Search in sources :

Example 1 with ChallengeProfile

use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.

the class CrService method determineChallengeProfileForUser.

protected static String determineChallengeProfileForUser(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity, final Locale locale) throws PwmUnrecoverableException {
    final List<String> profiles = pwmApplication.getConfig().getChallengeProfileIDs();
    if (profiles.isEmpty()) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is configured"));
    }
    for (final String profile : profiles) {
        final ChallengeProfile loopPolicy = pwmApplication.getConfig().getChallengeProfile(profile, locale);
        final List<UserPermission> queryMatch = loopPolicy.getUserPermissions();
        if (queryMatch != null && !queryMatch.isEmpty()) {
            LOGGER.debug(sessionLabel, "testing challenge profiles '" + profile + "'");
            try {
                final boolean match = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, queryMatch);
                if (match) {
                    return profile;
                }
            } catch (PwmUnrecoverableException e) {
                LOGGER.error(sessionLabel, "unexpected error while testing password policy profile '" + profile + "', error: " + e.getMessage());
            }
        }
    }
    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is assigned"));
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserPermission(password.pwm.config.value.data.UserPermission)

Example 2 with ChallengeProfile

use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.

the class RestChallengesServer method doSetChallengeDataJson.

@RestMethodHandler(method = HttpMethod.POST, consumes = HttpContentType.json, produces = HttpContentType.json)
public RestResultBean doSetChallengeDataJson(final RestRequest restRequest) throws IOException, PwmUnrecoverableException {
    final JsonChallengesData jsonInput = RestUtility.deserializeJsonBody(restRequest, JsonChallengesData.class);
    final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, jsonInput.getUsername());
    try {
        final ChaiUser chaiUser;
        final String userGUID;
        final String csIdentifer;
        final UserIdentity userIdentity;
        final CrService crService = restRequest.getPwmApplication().getCrService();
        userIdentity = targetUserIdentity.getUserIdentity();
        chaiUser = targetUserIdentity.getChaiUser();
        userGUID = LdapOperationsHelper.readLdapGuidValue(restRequest.getPwmApplication(), restRequest.getSessionLabel(), userIdentity, false);
        final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), userIdentity, chaiUser, PwmPasswordPolicy.defaultPolicy(), restRequest.getLocale());
        csIdentifer = challengeProfile.getChallengeSet().getIdentifier();
        final ResponseInfoBean responseInfoBean = jsonInput.toResponseInfoBean(restRequest.getLocale(), csIdentifer);
        crService.writeResponses(userIdentity, chaiUser, userGUID, responseInfoBean);
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.forSuccessMessage(restRequest, Message.Success_SetupResponse);
    } catch (Exception e) {
        final String errorMsg = "unexpected error reading json input: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) CrService(password.pwm.util.operations.CrService) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Example 3 with ChallengeProfile

use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.

the class RestChallengesServer method doFormGetChallengeData.

@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
    final boolean answers = restRequest.readParameterAsBoolean("answers");
    final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
    final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
    try {
        if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
        }
        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
        // gather data
        final ResponseSet responseSet;
        final ChallengeSet challengeSet;
        final ChallengeSet helpdeskChallengeSet;
        final String outputUsername;
        final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
        final Locale userLocale = restRequest.getLocale();
        final CrService crService = restRequest.getPwmApplication().getCrService();
        responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
        final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
        challengeSet = challengeProfile.getChallengeSet();
        helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
        outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
        // build output
        final JsonChallengesData jsonData = new JsonChallengesData();
        {
            jsonData.username = outputUsername;
            if (responseSet != null) {
                jsonData.challenges = responseSet.asChallengeBeans(answers);
                if (helpdesk) {
                    jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
                }
                jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
            }
            final Policy policy = new Policy();
            if (challengeSet != null) {
                policy.challenges = challengesToBeans(challengeSet.getChallenges());
                policy.minimumRandoms = challengeSet.getMinRandomRequired();
            }
            if (helpdeskChallengeSet != null && helpdesk) {
                policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
            }
            if (policy.challenges != null || policy.helpdeskChallenges != null) {
                jsonData.policy = policy;
            }
        }
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.withData(jsonData);
    } catch (ChaiException e) {
        final String errorMsg = "unexpected error building json response: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : Locale(java.util.Locale) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) CrService(password.pwm.util.operations.CrService) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChaiException(com.novell.ldapchai.exception.ChaiException) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Example 4 with ChallengeProfile

use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.

the class ImportResponsesCommand method doCommand.

@Override
void doCommand() throws Exception {
    final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
    final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
    try (BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()))) {
        out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
        int counter = 0;
        String line;
        final long startTime = System.currentTimeMillis();
        while ((line = reader.readLine()) != null) {
            counter++;
            final RestChallengesServer.JsonChallengesData inputData;
            inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
            final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
            final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
            if (user.exists()) {
                out("writing responses to user '" + user.getEntryDN() + "'");
                try {
                    final ChallengeProfile challengeProfile = pwmApplication.getCrService().readUserChallengeProfile(null, userIdentity, user, PwmPasswordPolicy.defaultPolicy(), PwmConstants.DEFAULT_LOCALE);
                    final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
                    final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
                    final ResponseInfoBean responseInfoBean = inputData.toResponseInfoBean(PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
                    pwmApplication.getCrService().writeResponses(userIdentity, user, userGuid, responseInfoBean);
                } catch (Exception e) {
                    out("error writing responses to user '" + user.getEntryDN() + "', error: " + e.getMessage());
                    return;
                }
            } else {
                out("user '" + user.getEntryDN() + "' is not a valid userDN");
                return;
            }
        }
        out("output complete, " + counter + " responses imported in " + TimeDuration.fromCurrent(startTime).asCompactString());
    }
}
Also used : PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) InputStreamReader(java.io.InputStreamReader) UserIdentity(password.pwm.bean.UserIdentity) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) FileInputStream(java.io.FileInputStream) ChaiUser(com.novell.ldapchai.ChaiUser) BufferedReader(java.io.BufferedReader) RestChallengesServer(password.pwm.ws.server.rest.RestChallengesServer) File(java.io.File)

Example 5 with ChallengeProfile

use of password.pwm.config.profile.ChallengeProfile in project pwm by pwm-project.

the class CrService method readUserChallengeProfile.

public ChallengeProfile readUserChallengeProfile(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser, final PwmPasswordPolicy policy, final Locale locale) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final long methodStartTime = System.currentTimeMillis();
    ChallengeSet returnSet = null;
    if (config.readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_CHALLENGE_SET)) {
        try {
            if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
                if (policy != null && policy.getChaiPasswordPolicy() != null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser.getChaiProvider(), policy.getChaiPasswordPolicy(), locale);
                }
                if (returnSet == null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser, locale);
                }
                if (returnSet == null) {
                    LOGGER.debug(sessionLabel, "no nmas c/r policy found for user " + theUser.getEntryDN());
                } else {
                    LOGGER.debug(sessionLabel, "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
                    final ChallengeProfile challengeProfile = ChallengeProfile.createChallengeProfile(challengeID, locale, applyPwmPolicyToNmasChallenges(returnSet, config), null, (int) config.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MIN_RANDOM_DURING_SETUP), 0);
                    LOGGER.debug(sessionLabel, "using ldap c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + ", result=" + JsonUtil.serialize(challengeProfile));
                    return challengeProfile;
                }
            }
        } catch (ChaiException e) {
            LOGGER.error(sessionLabel, "error reading nmas c/r policy for user " + theUser.getEntryDN() + ": " + e.getMessage());
        }
        LOGGER.debug(sessionLabel, "no detected c/r policy for user " + theUser.getEntryDN() + " in nmas");
    }
    // use PWM policies if PWM is configured and either its all that is configured OR the NMAS policy read was not successful
    final String challengeProfileID = determineChallengeProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
    final ChallengeProfile challengeProfile = config.getChallengeProfile(challengeProfileID, locale);
    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + " returned profile: " + (challengeProfile == null ? "null" : challengeProfile.getIdentifier()));
    return challengeProfile;
}
Also used : ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) Configuration(password.pwm.config.Configuration) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ChaiException(com.novell.ldapchai.exception.ChaiException)

Aggregations

ChallengeProfile (password.pwm.config.profile.ChallengeProfile)6 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)4 ChaiUser (com.novell.ldapchai.ChaiUser)3 ChaiException (com.novell.ldapchai.exception.ChaiException)3 ErrorInformation (password.pwm.error.ErrorInformation)3 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)3 ResponseInfoBean (password.pwm.bean.ResponseInfoBean)2 UserIdentity (password.pwm.bean.UserIdentity)2 CrService (password.pwm.util.operations.CrService)2 RestMethodHandler (password.pwm.ws.server.RestMethodHandler)2 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)1 ResponseSet (com.novell.ldapchai.cr.ResponseSet)1 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 Locale (java.util.Locale)1 PwmApplication (password.pwm.PwmApplication)1 Configuration (password.pwm.config.Configuration)1