use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserServlet method handleEnterCodeRequest.
@ActionHandler(action = "enterCode")
private ProcessStatus handleEnterCodeRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final NewUserBean newUserBean = getNewUserBean(pwmRequest);
final NewUserProfile newUserProfile = getNewUserProfile(pwmRequest);
final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
final TokenDestinationItem tokenDestinationItem = NewUserUtils.tokenDestinationItemForCurrentValidation(pwmRequest, newUserBean, newUserProfile);
ErrorInformation errorInformation = null;
TokenPayload tokenPayload = null;
try {
tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, tokenDestinationItem, null, TokenType.NEWUSER, TokenService.TokenEntryType.unauthenticated);
} catch (PwmUnrecoverableException e) {
LOGGER.debug(pwmRequest, "error while checking entered token: ");
errorInformation = e.getErrorInformation();
}
if (tokenPayload != null) {
try {
final NewUserTokenData newUserTokenData = NewUserFormUtils.fromTokenPayload(pwmRequest, tokenPayload);
newUserBean.setProfileID(newUserTokenData.getProfileID());
final NewUserForm newUserFormFromToken = newUserTokenData.getFormData();
final TokenDestinationItem.Type tokenType = tokenPayload.getDestination().getType();
if (tokenType == TokenDestinationItem.Type.email) {
try {
verifyForm(pwmRequest, newUserFormFromToken, false);
newUserBean.setRemoteInputData(newUserTokenData.getInjectionData());
newUserBean.setNewUserForm(newUserFormFromToken);
newUserBean.setProfileID(newUserTokenData.getProfileID());
newUserBean.setFormPassed(true);
newUserBean.getCompletedTokenFields().addAll(newUserTokenData.getCompletedTokenFields());
newUserBean.setCurrentTokenField(newUserTokenData.getCurrentTokenField());
} catch (PwmUnrecoverableException | PwmOperationalException e) {
LOGGER.error(pwmRequest, "while reading stored form data in token payload, form validation error occurred: " + e.getMessage());
errorInformation = e.getErrorInformation();
}
} else if (tokenType == TokenDestinationItem.Type.sms) {
if (newUserBean.getNewUserForm() == null || !newUserBean.getNewUserForm().isConsistentWith(newUserFormFromToken)) {
LOGGER.debug(pwmRequest, "token value is valid, but form data does not match current session form data");
final String errorMsg = "sms token does not match current session";
errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
}
}
} catch (PwmOperationalException e) {
errorInformation = e.getErrorInformation();
}
}
if (errorInformation != null) {
LOGGER.debug(pwmSession, errorInformation.toDebugStr());
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
LOGGER.debug(pwmRequest, "marking token as passed " + JsonUtil.serialize(tokenDestinationItem));
newUserBean.getCompletedTokenFields().add(newUserBean.getCurrentTokenField());
newUserBean.setTokenSent(false);
newUserBean.setCurrentTokenField(null);
if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
pwmRequest.forwardToJsp(JspUrl.NEW_USER_TOKEN_SUCCESS);
return ProcessStatus.Halt;
}
return ProcessStatus.Continue;
}
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserServlet method handleComplete.
@ActionHandler(action = "complete")
private ProcessStatus handleComplete(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
final NewUserBean newUserBean = getNewUserBean(pwmRequest);
final Instant startTime = newUserBean.getCreateStartTime();
if (startTime == null) {
pwmRequest.respondWithError(PwmError.ERROR_INCORRECT_REQ_SEQUENCE.toInfo(), true);
return ProcessStatus.Halt;
}
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final long minWaitTime = newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_MINIMUM_WAIT_TIME) * 1000L;
final Instant completeTime = Instant.ofEpochMilli(startTime.toEpochMilli() + minWaitTime);
// be sure minimum wait time has passed
if (Instant.now().isBefore(completeTime)) {
pwmRequest.forwardToJsp(JspUrl.NEW_USER_WAIT);
return ProcessStatus.Halt;
}
// -- process complete -- \\
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, NewUserBean.class);
final String configuredRedirectUrl = newUserProfile.readSettingAsString(PwmSetting.NEWUSER_REDIRECT_URL);
if (!StringUtil.isEmpty(configuredRedirectUrl) && StringUtil.isEmpty(pwmRequest.getPwmSession().getSessionStateBean().getForwardURL())) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
final String macroedUrl = macroMachine.expandMacros(configuredRedirectUrl);
pwmRequest.sendRedirect(macroedUrl);
return ProcessStatus.Halt;
}
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateUser);
return ProcessStatus.Halt;
}
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class PasswordRequirementsTag method doEndTag.
public int doEndTag() throws javax.servlet.jsp.JspTagException {
try {
final PwmRequest pwmRequest = PwmRequest.forRequest((HttpServletRequest) pageContext.getRequest(), (HttpServletResponse) pageContext.getResponse());
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmApplication.getConfig();
final Locale locale = pwmSession.getSessionStateBean().getLocale();
pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final PwmPasswordPolicy passwordPolicy;
if (getForm() != null && getForm().equalsIgnoreCase("newuser")) {
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
passwordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmApplication, locale);
} else {
passwordPolicy = pwmSession.getUserInfo().getPasswordPolicy();
}
final String configuredRuleText = passwordPolicy.getRuleText();
if (configuredRuleText != null && configuredRuleText.length() > 0) {
pageContext.getOut().write(configuredRuleText);
} else {
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final String pre = prepend != null && prepend.length() > 0 ? prepend : "";
final String sep = separator != null && separator.length() > 0 ? separator : "<br/>";
final List<String> requirementsList = getPasswordRequirementsStrings(passwordPolicy, config, locale, macroMachine);
final StringBuilder requirementsText = new StringBuilder();
for (final String requirementStatement : requirementsList) {
requirementsText.append(pre);
requirementsText.append(requirementStatement);
requirementsText.append(sep);
}
pageContext.getOut().write(requirementsText.toString());
}
} catch (IOException | PwmException e) {
LOGGER.error("unexpected error during password requirements generation: " + e.getMessage(), e);
throw new JspTagException(e.getMessage());
}
return EVAL_PAGE;
}
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class TokenService method maxTokenAge.
static TimeDuration maxTokenAge(final Configuration configuration) {
long maxValue = 0;
maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
for (NewUserProfile newUserProfile : configuration.getNewUserProfiles().values()) {
maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_EMAIL));
maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_SMS));
}
return new TimeDuration(maxValue, TimeUnit.SECONDS);
}
Aggregations