Search in sources :

Example 21 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class AbstractOtpOperator method composeOtpAttribute.

/**
 * Compose a single line of OTP information.
 *
 * @param otpUserRecord input user record
 * @return A string formatted record
 */
public String composeOtpAttribute(final OTPUserRecord otpUserRecord) throws PwmUnrecoverableException {
    String value = "";
    if (otpUserRecord != null) {
        final Configuration config = pwmApplication.getConfig();
        final OTPStorageFormat format = config.readSettingAsEnum(PwmSetting.OTP_SECRET_STORAGEFORMAT, OTPStorageFormat.class);
        switch(format) {
            case PWM:
                value = JsonUtil.serialize(otpUserRecord);
                break;
            case OTPURL:
                value = OTPUrlUtil.composeOtpUrl(otpUserRecord);
                break;
            case BASE32SECRET:
                value = otpUserRecord.getSecret();
                break;
            case PAM:
                value = OTPPamUtil.composePamData(otpUserRecord);
                break;
            default:
                final String errorStr = String.format("Unsupported storage format: %s", format.toString());
                final ErrorInformation error = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorStr);
                throw new PwmUnrecoverableException(error);
        }
    }
    return value;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) OTPStorageFormat(password.pwm.config.option.OTPStorageFormat)

Example 22 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class DatabaseService method init.

private synchronized void init() {
    if (initialized) {
        return;
    }
    final Instant startTime = Instant.now();
    status = STATUS.OPENING;
    try {
        final Configuration config = pwmApplication.getConfig();
        this.dbConfiguration = DBConfiguration.fromConfiguration(config);
        if (!dbConfiguration.isEnabled()) {
            status = PwmService.STATUS.CLOSED;
            LOGGER.debug("skipping database connection open, no connection parameters configured");
            initialized = true;
            return;
        }
        LOGGER.debug("opening connection to database " + this.dbConfiguration.getConnectionString());
        slotIncrementer = new AtomicLoopIntIncrementer(dbConfiguration.getMaxConnections());
        {
            // make initial connection and establish schema
            clearCurrentAccessors();
            final Connection connection = openConnection(dbConfiguration);
            updateDebugProperties(connection);
            LOGGER.debug("established initial connection to " + dbConfiguration.getConnectionString() + ", properties: " + JsonUtil.serializeMap(this.debugInfo));
            for (final DatabaseTable table : DatabaseTable.values()) {
                DatabaseUtil.initTable(connection, table, dbConfiguration);
            }
            connection.close();
        }
        accessors.clear();
        {
            // set up connection pool
            final boolean traceLogging = config.readSettingAsBoolean(PwmSetting.DATABASE_DEBUG_TRACE);
            for (int i = 0; i < dbConfiguration.getMaxConnections(); i++) {
                final Connection connection = openConnection(dbConfiguration);
                final DatabaseAccessorImpl accessor = new DatabaseAccessorImpl(this, this.dbConfiguration, connection, traceLogging);
                accessors.put(i, accessor);
            }
        }
        LOGGER.debug("successfully connected to remote database (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
        status = STATUS.OPEN;
        initialized = true;
    } catch (Throwable t) {
        final String errorMsg = "exception initializing database service: " + t.getMessage();
        LOGGER.warn(errorMsg);
        initialized = false;
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_DB_UNAVAILABLE, errorMsg);
        lastError = errorInformation;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) AtomicLoopIntIncrementer(password.pwm.util.java.AtomicLoopIntIncrementer) Instant(java.time.Instant) Connection(java.sql.Connection)

Example 23 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class LocalDbOtpOperator method writeOtpUserConfiguration.

@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
    LOGGER.trace(pwmSession, String.format("Enter: writeOtpUserConfiguration(%s, %s, %s)", theUser, userGUID, otpConfig));
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to localDB, user does not have a pwmGUID"));
    }
    if (localDB == null || localDB.status() != LocalDB.Status.OPEN) {
        final String errorMsg = "LocalDB is not available, unable to write user otp";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_LOCALDB_UNAVAILABLE, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final Configuration config = this.getPwmApplication().getConfig();
        String value = composeOtpAttribute(otpConfig);
        if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            LOGGER.debug(pwmSession, "Encrypting OTP secret for storage");
            value = encryptAttributeValue(value);
        }
        localDB.put(LocalDB.DB.OTP_SECRET, userGUID, value);
        LOGGER.info(pwmSession, "saved OTP secret for user in LocalDB");
    } catch (LocalDBException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected LocalDB error saving otp to localDB: " + ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    } catch (PwmOperationalException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LocalDBException(password.pwm.util.localdb.LocalDBException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 24 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class TokenDestinationItem method allFromConfig.

public static List<TokenDestinationItem> allFromConfig(final PwmApplication pwmApplication, final UserInfo userInfo) throws PwmUnrecoverableException {
    final Configuration configuration = pwmApplication.getConfig();
    final SecureService secureService = pwmApplication.getSecureService();
    final TokenDestinationDisplayMasker tokenDestinationDisplayMasker = new TokenDestinationDisplayMasker(configuration);
    final Map<String, TokenDestinationItem> results = new LinkedHashMap<>();
    for (final String emailValue : new String[] { userInfo.getUserEmailAddress(), userInfo.getUserEmailAddress2(), userInfo.getUserEmailAddress3() }) {
        if (!StringUtil.isEmpty(emailValue)) {
            final String idHash = secureService.hash(emailValue + Type.email.name());
            final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskEmail(emailValue)).value(emailValue).type(Type.email).build();
            results.put(idHash, item);
        }
    }
    for (final String smsValue : new String[] { userInfo.getUserSmsNumber(), userInfo.getUserSmsNumber2(), userInfo.getUserSmsNumber3() }) {
        if (!StringUtil.isEmpty(smsValue)) {
            final String idHash = secureService.hash(smsValue + Type.sms.name());
            final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskPhone(smsValue)).value(smsValue).type(Type.sms).build();
            results.put(idHash, item);
        }
    }
    return Collections.unmodifiableList(new ArrayList<>(results.values()));
}
Also used : SecureService(password.pwm.util.secure.SecureService) Configuration(password.pwm.config.Configuration) TokenDestinationDisplayMasker(password.pwm.svc.token.TokenDestinationDisplayMasker) LinkedHashMap(java.util.LinkedHashMap)

Example 25 with Configuration

use of password.pwm.config.Configuration in project pwm by pwm-project.

the class ForgottenPasswordUtil method calculateRecoveryFlags.

static ForgottenPasswordBean.RecoveryFlags calculateRecoveryFlags(final PwmApplication pwmApplication, final String forgottenPasswordProfileID) {
    final Configuration config = pwmApplication.getConfig();
    final ForgottenPasswordProfile forgottenPasswordProfile = config.getForgottenPasswordProfiles().get(forgottenPasswordProfileID);
    final Set<IdentityVerificationMethod> requiredRecoveryVerificationMethods = forgottenPasswordProfile.requiredRecoveryAuthenticationMethods();
    final Set<IdentityVerificationMethod> optionalRecoveryVerificationMethods = forgottenPasswordProfile.optionalRecoveryAuthenticationMethods();
    final int minimumOptionalRecoveryAuthMethods = forgottenPasswordProfile.getMinOptionalRequired();
    final boolean allowWhenLdapIntruderLocked = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.RECOVERY_ALLOW_WHEN_LOCKED);
    return new ForgottenPasswordBean.RecoveryFlags(allowWhenLdapIntruderLocked, requiredRecoveryVerificationMethods, optionalRecoveryVerificationMethods, minimumOptionalRecoveryAuthMethods);
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration)

Aggregations

Configuration (password.pwm.config.Configuration)111 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)45 FormConfiguration (password.pwm.config.value.data.FormConfiguration)37 PwmApplication (password.pwm.PwmApplication)33 ErrorInformation (password.pwm.error.ErrorInformation)33 PwmOperationalException (password.pwm.error.PwmOperationalException)25 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)23 Locale (java.util.Locale)22 PwmSession (password.pwm.http.PwmSession)21 PwmException (password.pwm.error.PwmException)17 EmailItemBean (password.pwm.bean.EmailItemBean)16 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)16 UserInfo (password.pwm.ldap.UserInfo)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)14 IOException (java.io.IOException)14 ArrayList (java.util.ArrayList)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 LinkedHashMap (java.util.LinkedHashMap)12 Instant (java.time.Instant)11 UserIdentity (password.pwm.bean.UserIdentity)10