use of password.pwm.config.Configuration in project pwm by pwm-project.
the class AbstractOtpOperator method composeOtpAttribute.
/**
* Compose a single line of OTP information.
*
* @param otpUserRecord input user record
* @return A string formatted record
*/
public String composeOtpAttribute(final OTPUserRecord otpUserRecord) throws PwmUnrecoverableException {
String value = "";
if (otpUserRecord != null) {
final Configuration config = pwmApplication.getConfig();
final OTPStorageFormat format = config.readSettingAsEnum(PwmSetting.OTP_SECRET_STORAGEFORMAT, OTPStorageFormat.class);
switch(format) {
case PWM:
value = JsonUtil.serialize(otpUserRecord);
break;
case OTPURL:
value = OTPUrlUtil.composeOtpUrl(otpUserRecord);
break;
case BASE32SECRET:
value = otpUserRecord.getSecret();
break;
case PAM:
value = OTPPamUtil.composePamData(otpUserRecord);
break;
default:
final String errorStr = String.format("Unsupported storage format: %s", format.toString());
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorStr);
throw new PwmUnrecoverableException(error);
}
}
return value;
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class DatabaseService method init.
private synchronized void init() {
if (initialized) {
return;
}
final Instant startTime = Instant.now();
status = STATUS.OPENING;
try {
final Configuration config = pwmApplication.getConfig();
this.dbConfiguration = DBConfiguration.fromConfiguration(config);
if (!dbConfiguration.isEnabled()) {
status = PwmService.STATUS.CLOSED;
LOGGER.debug("skipping database connection open, no connection parameters configured");
initialized = true;
return;
}
LOGGER.debug("opening connection to database " + this.dbConfiguration.getConnectionString());
slotIncrementer = new AtomicLoopIntIncrementer(dbConfiguration.getMaxConnections());
{
// make initial connection and establish schema
clearCurrentAccessors();
final Connection connection = openConnection(dbConfiguration);
updateDebugProperties(connection);
LOGGER.debug("established initial connection to " + dbConfiguration.getConnectionString() + ", properties: " + JsonUtil.serializeMap(this.debugInfo));
for (final DatabaseTable table : DatabaseTable.values()) {
DatabaseUtil.initTable(connection, table, dbConfiguration);
}
connection.close();
}
accessors.clear();
{
// set up connection pool
final boolean traceLogging = config.readSettingAsBoolean(PwmSetting.DATABASE_DEBUG_TRACE);
for (int i = 0; i < dbConfiguration.getMaxConnections(); i++) {
final Connection connection = openConnection(dbConfiguration);
final DatabaseAccessorImpl accessor = new DatabaseAccessorImpl(this, this.dbConfiguration, connection, traceLogging);
accessors.put(i, accessor);
}
}
LOGGER.debug("successfully connected to remote database (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
status = STATUS.OPEN;
initialized = true;
} catch (Throwable t) {
final String errorMsg = "exception initializing database service: " + t.getMessage();
LOGGER.warn(errorMsg);
initialized = false;
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_DB_UNAVAILABLE, errorMsg);
lastError = errorInformation;
}
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class LocalDbOtpOperator method writeOtpUserConfiguration.
@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
LOGGER.trace(pwmSession, String.format("Enter: writeOtpUserConfiguration(%s, %s, %s)", theUser, userGUID, otpConfig));
if (userGUID == null || userGUID.length() < 1) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to localDB, user does not have a pwmGUID"));
}
if (localDB == null || localDB.status() != LocalDB.Status.OPEN) {
final String errorMsg = "LocalDB is not available, unable to write user otp";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_LOCALDB_UNAVAILABLE, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final Configuration config = this.getPwmApplication().getConfig();
String value = composeOtpAttribute(otpConfig);
if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
LOGGER.debug(pwmSession, "Encrypting OTP secret for storage");
value = encryptAttributeValue(value);
}
localDB.put(LocalDB.DB.OTP_SECRET, userGUID, value);
LOGGER.info(pwmSession, "saved OTP secret for user in LocalDB");
} catch (LocalDBException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected LocalDB error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
} catch (PwmOperationalException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
}
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class TokenDestinationItem method allFromConfig.
public static List<TokenDestinationItem> allFromConfig(final PwmApplication pwmApplication, final UserInfo userInfo) throws PwmUnrecoverableException {
final Configuration configuration = pwmApplication.getConfig();
final SecureService secureService = pwmApplication.getSecureService();
final TokenDestinationDisplayMasker tokenDestinationDisplayMasker = new TokenDestinationDisplayMasker(configuration);
final Map<String, TokenDestinationItem> results = new LinkedHashMap<>();
for (final String emailValue : new String[] { userInfo.getUserEmailAddress(), userInfo.getUserEmailAddress2(), userInfo.getUserEmailAddress3() }) {
if (!StringUtil.isEmpty(emailValue)) {
final String idHash = secureService.hash(emailValue + Type.email.name());
final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskEmail(emailValue)).value(emailValue).type(Type.email).build();
results.put(idHash, item);
}
}
for (final String smsValue : new String[] { userInfo.getUserSmsNumber(), userInfo.getUserSmsNumber2(), userInfo.getUserSmsNumber3() }) {
if (!StringUtil.isEmpty(smsValue)) {
final String idHash = secureService.hash(smsValue + Type.sms.name());
final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskPhone(smsValue)).value(smsValue).type(Type.sms).build();
results.put(idHash, item);
}
}
return Collections.unmodifiableList(new ArrayList<>(results.values()));
}
use of password.pwm.config.Configuration in project pwm by pwm-project.
the class ForgottenPasswordUtil method calculateRecoveryFlags.
static ForgottenPasswordBean.RecoveryFlags calculateRecoveryFlags(final PwmApplication pwmApplication, final String forgottenPasswordProfileID) {
final Configuration config = pwmApplication.getConfig();
final ForgottenPasswordProfile forgottenPasswordProfile = config.getForgottenPasswordProfiles().get(forgottenPasswordProfileID);
final Set<IdentityVerificationMethod> requiredRecoveryVerificationMethods = forgottenPasswordProfile.requiredRecoveryAuthenticationMethods();
final Set<IdentityVerificationMethod> optionalRecoveryVerificationMethods = forgottenPasswordProfile.optionalRecoveryAuthenticationMethods();
final int minimumOptionalRecoveryAuthMethods = forgottenPasswordProfile.getMinOptionalRequired();
final boolean allowWhenLdapIntruderLocked = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.RECOVERY_ALLOW_WHEN_LOCKED);
return new ForgottenPasswordBean.RecoveryFlags(allowWhenLdapIntruderLocked, requiredRecoveryVerificationMethods, optionalRecoveryVerificationMethods, minimumOptionalRecoveryAuthMethods);
}
Aggregations