Search in sources :

Example 6 with IdentityVerificationMethod

use of password.pwm.config.option.IdentityVerificationMethod in project pwm by pwm-project.

the class ForgottenPasswordUtil method figureRemainingAvailableOptionalAuthMethods.

static Set<IdentityVerificationMethod> figureRemainingAvailableOptionalAuthMethods(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) {
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
    final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
    final Set<IdentityVerificationMethod> result = new LinkedHashSet<>();
    result.addAll(recoveryFlags.getOptionalAuthMethods());
    result.removeAll(progress.getSatisfiedMethods());
    for (final IdentityVerificationMethod recoveryVerificationMethods : new LinkedHashSet<>(result)) {
        try {
            verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
        } catch (PwmUnrecoverableException e) {
            result.remove(recoveryVerificationMethods);
        }
    }
    return Collections.unmodifiableSet(result);
}
Also used : IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) LinkedHashSet(java.util.LinkedHashSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 7 with IdentityVerificationMethod

use of password.pwm.config.option.IdentityVerificationMethod in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}
Also used : Locale(java.util.Locale) ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)7 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)4 LinkedHashSet (java.util.LinkedHashSet)3 ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)3 FormConfiguration (password.pwm.config.value.data.FormConfiguration)3 ErrorInformation (password.pwm.error.ErrorInformation)3 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)3 PwmApplication (password.pwm.PwmApplication)2 Configuration (password.pwm.config.Configuration)2 UserInfo (password.pwm.ldap.UserInfo)2 ChaiUser (com.novell.ldapchai.ChaiUser)1 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)1 ResponseSet (com.novell.ldapchai.cr.ResponseSet)1 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 Locale (java.util.Locale)1 Map (java.util.Map)1