Search in sources :

Example 6 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordServlet method processResendToken.

@ActionHandler(action = "resendToken")
private ProcessStatus processResendToken(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    {
        final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
        final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
        if (!resendEnabled) {
            final String errorMsg = "token resend is not enabled";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    if (!forgottenPasswordBean.getProgress().isTokenSent()) {
        final String errorMsg = "attempt to resend token, but initial token has not yet been sent";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    {
        LOGGER.trace(pwmRequest, "preparing to send a new token to user");
        final long delayTime = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.TOKEN_RESEND_DELAY_MS));
        JavaHelper.pause(delayTime);
    }
    {
        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        final TokenDestinationItem tokenDestinationItem = forgottenPasswordBean.getProgress().getTokenDestination();
        ForgottenPasswordUtil.initializeAndSendToken(pwmRequest, userInfo, tokenDestinationItem);
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_TokenResend);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 7 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordServlet method forwardUserBasedOnRecoveryMethod.

private void forwardUserBasedOnRecoveryMethod(final PwmRequest pwmRequest, final IdentityVerificationMethod method) throws ServletException, PwmUnrecoverableException, IOException {
    LOGGER.debug(pwmRequest, "attempting to forward request to handle verification method " + method.toString());
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    ForgottenPasswordUtil.verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, method);
    switch(method) {
        case PREVIOUS_AUTH:
            {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "previous authentication is required, but user has not previously authenticated"));
            }
        case ATTRIBUTES:
            {
                pwmRequest.addFormInfoToRequestAttr(forgottenPasswordBean.getAttributeForm(), Collections.emptyMap(), false, false);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ATTRIBUTES);
            }
            break;
        case CHALLENGE_RESPONSES:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordChallengeSet, forgottenPasswordBean.getPresentableChallengeSet());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_RESPONSES);
            }
            break;
        case OTP:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOtpRecord, ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean).getOtpUserRecord());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ENTER_OTP);
            }
            break;
        case TOKEN:
            {
                final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
                final List<TokenDestinationItem> tokenDestinations = ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
                if (progress.getTokenDestination() == null) {
                    final boolean autoSelect = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST));
                    if (autoSelect && tokenDestinations.size() == 1) {
                        final TokenDestinationItem singleItem = tokenDestinations.iterator().next();
                        progress.setTokenDestination(singleItem);
                    }
                }
                if (progress.getTokenDestination() == null) {
                    forwardToTokenChoiceJsp(pwmRequest);
                    return;
                }
                if (!progress.isTokenSent()) {
                    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                    ForgottenPasswordUtil.initializeAndSendToken(pwmRequest, userInfo, progress.getTokenDestination());
                    progress.setTokenSent(true);
                }
                if (!progress.getSatisfiedMethods().contains(IdentityVerificationMethod.TOKEN)) {
                    forwardToEnterTokenJsp(pwmRequest);
                    return;
                }
            }
            break;
        case REMOTE_RESPONSES:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                final VerificationMethodSystem remoteMethod;
                if (forgottenPasswordBean.getProgress().getRemoteRecoveryMethod() == null) {
                    remoteMethod = new RemoteVerificationMethod();
                    remoteMethod.init(pwmRequest.getPwmApplication(), userInfo, pwmRequest.getSessionLabel(), pwmRequest.getLocale());
                    forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(remoteMethod);
                } else {
                    remoteMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
                }
                final List<VerificationMethodSystem.UserPrompt> prompts = remoteMethod.getCurrentPrompts();
                final String displayInstructions = remoteMethod.getCurrentDisplayInstructions();
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordPrompts, new ArrayList<>(prompts));
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordInstructions, displayInstructions);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_REMOTE);
            }
            break;
        case OAUTH:
            forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.OAUTH);
            final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
            final OAuthSettings oAuthSettings = OAuthSettings.forForgottenPassword(forgottenPasswordProfile);
            final OAuthMachine oAuthMachine = new OAuthMachine(oAuthSettings);
            pwmRequest.getPwmApplication().getSessionStateService().saveSessionBeans(pwmRequest);
            final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
            oAuthMachine.redirectUserToOAuthServer(pwmRequest, null, userIdentity, forgottenPasswordProfile.getIdentifier());
            break;
        default:
            throw new UnsupportedOperationException("unexpected method during forward: " + method.toString());
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) UserIdentity(password.pwm.bean.UserIdentity) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) OAuthMachine(password.pwm.http.servlet.oauth.OAuthMachine) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) VerificationMethodSystem(password.pwm.VerificationMethodSystem) ErrorInformation(password.pwm.error.ErrorInformation) List(java.util.List) ArrayList(java.util.ArrayList) OAuthSettings(password.pwm.http.servlet.oauth.OAuthSettings) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 8 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordServlet method nextStep.

@Override
@SuppressWarnings("checkstyle:MethodLength")
protected void nextStep(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmRequest.getConfig();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
    final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
    // check for identified user;
    if (forgottenPasswordBean.getUserIdentity() == null && !forgottenPasswordBean.isBogusUser()) {
        pwmRequest.addFormInfoToRequestAttr(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM, false, false);
        pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_SEARCH);
        return;
    }
    final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    {
        final Map<String, ForgottenPasswordProfile> profileIDList = pwmRequest.getConfig().getForgottenPasswordProfiles();
        final String profileDebugMsg = forgottenPasswordProfile != null && profileIDList != null && profileIDList.size() > 1 ? " profile=" + forgottenPasswordProfile.getIdentifier() + ", " : "";
        LOGGER.trace(pwmRequest, "entering forgotten password progress engine: " + profileDebugMsg + "flags=" + JsonUtil.serialize(recoveryFlags) + ", " + "progress=" + JsonUtil.serialize(progress));
    }
    if (forgottenPasswordProfile == null) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED));
    }
    // check for previous authentication
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH)) {
        if (!progress.getSatisfiedMethods().contains(IdentityVerificationMethod.PREVIOUS_AUTH)) {
            final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
            final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, true);
            if (ForgottenPasswordUtil.checkAuthRecord(pwmRequest, userGuid)) {
                LOGGER.debug(pwmRequest, "marking " + IdentityVerificationMethod.PREVIOUS_AUTH + " method as satisfied");
                progress.getSatisfiedMethods().add(IdentityVerificationMethod.PREVIOUS_AUTH);
            }
        }
    }
    // dispatch required auth methods.
    for (final IdentityVerificationMethod method : recoveryFlags.getRequiredAuthMethods()) {
        if (!progress.getSatisfiedMethods().contains(method)) {
            forwardUserBasedOnRecoveryMethod(pwmRequest, method);
            return;
        }
    }
    // redirect if an verification method is in progress
    if (progress.getInProgressVerificationMethod() != null) {
        if (progress.getSatisfiedMethods().contains(progress.getInProgressVerificationMethod())) {
            progress.setInProgressVerificationMethod(null);
        } else {
            pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOptionalPageView, "true");
            forwardUserBasedOnRecoveryMethod(pwmRequest, progress.getInProgressVerificationMethod());
            return;
        }
    }
    // check if more optional methods required
    if (recoveryFlags.getMinimumOptionalAuthMethods() > 0) {
        final Set<IdentityVerificationMethod> satisfiedOptionalMethods = ForgottenPasswordUtil.figureSatisfiedOptionalAuthMethods(recoveryFlags, progress);
        if (satisfiedOptionalMethods.size() < recoveryFlags.getMinimumOptionalAuthMethods()) {
            final Set<IdentityVerificationMethod> remainingAvailableOptionalMethods = ForgottenPasswordUtil.figureRemainingAvailableOptionalAuthMethods(pwmRequest, forgottenPasswordBean);
            if (remainingAvailableOptionalMethods.isEmpty()) {
                final String errorMsg = "additional optional verification methods are needed, however all available optional verification methods have been satisfied by user";
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
                LOGGER.error(pwmRequest, errorInformation);
                pwmRequest.respondWithError(errorInformation);
                return;
            } else {
                if (remainingAvailableOptionalMethods.size() == 1) {
                    final IdentityVerificationMethod remainingMethod = remainingAvailableOptionalMethods.iterator().next();
                    LOGGER.debug(pwmRequest, "only 1 remaining available optional verification method, will redirect to " + remainingMethod.toString());
                    forwardUserBasedOnRecoveryMethod(pwmRequest, remainingMethod);
                    progress.setInProgressVerificationMethod(remainingMethod);
                    return;
                }
            }
            processVerificationChoice(pwmRequest);
            return;
        }
    }
    if (progress.getSatisfiedMethods().isEmpty()) {
        final String errorMsg = "forgotten password recovery sequence completed, but user has not actually satisfied any verification methods";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
        LOGGER.error(pwmRequest, errorInformation);
        clearForgottenPasswordBean(pwmRequest);
        throw new PwmUnrecoverableException(errorInformation);
    }
    {
        final int satisfiedMethods = progress.getSatisfiedMethods().size();
        final int totalMethodsNeeded = recoveryFlags.getRequiredAuthMethods().size() + recoveryFlags.getMinimumOptionalAuthMethods();
        if (satisfiedMethods < totalMethodsNeeded) {
            final String errorMsg = "forgotten password recovery sequence completed " + satisfiedMethods + " methods, " + " but policy requires a total of " + totalMethodsNeeded + " methods";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RECOVERY_SEQUENCE_INCOMPLETE, errorMsg);
            LOGGER.error(pwmRequest, errorInformation);
            clearForgottenPasswordBean(pwmRequest);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        forgottenPasswordBean.getProgress().setAllPassed(true);
        StatisticsManager.incrementStat(pwmRequest, Statistic.RECOVERY_SUCCESSES);
    }
    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
    if (userInfo == null) {
        throw PwmUnrecoverableException.newException(PwmError.ERROR_UNKNOWN, "unable to load userInfo while processing forgotten password controller");
    }
    // check if user's pw is within min lifetime window
    final RecoveryMinLifetimeOption minLifetimeOption = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
    if (minLifetimeOption == RecoveryMinLifetimeOption.NONE || (!userInfo.isPasswordLocked() && minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY)) {
        if (userInfo.isWithinPasswordMinimumLifetime()) {
            PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
        }
    }
    final boolean disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY && userInfo.isPasswordLocked();
    LOGGER.trace(pwmRequest, "all recovery checks passed, proceeding to configured recovery action");
    final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(config, forgottenPasswordBean);
    if (recoveryAction == RecoveryAction.SENDNEWPW || recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
        if (disallowAllButUnlock) {
            PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
        }
        ForgottenPasswordUtil.doActionSendNewPassword(pwmRequest);
        return;
    }
    if (forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.RECOVERY_ALLOW_UNLOCK)) {
        final PasswordStatus passwordStatus = userInfo.getPasswordStatus();
        if (!passwordStatus.isExpired() && !passwordStatus.isPreExpired()) {
            if (userInfo.isPasswordLocked()) {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordInhibitPasswordReset, Boolean.TRUE);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ACTION_CHOICE);
                return;
            }
        }
    }
    this.executeResetPassword(pwmRequest);
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) RecoveryMinLifetimeOption(password.pwm.config.option.RecoveryMinLifetimeOption) ErrorInformation(password.pwm.error.ErrorInformation) RecoveryAction(password.pwm.config.option.RecoveryAction) PasswordStatus(password.pwm.bean.PasswordStatus) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap)

Example 9 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class OAuthConsumerServlet method makeOAuthSettings.

private static OAuthSettings makeOAuthSettings(final PwmRequest pwmRequest, final OAuthState oAuthState) throws IOException, ServletException, PwmUnrecoverableException {
    final OAuthUseCase oAuthUseCase = oAuthState.getUseCase();
    switch(oAuthUseCase) {
        case Authentication:
            return OAuthSettings.forSSOAuthentication(pwmRequest.getConfig());
        case ForgottenPassword:
            final String profileId = oAuthState.getForgottenProfileId();
            final ForgottenPasswordProfile profile = pwmRequest.getConfig().getForgottenPasswordProfiles().get(profileId);
            return OAuthSettings.forForgottenPassword(profile);
        default:
            JavaHelper.unhandledSwitchStatement(oAuthUseCase);
    }
    final String errorMsg = "unable to calculate oauth settings for incoming request state";
    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
    LOGGER.error(pwmRequest, errorMsg);
    throw new PwmUnrecoverableException(errorInformation);
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 10 with ForgottenPasswordProfile

use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.

the class ForgottenPasswordUtil method figureAvailableTokenDestinations.

static List<TokenDestinationItem> figureAvailableTokenDestinations(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
    {
        @SuppressWarnings("unchecked") final List<TokenDestinationItem> cachedItems = (List<TokenDestinationItem>) pwmRequest.getHttpServletRequest().getAttribute(PwmConstants.REQUEST_ATTR_FORGOTTEN_PW_AVAIL_TOKEN_DEST_CACHE);
        if (cachedItems != null) {
            return cachedItems;
        }
    }
    final String profileID = forgottenPasswordBean.getForgottenPasswordProfileID();
    final ForgottenPasswordProfile forgottenPasswordProfile = pwmRequest.getConfig().getForgottenPasswordProfiles().get(profileID);
    final MessageSendMethod tokenSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_TOKEN_SEND_METHOD, MessageSendMethod.class);
    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
    final List<TokenDestinationItem> items = TokenUtil.figureAvailableTokenDestinations(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userInfo, tokenSendMethod);
    final List<TokenDestinationItem> finalList = Collections.unmodifiableList(items);
    pwmRequest.getHttpServletRequest().setAttribute(PwmConstants.REQUEST_ATTR_FORGOTTEN_PW_AVAIL_TOKEN_DEST_CACHE, finalList);
    return finalList;
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) List(java.util.List) ArrayList(java.util.ArrayList) MessageSendMethod(password.pwm.config.option.MessageSendMethod) UserInfo(password.pwm.ldap.UserInfo) TokenDestinationItem(password.pwm.bean.TokenDestinationItem)

Aggregations

ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)12 ErrorInformation (password.pwm.error.ErrorInformation)7 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)7 UserInfo (password.pwm.ldap.UserInfo)7 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)6 TokenDestinationItem (password.pwm.bean.TokenDestinationItem)4 UserIdentity (password.pwm.bean.UserIdentity)4 ChaiUser (com.novell.ldapchai.ChaiUser)3 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 PwmApplication (password.pwm.PwmApplication)3 IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)3 MessageSendMethod (password.pwm.config.option.MessageSendMethod)3 RecoveryMinLifetimeOption (password.pwm.config.option.RecoveryMinLifetimeOption)3 FormConfiguration (password.pwm.config.value.data.FormConfiguration)3 SessionLabel (password.pwm.bean.SessionLabel)2 Configuration (password.pwm.config.Configuration)2 RecoveryAction (password.pwm.config.option.RecoveryAction)2 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)2