Example 1 with ForceSetupPolicy
use of password.pwm.config.option.ForceSetupPolicy in project pwm by pwm-project.
the class UserInfoReader method isRequiresOtpConfig.
@Override
public boolean isRequiresOtpConfig() throws PwmUnrecoverableException {
LOGGER.trace(sessionLabel, "checkOtp: beginning process to check if user OTP setup is required");
SetupOtpProfile setupOtpProfile = null;
final Map<ProfileType, String> profileIDs = selfCachedReference.getProfileIDs();
if (profileIDs.containsKey(ProfileType.UpdateAttributes)) {
setupOtpProfile = pwmApplication.getConfig().getSetupOTPProfiles().get(profileIDs.get(ProfileType.SetupOTPProfile));
}
if (setupOtpProfile == null) {
LOGGER.trace(sessionLabel, "checkOtp: no otp setup profile assigned, user OTP setup is not required");
return false;
}
if (!setupOtpProfile.readSettingAsBoolean(PwmSetting.OTP_ALLOW_SETUP)) {
LOGGER.trace(sessionLabel, "checkOtp: OTP allow setup is not enabled");
return false;
}
final ForceSetupPolicy policy = setupOtpProfile.readSettingAsEnum(PwmSetting.OTP_FORCE_SETUP, ForceSetupPolicy.class);
if (policy == ForceSetupPolicy.SKIP) {
LOGGER.trace(sessionLabel, "checkOtp: OTP force setup policy is set to SKIP, user OTP setup is not required");
return false;
}
final OTPUserRecord otpUserRecord = selfCachedReference.getOtpUserRecord();
final boolean hasStoredOtp = otpUserRecord != null && otpUserRecord.getSecret() != null;
if (hasStoredOtp) {
LOGGER.trace(sessionLabel, "checkOtp: user has existing valid otp record, user OTP setup is not required");
return false;
}
// hasStoredOtp is always true at this point, so if forced then update needed
LOGGER.debug(sessionLabel, "checkOtp: user does not have existing valid otp record, user OTP setup is required");
return policy == ForceSetupPolicy.FORCE || policy == ForceSetupPolicy.FORCE_ALLOW_SKIP;
}
Also used :
ProfileType(password.pwm.config.profile.ProfileType)
SetupOtpProfile(password.pwm.config.profile.SetupOtpProfile)
ForceSetupPolicy(password.pwm.config.option.ForceSetupPolicy)
OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)
Example 2 with ForceSetupPolicy
use of password.pwm.config.option.ForceSetupPolicy in project pwm by pwm-project.
the class SetupOtpServlet method handleSkipRequest.
@ActionHandler(action = "skip")
private ProcessStatus handleSkipRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
boolean allowSkip = false;
if (!pwmRequest.isForcedPageView()) {
allowSkip = true;
} else {
final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
final ForceSetupPolicy policy = setupOtpProfile.readSettingAsEnum(PwmSetting.OTP_FORCE_SETUP, ForceSetupPolicy.class);
if (policy == ForceSetupPolicy.FORCE_ALLOW_SKIP) {
allowSkip = true;
}
}
if (allowSkip) {
pwmRequest.getPwmSession().getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.skipOtp);
pwmRequest.sendRedirectToContinue();
return ProcessStatus.Halt;
}
return ProcessStatus.Continue;
}
Also used :
SetupOtpProfile(password.pwm.config.profile.SetupOtpProfile)
ForceSetupPolicy(password.pwm.config.option.ForceSetupPolicy)
Aggregations
ForceSetupPolicy (password.pwm.config.option.ForceSetupPolicy)2
SetupOtpProfile (password.pwm.config.profile.SetupOtpProfile)2
ProfileType (password.pwm.config.profile.ProfileType)1
OTPUserRecord (password.pwm.util.operations.otp.OTPUserRecord)1
