Search in sources :

Example 1 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class PasswordUtility method helpdeskSetUserPassword.

public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final SessionLabel sessionLabel = pwmSession.getLabel();
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    if (!pwmSession.isAuthenticated()) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
    if (helpdeskProfile == null) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // mark the event log
    {
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // update statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
    {
        // execute configured actions
        LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
        final List<ActionConfiguration> actions = new ArrayList<>();
        actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
        actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
        if (!actions.isEmpty()) {
            final LoginInfoBean loginInfoBean = new LoginInfoBean();
            loginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
    if (settingClearResponses == HelpdeskClearResponseMode.yes) {
        final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
        // mark the event log
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // send email notification
    sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
    // expire if so configured
    if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
        LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
        try {
            proxiedUser.expirePassword();
        } catch (ChaiOperationException e) {
            LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
        }
    }
    // send password
    final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
    if (sendPassword) {
        final MessageSendMethod messageSendMethod;
        {
            final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
            final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
            messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        }
        PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) LoginInfoBean(password.pwm.bean.LoginInfoBean) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmOperationalException(password.pwm.error.PwmOperationalException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 2 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordUtil method doActionSendNewPassword.

static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
    LOGGER.trace(pwmRequest, "beginning process to send new password to user");
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmRequest, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
        return;
    }
    try {
        final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
        LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
        // add post change actions
        ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
        // create new password
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
        LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
        // set the password
        try {
            theUser.setPassword(newPassword.getStringValue());
            LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
        } catch (ChaiException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
            LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
            theUser.expirePassword();
        }
        // mark the event log
        {
            final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
            pwmApplication.getAuditManager().submit(auditRecord);
        }
        final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        // send email or SMS
        final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
    } catch (PwmException e) {
        LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
        LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
    } finally {
        ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
        // the user should not be authenticated, this is a safety method
        pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
        // the password set flag should not have been set, this is a safety method
        pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) UserInfo(password.pwm.ldap.UserInfo) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) RecoveryAction(password.pwm.config.option.RecoveryAction) PasswordData(password.pwm.util.PasswordData) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) AuditRecord(password.pwm.svc.event.AuditRecord) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 3 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordUtil method calculateRecoveryFlags.

static ForgottenPasswordBean.RecoveryFlags calculateRecoveryFlags(final PwmApplication pwmApplication, final String forgottenPasswordProfileID) {
    final Configuration config = pwmApplication.getConfig();
    final ForgottenPasswordProfile forgottenPasswordProfile = config.getForgottenPasswordProfiles().get(forgottenPasswordProfileID);
    final Set<IdentityVerificationMethod> requiredRecoveryVerificationMethods = forgottenPasswordProfile.requiredRecoveryAuthenticationMethods();
    final Set<IdentityVerificationMethod> optionalRecoveryVerificationMethods = forgottenPasswordProfile.optionalRecoveryAuthenticationMethods();
    final int minimumOptionalRecoveryAuthMethods = forgottenPasswordProfile.getMinOptionalRequired();
    final boolean allowWhenLdapIntruderLocked = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.RECOVERY_ALLOW_WHEN_LOCKED);
    return new ForgottenPasswordBean.RecoveryFlags(allowWhenLdapIntruderLocked, requiredRecoveryVerificationMethods, optionalRecoveryVerificationMethods, minimumOptionalRecoveryAuthMethods);
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration)

Example 4 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordServlet method forwardToEnterTokenJsp.

private static void forwardToEnterTokenJsp(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final List<TokenDestinationItem> destItems = ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
    ResetAction goBackAction = null;
    final boolean autoSelect = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST));
    if (destItems.size() > 1 || !autoSelect) {
        goBackAction = ResetAction.clearTokenDestination;
    } else if (ForgottenPasswordUtil.hasOtherMethodChoices(forgottenPasswordBean, IdentityVerificationMethod.TOKEN)) {
        goBackAction = ResetAction.clearActionChoice;
    }
    if (goBackAction != null) {
        pwmRequest.setAttribute(PwmRequestAttribute.GoBackAction, goBackAction);
    }
    {
        final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
        pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordResendTokenEnabled, resendEnabled);
    }
    pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ENTER_TOKEN);
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) TokenDestinationItem(password.pwm.bean.TokenDestinationItem)

Example 5 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordServlet method processActionChoice.

@ActionHandler(action = "actionChoice")
private ProcessStatus processActionChoice(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ServletException, IOException, ChaiUnavailableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
    if (resendEnabled) {
        // clear token dest info in case we got here from a user 'go-back' request
        forgottenPasswordBean.getProgress().clearTokenSentStatus();
    }
    final boolean disallowAllButUnlock;
    {
        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        final RecoveryMinLifetimeOption minLifetimeOption = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
        disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY && userInfo.isPasswordLocked();
    }
    if (forgottenPasswordBean.getProgress().isAllPassed()) {
        final String choice = pwmRequest.readParameterAsString("choice");
        final ActionChoice actionChoice = JavaHelper.readEnumFromString(ActionChoice.class, null, choice);
        if (actionChoice != null) {
            switch(actionChoice) {
                case unlock:
                    this.executeUnlock(pwmRequest);
                    break;
                case resetPassword:
                    if (disallowAllButUnlock) {
                        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                        PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
                    }
                    this.executeResetPassword(pwmRequest);
                    break;
                default:
                    JavaHelper.unhandledSwitchStatement(actionChoice);
            }
        }
    }
    return ProcessStatus.Continue;
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) UserInfo(password.pwm.ldap.UserInfo) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) RecoveryMinLifetimeOption(password.pwm.config.option.RecoveryMinLifetimeOption)

Aggregations

ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)12 ErrorInformation (password.pwm.error.ErrorInformation)7 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)7 UserInfo (password.pwm.ldap.UserInfo)7 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)6 TokenDestinationItem (password.pwm.bean.TokenDestinationItem)4 UserIdentity (password.pwm.bean.UserIdentity)4 ChaiUser (com.novell.ldapchai.ChaiUser)3 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 PwmApplication (password.pwm.PwmApplication)3 IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)3 MessageSendMethod (password.pwm.config.option.MessageSendMethod)3 RecoveryMinLifetimeOption (password.pwm.config.option.RecoveryMinLifetimeOption)3 FormConfiguration (password.pwm.config.value.data.FormConfiguration)3 SessionLabel (password.pwm.bean.SessionLabel)2 Configuration (password.pwm.config.Configuration)2 RecoveryAction (password.pwm.config.option.RecoveryAction)2 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)2