Example 11 with ForgottenPasswordProfile
use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.
the class ForgottenPasswordUtil method permitPwChangeDuringMinLifetime.
public static boolean permitPwChangeDuringMinLifetime(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
ForgottenPasswordProfile forgottenPasswordProfile = null;
try {
forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmApplication, sessionLabel, userIdentity);
} catch (PwmUnrecoverableException e) {
LOGGER.debug(sessionLabel, "can't read user's forgotten password profile - assuming no profile assigned, error: " + e.getMessage());
}
if (forgottenPasswordProfile == null) {
// default is true.
return true;
}
final RecoveryMinLifetimeOption option = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
return option == RecoveryMinLifetimeOption.ALLOW;
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
RecoveryMinLifetimeOption(password.pwm.config.option.RecoveryMinLifetimeOption)
Example 12 with ForgottenPasswordProfile
use of password.pwm.config.profile.ForgottenPasswordProfile in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
Also used :
Locale(java.util.Locale)
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod)
PwmApplication(password.pwm.PwmApplication)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SessionLabel(password.pwm.bean.SessionLabel)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Aggregations
ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)12
ErrorInformation (password.pwm.error.ErrorInformation)7
ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)7
UserInfo (password.pwm.ldap.UserInfo)7
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)6
TokenDestinationItem (password.pwm.bean.TokenDestinationItem)4
UserIdentity (password.pwm.bean.UserIdentity)4
ChaiUser (com.novell.ldapchai.ChaiUser)3
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
PwmApplication (password.pwm.PwmApplication)3
IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)3
MessageSendMethod (password.pwm.config.option.MessageSendMethod)3
RecoveryMinLifetimeOption (password.pwm.config.option.RecoveryMinLifetimeOption)3
FormConfiguration (password.pwm.config.value.data.FormConfiguration)3
SessionLabel (password.pwm.bean.SessionLabel)2
Configuration (password.pwm.config.Configuration)2
RecoveryAction (password.pwm.config.option.RecoveryAction)2
AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)2
