override
public boolean isRequiresUpdateProfile() throws PwmUnrecoverableException {
    final Configuration configuration = pwmApplication.getConfig();
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_ENABLE)) {
        LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile module is not enabled");
        return false;
    }
    UpdateProfileProfile updateProfileProfile = null;
    final Map<ProfileType, String> profileIDs = selfCachedReference.getProfileIDs();
    if (profileIDs.containsKey(ProfileType.UpdateAttributes)) {
        updateProfileProfile = configuration.getUpdateAttributesProfile().get(profileIDs.get(ProfileType.UpdateAttributes));
    }
    if (updateProfileProfile == null) {
        return false;
    }
    if (!updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_FORCE_SETUP)) {
        LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile force setup is not enabled");
        return false;
    }
    final List<FormConfiguration> updateFormFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
    try {
        final Map<FormConfiguration, List<String>> valueMap = FormUtility.populateFormMapFromLdap(updateFormFields, sessionLabel, selfCachedReference, FormUtility.Flag.ReturnEmptyValues);
        final Map<FormConfiguration, String> singleValueMap = FormUtility.multiValueMapToSingleValue(valueMap);
        FormUtility.validateFormValues(configuration, singleValueMap, locale);
        LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " has value for attributes, update profile will not be required");
        return false;
    } catch (PwmDataValidationException e) {
        LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " does not have good attributes (" + e.getMessage() + "), update profile will be required");
        return true;
    } catch (PwmUnrecoverableException e) {
        e.printStackTrace();
    }
    return false;
}
Also used : PwmDataValidationException(password.pwm.error.PwmDataValidationException) ProfileType(password.pwm.config.profile.ProfileType) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration) UpdateProfileProfile(password.pwm.config.profile.UpdateProfileProfile) FormConfiguration(password.pwm.config.value.data.FormConfiguration) List(java.util.List) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 10 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class UserInfoReader method getPasswordStatus.

@Override
public PasswordStatus getPasswordStatus() throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final PasswordStatus.PasswordStatusBuilder passwordStatusBuilder = PasswordStatus.builder();
    final String userDN = chaiUser.getEntryDN();
    final PwmPasswordPolicy passwordPolicy = selfCachedReference.getPasswordPolicy();
    final long startTime = System.currentTimeMillis();
    LOGGER.trace(sessionLabel, "beginning password status check process for " + userDN);
    // check if password meets existing policy.
    if (passwordPolicy.getRuleHelper().readBooleanValue(PwmPasswordRule.EnforceAtLogin)) {
        if (currentPassword != null) {
            try {
                final PwmPasswordRuleValidator passwordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
                passwordRuleValidator.testPassword(currentPassword, null, selfCachedReference, chaiUser);
            } catch (PwmDataValidationException | PwmUnrecoverableException e) {
                LOGGER.debug(sessionLabel, "user " + userDN + " password does not conform to current password policy (" + e.getMessage() + "), marking as requiring change.");
                passwordStatusBuilder.violatesPolicy(true);
            } catch (ChaiUnavailableException e) {
                throw PwmUnrecoverableException.fromChaiException(e);
            }
        }
    }
    boolean ldapPasswordExpired = false;
    try {
        ldapPasswordExpired = chaiUser.isPasswordExpired();
        if (ldapPasswordExpired) {
            LOGGER.trace(sessionLabel, "password for " + userDN + " appears to be expired");
        } else {
            LOGGER.trace(sessionLabel, "password for " + userDN + " does not appear to be expired");
        }
    } catch (ChaiOperationException e) {
        LOGGER.info(sessionLabel, "error reading LDAP attributes for " + userDN + " while reading isPasswordExpired(): " + e.getMessage());
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    final Instant ldapPasswordExpirationTime = selfCachedReference.getPasswordExpirationTime();
    boolean preExpired = false;
    if (ldapPasswordExpirationTime != null) {
        final TimeDuration expirationInterval = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
        LOGGER.trace(sessionLabel, "read password expiration time: " + JavaHelper.toIsoDate(ldapPasswordExpirationTime) + ", " + expirationInterval.asCompactString() + " from now");
        final TimeDuration diff = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
        // now check to see if the user's expire time is within the 'preExpireTime' setting.
        final long preExpireMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_PRE_TIME) * 1000;
        if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preExpireMs) {
            LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as pre-expired");
            preExpired = true;
        } else if (ldapPasswordExpired) {
            preExpired = true;
            LOGGER.debug(sessionLabel, "user " + userDN + " password is expired, marking as pre-expired.");
        }
        // now check to see if the user's expire time is within the 'preWarnTime' setting.
        final long preWarnMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_WARN_TIME) * 1000;
        // don't check if the 'preWarnTime' setting is zero or less than the expirePreTime
        if (!ldapPasswordExpired && !preExpired) {
            if (!(preWarnMs == 0 || preWarnMs < preExpireMs)) {
                if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preWarnMs) {
                    LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as within warn period");
                    passwordStatusBuilder.warnPeriod(true);
                }
            }
        }
        passwordStatusBuilder.preExpired(preExpired);
    }
    LOGGER.debug(sessionLabel, "completed user password status check for " + userDN + " " + passwordStatusBuilder + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
    passwordStatusBuilder.expired(ldapPasswordExpired);
    return passwordStatusBuilder.build();
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator) PwmDataValidationException(password.pwm.error.PwmDataValidationException) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PasswordStatus(password.pwm.bean.PasswordStatus) TimeDuration(password.pwm.util.java.TimeDuration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Aggregations

Configuration (password.pwm.config.Configuration)111 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)45 FormConfiguration (password.pwm.config.value.data.FormConfiguration)37 PwmApplication (password.pwm.PwmApplication)33 ErrorInformation (password.pwm.error.ErrorInformation)33 PwmOperationalException (password.pwm.error.PwmOperationalException)25 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)23 Locale (java.util.Locale)22 PwmSession (password.pwm.http.PwmSession)21 PwmException (password.pwm.error.PwmException)17 EmailItemBean (password.pwm.bean.EmailItemBean)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 UserInfo (password.pwm.ldap.UserInfo)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)14 IOException (java.io.IOException)14 ArrayList (java.util.ArrayList)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 LinkedHashMap (java.util.LinkedHashMap)12 Instant (java.time.Instant)11 UserIdentity (password.pwm.bean.UserIdentity)10