Search in sources :

Example 6 with NewUserProfile

use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.

the class NewUserServlet method handleEnterCodeRequest.

@ActionHandler(action = "enterCode")
private ProcessStatus handleEnterCodeRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final NewUserBean newUserBean = getNewUserBean(pwmRequest);
    final NewUserProfile newUserProfile = getNewUserProfile(pwmRequest);
    final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
    final TokenDestinationItem tokenDestinationItem = NewUserUtils.tokenDestinationItemForCurrentValidation(pwmRequest, newUserBean, newUserProfile);
    ErrorInformation errorInformation = null;
    TokenPayload tokenPayload = null;
    try {
        tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, tokenDestinationItem, null, TokenType.NEWUSER, TokenService.TokenEntryType.unauthenticated);
    } catch (PwmUnrecoverableException e) {
        LOGGER.debug(pwmRequest, "error while checking entered token: ");
        errorInformation = e.getErrorInformation();
    }
    if (tokenPayload != null) {
        try {
            final NewUserTokenData newUserTokenData = NewUserFormUtils.fromTokenPayload(pwmRequest, tokenPayload);
            newUserBean.setProfileID(newUserTokenData.getProfileID());
            final NewUserForm newUserFormFromToken = newUserTokenData.getFormData();
            final TokenDestinationItem.Type tokenType = tokenPayload.getDestination().getType();
            if (tokenType == TokenDestinationItem.Type.email) {
                try {
                    verifyForm(pwmRequest, newUserFormFromToken, false);
                    newUserBean.setRemoteInputData(newUserTokenData.getInjectionData());
                    newUserBean.setNewUserForm(newUserFormFromToken);
                    newUserBean.setProfileID(newUserTokenData.getProfileID());
                    newUserBean.setFormPassed(true);
                    newUserBean.getCompletedTokenFields().addAll(newUserTokenData.getCompletedTokenFields());
                    newUserBean.setCurrentTokenField(newUserTokenData.getCurrentTokenField());
                } catch (PwmUnrecoverableException | PwmOperationalException e) {
                    LOGGER.error(pwmRequest, "while reading stored form data in token payload, form validation error occurred: " + e.getMessage());
                    errorInformation = e.getErrorInformation();
                }
            } else if (tokenType == TokenDestinationItem.Type.sms) {
                if (newUserBean.getNewUserForm() == null || !newUserBean.getNewUserForm().isConsistentWith(newUserFormFromToken)) {
                    LOGGER.debug(pwmRequest, "token value is valid, but form data does not match current session form data");
                    final String errorMsg = "sms token does not match current session";
                    errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
                }
            }
        } catch (PwmOperationalException e) {
            errorInformation = e.getErrorInformation();
        }
    }
    if (errorInformation != null) {
        LOGGER.debug(pwmSession, errorInformation.toDebugStr());
        setLastError(pwmRequest, errorInformation);
        return ProcessStatus.Continue;
    }
    LOGGER.debug(pwmRequest, "marking token as passed " + JsonUtil.serialize(tokenDestinationItem));
    newUserBean.getCompletedTokenFields().add(newUserBean.getCurrentTokenField());
    newUserBean.setTokenSent(false);
    newUserBean.setCurrentTokenField(null);
    if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
        pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
        pwmRequest.forwardToJsp(JspUrl.NEW_USER_TOKEN_SUCCESS);
        return ProcessStatus.Halt;
    }
    return ProcessStatus.Continue;
}
Also used : PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) NewUserProfile(password.pwm.config.profile.NewUserProfile) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) TokenPayload(password.pwm.svc.token.TokenPayload) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PwmSession(password.pwm.http.PwmSession) NewUserBean(password.pwm.http.bean.NewUserBean)

Example 7 with NewUserProfile

use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.

the class NewUserServlet method handleComplete.

@ActionHandler(action = "complete")
private ProcessStatus handleComplete(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final NewUserBean newUserBean = getNewUserBean(pwmRequest);
    final Instant startTime = newUserBean.getCreateStartTime();
    if (startTime == null) {
        pwmRequest.respondWithError(PwmError.ERROR_INCORRECT_REQ_SEQUENCE.toInfo(), true);
        return ProcessStatus.Halt;
    }
    final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
    final long minWaitTime = newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_MINIMUM_WAIT_TIME) * 1000L;
    final Instant completeTime = Instant.ofEpochMilli(startTime.toEpochMilli() + minWaitTime);
    // be sure minimum wait time has passed
    if (Instant.now().isBefore(completeTime)) {
        pwmRequest.forwardToJsp(JspUrl.NEW_USER_WAIT);
        return ProcessStatus.Halt;
    }
    // -- process complete -- \\
    pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, NewUserBean.class);
    final String configuredRedirectUrl = newUserProfile.readSettingAsString(PwmSetting.NEWUSER_REDIRECT_URL);
    if (!StringUtil.isEmpty(configuredRedirectUrl) && StringUtil.isEmpty(pwmRequest.getPwmSession().getSessionStateBean().getForwardURL())) {
        final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
        final String macroedUrl = macroMachine.expandMacros(configuredRedirectUrl);
        pwmRequest.sendRedirect(macroedUrl);
        return ProcessStatus.Halt;
    }
    pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateUser);
    return ProcessStatus.Halt;
}
Also used : Instant(java.time.Instant) MacroMachine(password.pwm.util.macro.MacroMachine) NewUserBean(password.pwm.http.bean.NewUserBean) NewUserProfile(password.pwm.config.profile.NewUserProfile)

Example 8 with NewUserProfile

use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.

the class NewUserUtils method createUser.

@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final long startTime = System.currentTimeMillis();
    // re-perform verification before proceeding
    {
        final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
        passwordCheckInfoToException(passwordCheckInfo);
    }
    NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
    final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
    final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
    final PasswordData userPassword;
    if (promptForPassword) {
        userPassword = newUserForm.getNewUserPassword();
    } else {
        final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
        userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
    }
    // set up the user creation attributes
    final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
    // read the creation object classes from configuration
    final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
    // add the auto-add object classes
    {
        final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
        createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
    }
    final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
    try {
        // create the ldap entry
        chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
        NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
    } catch (ChaiOperationException e) {
        final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
        throw new PwmOperationalException(errorInformation);
    }
    final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
    final boolean useTempPw;
    {
        final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
        if ("auto".equalsIgnoreCase(settingValue)) {
            useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
        } else {
            useTempPw = Boolean.parseBoolean(settingValue);
        }
    }
    if (useTempPw) {
        NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
        final PasswordData temporaryPassword;
        {
            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
            temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
        }
        final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
        try {
            // set password as admin
            proxiedUser.setPassword(temporaryPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
        try {
            // bind as user
            NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
            final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
            final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
            final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
            bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
            bindAsProvider.close();
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
    } else {
        try {
            // set password
            theUser.setPassword(userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
    }
    NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
    // write data to remote web service
    remoteWriteFormData(pwmRequest, newUserForm);
    // authenticate the user to pwm
    final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
    sessionAuthenticator.authenticateUser(userIdentity, userPassword);
    {
        // execute configured actions
        final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
        if (actions != null && !actions.isEmpty()) {
            NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    // send user email
    sendNewUserEmailConfirmation(pwmRequest);
    // add audit record
    pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
    // increment the new user creation statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
    NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used : LinkedHashSet(java.util.LinkedHashSet) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) NewUserProfile(password.pwm.config.profile.NewUserProfile) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) PwmSession(password.pwm.http.PwmSession)

Example 9 with NewUserProfile

use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.

the class PasswordRequirementsTag method doEndTag.

public int doEndTag() throws javax.servlet.jsp.JspTagException {
    try {
        final PwmRequest pwmRequest = PwmRequest.forRequest((HttpServletRequest) pageContext.getRequest(), (HttpServletResponse) pageContext.getResponse());
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
        final Configuration config = pwmApplication.getConfig();
        final Locale locale = pwmSession.getSessionStateBean().getLocale();
        pwmSession.getSessionManager().getMacroMachine(pwmApplication);
        final PwmPasswordPolicy passwordPolicy;
        if (getForm() != null && getForm().equalsIgnoreCase("newuser")) {
            final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
            passwordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmApplication, locale);
        } else {
            passwordPolicy = pwmSession.getUserInfo().getPasswordPolicy();
        }
        final String configuredRuleText = passwordPolicy.getRuleText();
        if (configuredRuleText != null && configuredRuleText.length() > 0) {
            pageContext.getOut().write(configuredRuleText);
        } else {
            final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
            final String pre = prepend != null && prepend.length() > 0 ? prepend : "";
            final String sep = separator != null && separator.length() > 0 ? separator : "<br/>";
            final List<String> requirementsList = getPasswordRequirementsStrings(passwordPolicy, config, locale, macroMachine);
            final StringBuilder requirementsText = new StringBuilder();
            for (final String requirementStatement : requirementsList) {
                requirementsText.append(pre);
                requirementsText.append(requirementStatement);
                requirementsText.append(sep);
            }
            pageContext.getOut().write(requirementsText.toString());
        }
    } catch (IOException | PwmException e) {
        LOGGER.error("unexpected error during password requirements generation: " + e.getMessage(), e);
        throw new JspTagException(e.getMessage());
    }
    return EVAL_PAGE;
}
Also used : Locale(java.util.Locale) PwmApplication(password.pwm.PwmApplication) PwmRequest(password.pwm.http.PwmRequest) Configuration(password.pwm.config.Configuration) IOException(java.io.IOException) NewUserProfile(password.pwm.config.profile.NewUserProfile) PwmException(password.pwm.error.PwmException) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) MacroMachine(password.pwm.util.macro.MacroMachine) PwmSession(password.pwm.http.PwmSession) JspTagException(javax.servlet.jsp.JspTagException)

Example 10 with NewUserProfile

use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.

the class TokenService method maxTokenAge.

static TimeDuration maxTokenAge(final Configuration configuration) {
    long maxValue = 0;
    maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
    maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
    for (NewUserProfile newUserProfile : configuration.getNewUserProfiles().values()) {
        maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_EMAIL));
        maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_SMS));
    }
    return new TimeDuration(maxValue, TimeUnit.SECONDS);
}
Also used : TimeDuration(password.pwm.util.java.TimeDuration) NewUserProfile(password.pwm.config.profile.NewUserProfile)

Aggregations

NewUserProfile (password.pwm.config.profile.NewUserProfile)15 ArrayList (java.util.ArrayList)5 FormConfiguration (password.pwm.config.value.data.FormConfiguration)5 ErrorInformation (password.pwm.error.ErrorInformation)5 NewUserBean (password.pwm.http.bean.NewUserBean)5 Locale (java.util.Locale)4 PwmApplication (password.pwm.PwmApplication)4 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)4 PwmSession (password.pwm.http.PwmSession)4 MacroMachine (password.pwm.util.macro.MacroMachine)4 LinkedHashMap (java.util.LinkedHashMap)3 PwmOperationalException (password.pwm.error.PwmOperationalException)3 PasswordData (password.pwm.util.PasswordData)3 Instant (java.time.Instant)2 Configuration (password.pwm.config.Configuration)2 PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)2 PwmDataValidationException (password.pwm.error.PwmDataValidationException)2 TimeDuration (password.pwm.util.java.TimeDuration)2 ChaiUser (com.novell.ldapchai.ChaiUser)1 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1