use of password.pwm.config.Configuration in project pwm by pwm-project.
the class CrService method checkIfResponseConfigNeeded.
public boolean checkIfResponseConfigNeeded(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final ChallengeSet challengeSet, final ResponseInfoBean responseInfoBean) throws ChaiUnavailableException, PwmUnrecoverableException {
LOGGER.trace(pwmSession, "beginning check to determine if responses need to be configured for user");
final Configuration config = pwmApplication.getConfig();
if (!config.readSettingAsBoolean(PwmSetting.CHALLENGE_ENABLE)) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: response setup is disabled, so user is not required to setup responses");
return false;
}
if (!config.readSettingAsBoolean(PwmSetting.CHALLENGE_FORCE_SETUP)) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: force response setup is disabled, so user is not required to setup responses");
return false;
}
if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, config.readSettingAsUserPermission(PwmSetting.QUERY_MATCH_SETUP_RESPONSE))) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " does not have permission to setup responses");
return false;
}
if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, config.readSettingAsUserPermission(PwmSetting.QUERY_MATCH_CHECK_RESPONSES))) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " is not eligible for checkIfResponseConfigNeeded due to query match");
return false;
}
// check to be sure there are actually challenges in the challenge set
if (challengeSet == null || challengeSet.getChallenges().isEmpty()) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: no challenge sets configured for user " + userIdentity);
return false;
}
// ignore NMAS based CR set if so configured
if (responseInfoBean != null && (responseInfoBean.getDataStorageMethod() == DataStorageMethod.NMAS)) {
final boolean ignoreNmasCr = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.NMAS_IGNORE_NMASCR_DURING_FORCECHECK));
if (ignoreNmasCr) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: app property " + AppProperty.NMAS_IGNORE_NMASCR_DURING_FORCECHECK.getKey() + "=true and user's responses are in " + responseInfoBean.getDataStorageMethod() + " format, so forcing setup of new responses.");
return true;
}
}
try {
// check if responses exist
if (responseInfoBean == null) {
throw new Exception("no responses configured");
}
// check if responses meet the challenge set policy for the user
// usersResponses.meetsChallengeSetRequirements(challengeSet);
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " has good responses");
return false;
} catch (Exception e) {
LOGGER.debug(pwmSession, "checkIfResponseConfigNeeded: " + userIdentity + " does not have good responses: " + e.getMessage());
return true;
}
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class CrService method readUserResponseSet.
public ResponseSet readUserResponseSet(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser) throws ChaiUnavailableException, PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
LOGGER.trace(sessionLabel, "beginning read of user response sequence");
final List<DataStorageMethod> readPreferences = config.helper().getCrReadPreference();
final String debugMsg = "will attempt to read the following storage methods: " + JsonUtil.serializeCollection(readPreferences) + " for user " + theUser.getEntryDN();
LOGGER.debug(sessionLabel, debugMsg);
final String userGUID;
if (readPreferences.contains(DataStorageMethod.DB) || readPreferences.contains(DataStorageMethod.LOCALDB)) {
userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
} else {
userGUID = null;
}
for (final DataStorageMethod storageMethod : readPreferences) {
final ResponseSet readResponses;
LOGGER.trace(sessionLabel, "attempting read of responses via storage method: " + storageMethod);
readResponses = operatorMap.get(storageMethod).readResponseSet(theUser, userIdentity, userGUID);
if (readResponses != null) {
LOGGER.debug(sessionLabel, "returning responses read via method " + storageMethod + " for user " + theUser.getEntryDN());
return readResponses;
} else {
LOGGER.trace(sessionLabel, "no responses read using method " + storageMethod);
}
}
LOGGER.debug(sessionLabel, "no responses found for user " + theUser.getEntryDN());
return null;
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class CrService method writeResponses.
public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGUID, final ResponseInfoBean responseInfoBean) throws PwmOperationalException, ChaiUnavailableException, ChaiValidationException {
int attempts = 0;
int successes = 0;
final Map<DataStorageMethod, String> errorMessages = new LinkedHashMap<>();
final Configuration config = pwmApplication.getConfig();
final List<DataStorageMethod> writeMethods = config.helper().getCrWritePreference();
for (final DataStorageMethod loopWriteMethod : writeMethods) {
try {
attempts++;
operatorMap.get(loopWriteMethod).writeResponses(userIdentity, theUser, userGUID, responseInfoBean);
LOGGER.debug("saved responses using storage method " + loopWriteMethod + " for user " + theUser.getEntryDN());
errorMessages.put(loopWriteMethod, "Success");
successes++;
} catch (PwmUnrecoverableException e) {
final String errorMsg = "error saving responses via " + loopWriteMethod + ", error: " + e.getMessage();
errorMessages.put(loopWriteMethod, errorMsg);
LOGGER.error(errorMsg);
}
}
if (attempts == 0) {
final String errorMsg = "no response save methods are available or configured";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
throw new PwmOperationalException(errorInfo);
}
if (attempts != successes) {
final String errorMsg = "response storage only partially successful; attempts=" + attempts + ", successes=" + successes + ", detail=" + JsonUtil.serializeMap(errorMessages);
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
throw new PwmOperationalException(errorInfo);
}
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class PasswordUtility method sendNewPasswordEmail.
private static ErrorInformation sendNewPasswordEmail(final UserInfo userInfo, final PwmApplication pwmApplication, final MacroMachine macroMachine, final PasswordData newPassword, final String toAddress, final Locale userLocale) throws PwmOperationalException, PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final EmailItemBean configuredEmailSetting = config.readSettingAsEmail(PwmSetting.EMAIL_SENDPASSWORD, userLocale);
if (configuredEmailSetting == null) {
final String errorMsg = "send password email contents are not configured";
return new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
}
final EmailItemBean emailItemBean = new EmailItemBean(configuredEmailSetting.getTo(), configuredEmailSetting.getFrom(), configuredEmailSetting.getSubject(), configuredEmailSetting.getBodyPlain().replace("%TOKEN%", newPassword.getStringValue()), configuredEmailSetting.getBodyHtml().replace("%TOKEN%", newPassword.getStringValue()));
pwmApplication.getEmailQueue().submitEmail(emailItemBean, userInfo, macroMachine);
LOGGER.debug("new password email to " + userInfo.getUserIdentity() + " added to send queue for " + toAddress);
return null;
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class PasswordUtility method sendNewPasswordSms.
private static ErrorInformation sendNewPasswordSms(final UserInfo userInfo, final PwmApplication pwmApplication, final MacroMachine macroMachine, final PasswordData newPassword, final String toNumber, final Locale userLocale) throws PwmOperationalException, PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
String message = config.readSettingAsLocalizedString(PwmSetting.SMS_CHALLENGE_NEW_PASSWORD_TEXT, userLocale);
if (toNumber == null || toNumber.length() < 1) {
final String errorMsg = String.format("unable to send new password email for '%s'; no SMS number available in ldap", userInfo.getUserIdentity());
return new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
}
message = message.replace("%TOKEN%", newPassword.getStringValue());
pwmApplication.sendSmsUsingQueue(toNumber, message, null, macroMachine);
LOGGER.debug(String.format("password SMS added to send queue for %s", toNumber));
return null;
}
Aggregations