Search in sources :

Example 16 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class CrService method checkIfResponseConfigNeeded.

public boolean checkIfResponseConfigNeeded(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final ChallengeSet challengeSet, final ResponseInfoBean responseInfoBean) throws ChaiUnavailableException, PwmUnrecoverableException {
    LOGGER.trace(pwmSession, "beginning check to determine if responses need to be configured for user");
    final Configuration config = pwmApplication.getConfig();
    if (!config.readSettingAsBoolean(PwmSetting.CHALLENGE_ENABLE)) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: response setup is disabled, so user is not required to setup responses");
        return false;
    }
    if (!config.readSettingAsBoolean(PwmSetting.CHALLENGE_FORCE_SETUP)) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: force response setup is disabled, so user is not required to setup responses");
        return false;
    }
    if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, config.readSettingAsUserPermission(PwmSetting.QUERY_MATCH_SETUP_RESPONSE))) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " does not have permission to setup responses");
        return false;
    }
    if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, config.readSettingAsUserPermission(PwmSetting.QUERY_MATCH_CHECK_RESPONSES))) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " is not eligible for checkIfResponseConfigNeeded due to query match");
        return false;
    }
    // check to be sure there are actually challenges in the challenge set
    if (challengeSet == null || challengeSet.getChallenges().isEmpty()) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: no challenge sets configured for user " + userIdentity);
        return false;
    }
    // ignore NMAS based CR set if so configured
    if (responseInfoBean != null && (responseInfoBean.getDataStorageMethod() == DataStorageMethod.NMAS)) {
        final boolean ignoreNmasCr = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.NMAS_IGNORE_NMASCR_DURING_FORCECHECK));
        if (ignoreNmasCr) {
            LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: app property " + AppProperty.NMAS_IGNORE_NMASCR_DURING_FORCECHECK.getKey() + "=true and user's responses are in " + responseInfoBean.getDataStorageMethod() + " format, so forcing setup of new responses.");
            return true;
        }
    }
    try {
        // check if responses exist
        if (responseInfoBean == null) {
            throw new Exception("no responses configured");
        }
        // check if responses meet the challenge set policy for the user
        // usersResponses.meetsChallengeSetRequirements(challengeSet);
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " has good responses");
        return false;
    } catch (Exception e) {
        LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " does not have good responses: " + e.getMessage());
        return true;
    }
}
Also used : Configuration(password.pwm.config.Configuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) PwmException(password.pwm.error.PwmException)

Example 17 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class CrService method readUserResponseSet.

public ResponseSet readUserResponseSet(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser) throws ChaiUnavailableException, PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    LOGGER.trace(sessionLabel, "beginning read of user response sequence");
    final List<DataStorageMethod> readPreferences = config.helper().getCrReadPreference();
    final String debugMsg = "will attempt to read the following storage methods: " + JsonUtil.serializeCollection(readPreferences) + " for user " + theUser.getEntryDN();
    LOGGER.debug(sessionLabel, debugMsg);
    final String userGUID;
    if (readPreferences.contains(DataStorageMethod.DB) || readPreferences.contains(DataStorageMethod.LOCALDB)) {
        userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
    } else {
        userGUID = null;
    }
    for (final DataStorageMethod storageMethod : readPreferences) {
        final ResponseSet readResponses;
        LOGGER.trace(sessionLabel, "attempting read of responses via storage method: " + storageMethod);
        readResponses = operatorMap.get(storageMethod).readResponseSet(theUser, userIdentity, userGUID);
        if (readResponses != null) {
            LOGGER.debug(sessionLabel, "returning responses read via method " + storageMethod + " for user " + theUser.getEntryDN());
            return readResponses;
        } else {
            LOGGER.trace(sessionLabel, "no responses read using method " + storageMethod);
        }
    }
    LOGGER.debug(sessionLabel, "no responses found for user " + theUser.getEntryDN());
    return null;
}
Also used : Configuration(password.pwm.config.Configuration) ResponseSet(com.novell.ldapchai.cr.ResponseSet) DataStorageMethod(password.pwm.config.option.DataStorageMethod)

Example 18 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class CrService method writeResponses.

public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGUID, final ResponseInfoBean responseInfoBean) throws PwmOperationalException, ChaiUnavailableException, ChaiValidationException {
    int attempts = 0;
    int successes = 0;
    final Map<DataStorageMethod, String> errorMessages = new LinkedHashMap<>();
    final Configuration config = pwmApplication.getConfig();
    final List<DataStorageMethod> writeMethods = config.helper().getCrWritePreference();
    for (final DataStorageMethod loopWriteMethod : writeMethods) {
        try {
            attempts++;
            operatorMap.get(loopWriteMethod).writeResponses(userIdentity, theUser, userGUID, responseInfoBean);
            LOGGER.debug("saved responses using storage method " + loopWriteMethod + " for user " + theUser.getEntryDN());
            errorMessages.put(loopWriteMethod, "Success");
            successes++;
        } catch (PwmUnrecoverableException e) {
            final String errorMsg = "error saving responses via " + loopWriteMethod + ", error: " + e.getMessage();
            errorMessages.put(loopWriteMethod, errorMsg);
            LOGGER.error(errorMsg);
        }
    }
    if (attempts == 0) {
        final String errorMsg = "no response save methods are available or configured";
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        throw new PwmOperationalException(errorInfo);
    }
    if (attempts != successes) {
        final String errorMsg = "response storage only partially successful; attempts=" + attempts + ", successes=" + successes + ", detail=" + JsonUtil.serializeMap(errorMessages);
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        throw new PwmOperationalException(errorInfo);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) DataStorageMethod(password.pwm.config.option.DataStorageMethod) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LinkedHashMap(java.util.LinkedHashMap) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 19 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class PasswordUtility method sendNewPasswordEmail.

private static ErrorInformation sendNewPasswordEmail(final UserInfo userInfo, final PwmApplication pwmApplication, final MacroMachine macroMachine, final PasswordData newPassword, final String toAddress, final Locale userLocale) throws PwmOperationalException, PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final EmailItemBean configuredEmailSetting = config.readSettingAsEmail(PwmSetting.EMAIL_SENDPASSWORD, userLocale);
    if (configuredEmailSetting == null) {
        final String errorMsg = "send password email contents are not configured";
        return new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
    }
    final EmailItemBean emailItemBean = new EmailItemBean(configuredEmailSetting.getTo(), configuredEmailSetting.getFrom(), configuredEmailSetting.getSubject(), configuredEmailSetting.getBodyPlain().replace("%TOKEN%", newPassword.getStringValue()), configuredEmailSetting.getBodyHtml().replace("%TOKEN%", newPassword.getStringValue()));
    pwmApplication.getEmailQueue().submitEmail(emailItemBean, userInfo, macroMachine);
    LOGGER.debug("new password email to " + userInfo.getUserIdentity() + " added to send queue for " + toAddress);
    return null;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) EmailItemBean(password.pwm.bean.EmailItemBean)

Example 20 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class PasswordUtility method sendNewPasswordSms.

private static ErrorInformation sendNewPasswordSms(final UserInfo userInfo, final PwmApplication pwmApplication, final MacroMachine macroMachine, final PasswordData newPassword, final String toNumber, final Locale userLocale) throws PwmOperationalException, PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    String message = config.readSettingAsLocalizedString(PwmSetting.SMS_CHALLENGE_NEW_PASSWORD_TEXT, userLocale);
    if (toNumber == null || toNumber.length() < 1) {
        final String errorMsg = String.format("unable to send new password email for '%s'; no SMS number available in ldap", userInfo.getUserIdentity());
        return new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
    }
    message = message.replace("%TOKEN%", newPassword.getStringValue());
    pwmApplication.sendSmsUsingQueue(toNumber, message, null, macroMachine);
    LOGGER.debug(String.format("password SMS added to send queue for %s", toNumber));
    return null;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)

Aggregations

Configuration (password.pwm.config.Configuration)111 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)45 FormConfiguration (password.pwm.config.value.data.FormConfiguration)37 PwmApplication (password.pwm.PwmApplication)33 ErrorInformation (password.pwm.error.ErrorInformation)33 PwmOperationalException (password.pwm.error.PwmOperationalException)25 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)23 Locale (java.util.Locale)22 PwmSession (password.pwm.http.PwmSession)21 PwmException (password.pwm.error.PwmException)17 EmailItemBean (password.pwm.bean.EmailItemBean)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 UserInfo (password.pwm.ldap.UserInfo)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)14 IOException (java.io.IOException)14 ArrayList (java.util.ArrayList)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 LinkedHashMap (java.util.LinkedHashMap)12 Instant (java.time.Instant)11 UserIdentity (password.pwm.bean.UserIdentity)10