use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.
the class CrService method determineChallengeProfileForUser.
protected static String determineChallengeProfileForUser(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity, final Locale locale) throws PwmUnrecoverableException {
final List<String> profiles = pwmApplication.getConfig().getChallengeProfileIDs();
if (profiles.isEmpty()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is configured"));
}
for (final String profile : profiles) {
final ChallengeProfile loopPolicy = pwmApplication.getConfig().getChallengeProfile(profile, locale);
final List<UserPermission> queryMatch = loopPolicy.getUserPermissions();
if (queryMatch != null && !queryMatch.isEmpty()) {
LOGGER.debug(sessionLabel, "testing challenge profiles '" + profile + "'");
try {
final boolean match = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, queryMatch);
if (match) {
return profile;
}
} catch (PwmUnrecoverableException e) {
LOGGER.error(sessionLabel, "unexpected error while testing password policy profile '" + profile + "', error: " + e.getMessage());
}
}
}
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is assigned"));
}
use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.
the class RestChallengesServer method doSetChallengeDataJson.
@RestMethodHandler(method = HttpMethod.POST, consumes = HttpContentType.json, produces = HttpContentType.json)
public RestResultBean doSetChallengeDataJson(final RestRequest restRequest) throws IOException, PwmUnrecoverableException {
final JsonChallengesData jsonInput = RestUtility.deserializeJsonBody(restRequest, JsonChallengesData.class);
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, jsonInput.getUsername());
try {
final ChaiUser chaiUser;
final String userGUID;
final String csIdentifer;
final UserIdentity userIdentity;
final CrService crService = restRequest.getPwmApplication().getCrService();
userIdentity = targetUserIdentity.getUserIdentity();
chaiUser = targetUserIdentity.getChaiUser();
userGUID = LdapOperationsHelper.readLdapGuidValue(restRequest.getPwmApplication(), restRequest.getSessionLabel(), userIdentity, false);
final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), userIdentity, chaiUser, PwmPasswordPolicy.defaultPolicy(), restRequest.getLocale());
csIdentifer = challengeProfile.getChallengeSet().getIdentifier();
final ResponseInfoBean responseInfoBean = jsonInput.toResponseInfoBean(restRequest.getLocale(), csIdentifer);
crService.writeResponses(userIdentity, chaiUser, userGUID, responseInfoBean);
// update statistics
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
return RestResultBean.forSuccessMessage(restRequest, Message.Success_SetupResponse);
} catch (Exception e) {
final String errorMsg = "unexpected error reading json input: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.
the class RestChallengesServer method doFormGetChallengeData.
@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
final boolean answers = restRequest.readParameterAsBoolean("answers");
final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
try {
if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
}
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
// gather data
final ResponseSet responseSet;
final ChallengeSet challengeSet;
final ChallengeSet helpdeskChallengeSet;
final String outputUsername;
final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
final Locale userLocale = restRequest.getLocale();
final CrService crService = restRequest.getPwmApplication().getCrService();
responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
challengeSet = challengeProfile.getChallengeSet();
helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
// build output
final JsonChallengesData jsonData = new JsonChallengesData();
{
jsonData.username = outputUsername;
if (responseSet != null) {
jsonData.challenges = responseSet.asChallengeBeans(answers);
if (helpdesk) {
jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
}
jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
}
final Policy policy = new Policy();
if (challengeSet != null) {
policy.challenges = challengesToBeans(challengeSet.getChallenges());
policy.minimumRandoms = challengeSet.getMinRandomRequired();
}
if (helpdeskChallengeSet != null && helpdesk) {
policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
}
if (policy.challenges != null || policy.helpdeskChallenges != null) {
jsonData.policy = policy;
}
}
// update statistics
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
return RestResultBean.withData(jsonData);
} catch (ChaiException e) {
final String errorMsg = "unexpected error building json response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.
the class ImportResponsesCommand method doCommand.
@Override
void doCommand() throws Exception {
final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
try (BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()))) {
out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
int counter = 0;
String line;
final long startTime = System.currentTimeMillis();
while ((line = reader.readLine()) != null) {
counter++;
final RestChallengesServer.JsonChallengesData inputData;
inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
if (user.exists()) {
out("writing responses to user '" + user.getEntryDN() + "'");
try {
final ChallengeProfile challengeProfile = pwmApplication.getCrService().readUserChallengeProfile(null, userIdentity, user, PwmPasswordPolicy.defaultPolicy(), PwmConstants.DEFAULT_LOCALE);
final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
final ResponseInfoBean responseInfoBean = inputData.toResponseInfoBean(PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
pwmApplication.getCrService().writeResponses(userIdentity, user, userGuid, responseInfoBean);
} catch (Exception e) {
out("error writing responses to user '" + user.getEntryDN() + "', error: " + e.getMessage());
return;
}
} else {
out("user '" + user.getEntryDN() + "' is not a valid userDN");
return;
}
}
out("output complete, " + counter + " responses imported in " + TimeDuration.fromCurrent(startTime).asCompactString());
}
}
use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.
the class CrService method readUserChallengeProfile.
public ChallengeProfile readUserChallengeProfile(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser, final PwmPasswordPolicy policy, final Locale locale) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final long methodStartTime = System.currentTimeMillis();
ChallengeSet returnSet = null;
if (config.readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_CHALLENGE_SET)) {
try {
if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
if (policy != null && policy.getChaiPasswordPolicy() != null) {
returnSet = NmasCrFactory.readAssignedChallengeSet(theUser.getChaiProvider(), policy.getChaiPasswordPolicy(), locale);
}
if (returnSet == null) {
returnSet = NmasCrFactory.readAssignedChallengeSet(theUser, locale);
}
if (returnSet == null) {
LOGGER.debug(sessionLabel, "no nmas c/r policy found for user " + theUser.getEntryDN());
} else {
LOGGER.debug(sessionLabel, "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
final ChallengeProfile challengeProfile = ChallengeProfile.createChallengeProfile(challengeID, locale, applyPwmPolicyToNmasChallenges(returnSet, config), null, (int) config.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MIN_RANDOM_DURING_SETUP), 0);
LOGGER.debug(sessionLabel, "using ldap c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + ", result=" + JsonUtil.serialize(challengeProfile));
return challengeProfile;
}
}
} catch (ChaiException e) {
LOGGER.error(sessionLabel, "error reading nmas c/r policy for user " + theUser.getEntryDN() + ": " + e.getMessage());
}
LOGGER.debug(sessionLabel, "no detected c/r policy for user " + theUser.getEntryDN() + " in nmas");
}
// use PWM policies if PWM is configured and either its all that is configured OR the NMAS policy read was not successful
final String challengeProfileID = determineChallengeProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
final ChallengeProfile challengeProfile = config.getChallengeProfile(challengeProfileID, locale);
LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + " returned profile: " + (challengeProfile == null ? "null" : challengeProfile.getIdentifier()));
return challengeProfile;
}
Aggregations