Example 6 with NewUserProfile
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserServlet method handleEnterCodeRequest.
@ActionHandler(action = "enterCode")
private ProcessStatus handleEnterCodeRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final NewUserBean newUserBean = getNewUserBean(pwmRequest);
final NewUserProfile newUserProfile = getNewUserProfile(pwmRequest);
final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
final TokenDestinationItem tokenDestinationItem = NewUserUtils.tokenDestinationItemForCurrentValidation(pwmRequest, newUserBean, newUserProfile);
ErrorInformation errorInformation = null;
TokenPayload tokenPayload = null;
try {
tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, tokenDestinationItem, null, TokenType.NEWUSER, TokenService.TokenEntryType.unauthenticated);
} catch (PwmUnrecoverableException e) {
LOGGER.debug(pwmRequest, "error while checking entered token: ");
errorInformation = e.getErrorInformation();
}
if (tokenPayload != null) {
try {
final NewUserTokenData newUserTokenData = NewUserFormUtils.fromTokenPayload(pwmRequest, tokenPayload);
newUserBean.setProfileID(newUserTokenData.getProfileID());
final NewUserForm newUserFormFromToken = newUserTokenData.getFormData();
final TokenDestinationItem.Type tokenType = tokenPayload.getDestination().getType();
if (tokenType == TokenDestinationItem.Type.email) {
try {
verifyForm(pwmRequest, newUserFormFromToken, false);
newUserBean.setRemoteInputData(newUserTokenData.getInjectionData());
newUserBean.setNewUserForm(newUserFormFromToken);
newUserBean.setProfileID(newUserTokenData.getProfileID());
newUserBean.setFormPassed(true);
newUserBean.getCompletedTokenFields().addAll(newUserTokenData.getCompletedTokenFields());
newUserBean.setCurrentTokenField(newUserTokenData.getCurrentTokenField());
} catch (PwmUnrecoverableException | PwmOperationalException e) {
LOGGER.error(pwmRequest, "while reading stored form data in token payload, form validation error occurred: " + e.getMessage());
errorInformation = e.getErrorInformation();
}
} else if (tokenType == TokenDestinationItem.Type.sms) {
if (newUserBean.getNewUserForm() == null || !newUserBean.getNewUserForm().isConsistentWith(newUserFormFromToken)) {
LOGGER.debug(pwmRequest, "token value is valid, but form data does not match current session form data");
final String errorMsg = "sms token does not match current session";
errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
}
}
} catch (PwmOperationalException e) {
errorInformation = e.getErrorInformation();
}
}
if (errorInformation != null) {
LOGGER.debug(pwmSession, errorInformation.toDebugStr());
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
LOGGER.debug(pwmRequest, "marking token as passed " + JsonUtil.serialize(tokenDestinationItem));
newUserBean.getCompletedTokenFields().add(newUserBean.getCurrentTokenField());
newUserBean.setTokenSent(false);
newUserBean.setCurrentTokenField(null);
if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
pwmRequest.forwardToJsp(JspUrl.NEW_USER_TOKEN_SUCCESS);
return ProcessStatus.Halt;
}
return ProcessStatus.Continue;
}
Also used :
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
TokenPayload(password.pwm.svc.token.TokenPayload)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSession(password.pwm.http.PwmSession)
NewUserBean(password.pwm.http.bean.NewUserBean)
Example 7 with NewUserProfile
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserServlet method handleComplete.
@ActionHandler(action = "complete")
private ProcessStatus handleComplete(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
final NewUserBean newUserBean = getNewUserBean(pwmRequest);
final Instant startTime = newUserBean.getCreateStartTime();
if (startTime == null) {
pwmRequest.respondWithError(PwmError.ERROR_INCORRECT_REQ_SEQUENCE.toInfo(), true);
return ProcessStatus.Halt;
}
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final long minWaitTime = newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_MINIMUM_WAIT_TIME) * 1000L;
final Instant completeTime = Instant.ofEpochMilli(startTime.toEpochMilli() + minWaitTime);
// be sure minimum wait time has passed
if (Instant.now().isBefore(completeTime)) {
pwmRequest.forwardToJsp(JspUrl.NEW_USER_WAIT);
return ProcessStatus.Halt;
}
// -- process complete -- \\
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, NewUserBean.class);
final String configuredRedirectUrl = newUserProfile.readSettingAsString(PwmSetting.NEWUSER_REDIRECT_URL);
if (!StringUtil.isEmpty(configuredRedirectUrl) && StringUtil.isEmpty(pwmRequest.getPwmSession().getSessionStateBean().getForwardURL())) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
final String macroedUrl = macroMachine.expandMacros(configuredRedirectUrl);
pwmRequest.sendRedirect(macroedUrl);
return ProcessStatus.Halt;
}
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateUser);
return ProcessStatus.Halt;
}
Also used :
Instant(java.time.Instant)
MacroMachine(password.pwm.util.macro.MacroMachine)
NewUserBean(password.pwm.http.bean.NewUserBean)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
Example 8 with NewUserProfile
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ActionExecutor(password.pwm.util.operations.ActionExecutor)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmSession(password.pwm.http.PwmSession)
Example 9 with NewUserProfile
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class PasswordRequirementsTag method doEndTag.
public int doEndTag() throws javax.servlet.jsp.JspTagException {
try {
final PwmRequest pwmRequest = PwmRequest.forRequest((HttpServletRequest) pageContext.getRequest(), (HttpServletResponse) pageContext.getResponse());
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmApplication.getConfig();
final Locale locale = pwmSession.getSessionStateBean().getLocale();
pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final PwmPasswordPolicy passwordPolicy;
if (getForm() != null && getForm().equalsIgnoreCase("newuser")) {
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
passwordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmApplication, locale);
} else {
passwordPolicy = pwmSession.getUserInfo().getPasswordPolicy();
}
final String configuredRuleText = passwordPolicy.getRuleText();
if (configuredRuleText != null && configuredRuleText.length() > 0) {
pageContext.getOut().write(configuredRuleText);
} else {
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final String pre = prepend != null && prepend.length() > 0 ? prepend : "";
final String sep = separator != null && separator.length() > 0 ? separator : "<br/>";
final List<String> requirementsList = getPasswordRequirementsStrings(passwordPolicy, config, locale, macroMachine);
final StringBuilder requirementsText = new StringBuilder();
for (final String requirementStatement : requirementsList) {
requirementsText.append(pre);
requirementsText.append(requirementStatement);
requirementsText.append(sep);
}
pageContext.getOut().write(requirementsText.toString());
}
} catch (IOException | PwmException e) {
LOGGER.error("unexpected error during password requirements generation: " + e.getMessage(), e);
throw new JspTagException(e.getMessage());
}
return EVAL_PAGE;
}
Also used :
Locale(java.util.Locale)
PwmApplication(password.pwm.PwmApplication)
PwmRequest(password.pwm.http.PwmRequest)
Configuration(password.pwm.config.Configuration)
IOException(java.io.IOException)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
PwmException(password.pwm.error.PwmException)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
MacroMachine(password.pwm.util.macro.MacroMachine)
PwmSession(password.pwm.http.PwmSession)
JspTagException(javax.servlet.jsp.JspTagException)
Example 10 with NewUserProfile
use of password.pwm.config.profile.NewUserProfile in project pwm by pwm-project.
the class TokenService method maxTokenAge.
static TimeDuration maxTokenAge(final Configuration configuration) {
long maxValue = 0;
maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
maxValue = Math.max(maxValue, configuration.readSettingAsLong(PwmSetting.TOKEN_LIFETIME));
for (NewUserProfile newUserProfile : configuration.getNewUserProfiles().values()) {
maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_EMAIL));
maxValue = Math.max(maxValue, newUserProfile.readSettingAsLong(PwmSetting.NEWUSER_TOKEN_LIFETIME_SMS));
}
return new TimeDuration(maxValue, TimeUnit.SECONDS);
}
Also used :
TimeDuration(password.pwm.util.java.TimeDuration)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
Aggregations
NewUserProfile (password.pwm.config.profile.NewUserProfile)15
ArrayList (java.util.ArrayList)5
FormConfiguration (password.pwm.config.value.data.FormConfiguration)5
ErrorInformation (password.pwm.error.ErrorInformation)5
NewUserBean (password.pwm.http.bean.NewUserBean)5
Locale (java.util.Locale)4
PwmApplication (password.pwm.PwmApplication)4
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)4
PwmSession (password.pwm.http.PwmSession)4
MacroMachine (password.pwm.util.macro.MacroMachine)4
LinkedHashMap (java.util.LinkedHashMap)3
PwmOperationalException (password.pwm.error.PwmOperationalException)3
PasswordData (password.pwm.util.PasswordData)3
Instant (java.time.Instant)2
Configuration (password.pwm.config.Configuration)2
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)2
PwmDataValidationException (password.pwm.error.PwmDataValidationException)2
TimeDuration (password.pwm.util.java.TimeDuration)2
ChaiUser (com.novell.ldapchai.ChaiUser)1
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1
