Example 16 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class PasswordUtility method setPassword.
public static void setPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final ChaiProvider chaiProvider, final UserInfo userInfo, final PasswordData oldPassword, final PasswordData newPassword) throws PwmUnrecoverableException, PwmOperationalException {
final UserIdentity userIdentity = userInfo.getUserIdentity();
final Instant startTime = Instant.now();
final boolean bindIsSelf;
final String bindDN;
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
final Locale locale = PwmConstants.DEFAULT_LOCALE;
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, theUser, locale);
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
} catch (PwmException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
bindDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
bindIsSelf = userIdentity.canonicalEquals(new UserIdentity(bindDN, userIdentity.getLdapProfileID()), pwmApplication);
LOGGER.trace(sessionLabel, "preparing to setActorPassword for '" + theUser.getEntryDN() + "', using bind DN: " + bindDN);
final boolean settingEnableChange = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE));
if (settingEnableChange) {
if (oldPassword == null) {
theUser.setPassword(newPassword.getStringValue(), true);
} else {
theUser.changePassword(oldPassword.getStringValue(), newPassword.getStringValue());
}
} else {
LOGGER.debug(sessionLabel, "skipping actual ldap password change operation due to app property " + AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE.getKey() + "=false");
}
} catch (ChaiPasswordPolicyException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiOperationException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.getMessage();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
// add the old password to the global history list (if the old password is known)
if (oldPassword != null && pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PASSWORD_SHAREDHISTORY_ENABLE)) {
pwmApplication.getSharedHistoryManager().addWord(sessionLabel, oldPassword.getStringValue());
}
// update stats
pwmApplication.getStatisticsManager().updateEps(EpsStatistic.PASSWORD_CHANGES, 1);
final int passwordStrength = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), newPassword.getStringValue());
pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_STRENGTH, passwordStrength);
// at this point the password has been changed, so log it.
final String msg = (bindIsSelf ? "user " + userIdentity.toDisplayString() + " has changed own password" : "password for user '" + userIdentity.toDisplayString() + "' has been changed by " + bindDN) + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
LOGGER.info(sessionLabel, msg);
}
Also used :
Locale(java.util.Locale)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
Instant(java.time.Instant)
PwmError(password.pwm.error.PwmError)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 17 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class RestSetPasswordServer method doSetPassword.
private static RestResultBean doSetPassword(final RestRequest restRequest, final JsonInputData jsonInputData) {
final String password = jsonInputData.getPassword();
final boolean random = jsonInputData.isRandom();
if ((password == null || password.length() < 1) && !random) {
final String errorMessage = "field '" + FIELD_PASSWORD + "' must have a value or field '" + FIELD_RANDOM + "' must be set to true";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMessage, new String[] { FIELD_PASSWORD });
return RestResultBean.fromError(restRequest, errorInformation);
}
if ((password != null && password.length() > 0) && random) {
final String errorMessage = "field '" + FIELD_PASSWORD + "' cannot have a value or field '" + FIELD_RANDOM + "' must be set to true";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMessage, new String[] { FIELD_PASSWORD });
return RestResultBean.fromError(restRequest, errorInformation);
}
try {
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, jsonInputData.username);
final PasswordData newPassword;
if (random) {
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), targetUserIdentity.getChaiUser(), restRequest.getLocale());
newPassword = RandomPasswordGenerator.createRandomPassword(restRequest.getSessionLabel(), passwordPolicy, restRequest.getPwmApplication());
} else {
newPassword = new PasswordData(password);
}
final PasswordData oldPassword;
if (targetUserIdentity.isSelf()) {
final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(restRequest.getPwmApplication(), restRequest.getHttpServletRequest());
oldPassword = basicAuthInfo == null ? null : basicAuthInfo.getPassword();
} else {
oldPassword = null;
}
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), restRequest.getLocale());
PasswordUtility.setPassword(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getChaiProvider(), userInfo, oldPassword, newPassword);
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_SETPASSWORD);
final JsonInputData jsonResultData = new JsonInputData(targetUserIdentity.getUserIdentity().toDelimitedKey(), null, random);
return RestResultBean.forSuccessMessage(jsonResultData, restRequest, Message.Success_PasswordChange);
} catch (PwmException e) {
LOGGER.error("error during set password REST operation: " + e.getMessage());
return RestResultBean.fromError(restRequest, e.getErrorInformation());
} catch (Exception e) {
final String errorMessage = "unexpected error executing web service: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMessage);
LOGGER.error("error during set password REST operation: " + e.getMessage(), e);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
Also used :
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
Example 18 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class Configuration method initPasswordPolicy.
protected PwmPasswordPolicy initPasswordPolicy(final String profile, final Locale locale) {
final Map<String, String> passwordPolicySettings = new LinkedHashMap<>();
for (final PwmPasswordRule rule : PwmPasswordRule.values()) {
if (rule.getPwmSetting() != null || rule.getAppProperty() != null) {
final String value;
final PwmSetting pwmSetting = rule.getPwmSetting();
switch(rule) {
case DisallowedAttributes:
case DisallowedValues:
case CharGroupsValues:
value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), "\n");
break;
case RegExMatch:
case RegExNoMatch:
value = StringHelper.stringCollectionToString(JavaTypeConverter.valueToStringArray(storedConfiguration.readSetting(pwmSetting, profile)), ";;;");
break;
case ChangeMessage:
value = JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(pwmSetting, profile), locale);
break;
case ADComplexityLevel:
value = JavaTypeConverter.valueToEnum(pwmSetting, storedConfiguration.readSetting(pwmSetting, profile), ADPolicyComplexity.class).toString();
break;
case AllowMacroInRegExSetting:
value = readAppProperty(AppProperty.ALLOW_MACRO_IN_REGEX_SETTING);
break;
default:
value = String.valueOf(storedConfiguration.readSetting(pwmSetting, profile).toNativeObject());
}
passwordPolicySettings.put(rule.getKey(), value);
}
}
// set case sensitivity
final String caseSensitivitySetting = JavaTypeConverter.valueToString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
if (!"read".equals(caseSensitivitySetting)) {
passwordPolicySettings.put(PwmPasswordRule.CaseSensitive.getKey(), caseSensitivitySetting);
}
// set pwm-specific values
final PwmPasswordPolicy passwordPolicy = PwmPasswordPolicy.createPwmPasswordPolicy(passwordPolicySettings);
passwordPolicy.setProfileID(profile);
{
final List<UserPermission> queryMatch = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_QUERY_MATCH, profile).toNativeObject();
passwordPolicy.setUserPermissions(queryMatch);
}
passwordPolicy.setRuleText(JavaTypeConverter.valueToLocalizedString(storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_RULE_TEXT, profile), locale));
return passwordPolicy;
}
Also used :
PwmPasswordRule(password.pwm.config.profile.PwmPasswordRule)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedHashMap(java.util.LinkedHashMap)
UserPermission(password.pwm.config.value.data.UserPermission)
Example 19 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class Configuration method getPasswordPolicy.
public PwmPasswordPolicy getPasswordPolicy(final String profile, final Locale locale) {
if (dataCache.cachedPasswordPolicy.containsKey(profile) && dataCache.cachedPasswordPolicy.get(profile).containsKey(locale)) {
return dataCache.cachedPasswordPolicy.get(profile).get(locale);
}
final PwmPasswordPolicy policy = initPasswordPolicy(profile, locale);
if (!dataCache.cachedPasswordPolicy.containsKey(profile)) {
dataCache.cachedPasswordPolicy.put(profile, new LinkedHashMap<>());
}
dataCache.cachedPasswordPolicy.get(profile).put(locale, policy);
return policy;
}
Also used :
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
Example 20 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class AccountInformationBean method makePasswordRules.
private static List<String> makePasswordRules(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final PwmPasswordPolicy pwmPasswordPolicy = pwmRequest.getPwmSession().getUserInfo().getPasswordPolicy();
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
final List<String> rules = PasswordRequirementsTag.getPasswordRequirementsStrings(pwmPasswordPolicy, pwmRequest.getConfig(), pwmRequest.getLocale(), macroMachine);
return Collections.unmodifiableList(rules);
}
Also used :
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
MacroMachine(password.pwm.util.macro.MacroMachine)
Aggregations
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)21
ErrorInformation (password.pwm.error.ErrorInformation)10
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)8
ChaiUser (com.novell.ldapchai.ChaiUser)7
PasswordData (password.pwm.util.PasswordData)7
Instant (java.time.Instant)6
ArrayList (java.util.ArrayList)6
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)5
List (java.util.List)5
Locale (java.util.Locale)5
UserIdentity (password.pwm.bean.UserIdentity)5
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)4
UserInfo (password.pwm.ldap.UserInfo)4
PwmApplication (password.pwm.PwmApplication)3
Configuration (password.pwm.config.Configuration)3
PwmException (password.pwm.error.PwmException)3
PwmOperationalException (password.pwm.error.PwmOperationalException)3
PwmSession (password.pwm.http.PwmSession)3
MacroMachine (password.pwm.util.macro.MacroMachine)3
