Example 1 with StoredConfigurationImpl
use of password.pwm.config.stored.StoredConfigurationImpl in project pwm by pwm-project.
the class ConfigAccessFilter method checkAuthentication.
@SuppressWarnings("checkstyle:MethodLength")
static ProcessStatus checkAuthentication(final PwmRequest pwmRequest, final ConfigManagerBean configManagerBean) throws IOException, PwmUnrecoverableException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ConfigurationReader runningConfigReader = ContextManager.getContextManager(pwmRequest.getHttpServletRequest().getSession()).getConfigReader();
final StoredConfigurationImpl storedConfig = runningConfigReader.getStoredConfiguration();
boolean authRequired = false;
if (storedConfig.hasPassword()) {
authRequired = true;
}
if (PwmApplicationMode.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
if (!pwmRequest.isAuthenticated()) {
throw new PwmUnrecoverableException(PwmError.ERROR_AUTHENTICATION_REQUIRED);
}
if (!pwmRequest.getPwmSession().getSessionManager().checkPermission(pwmRequest.getPwmApplication(), Permission.PWMADMIN)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED);
denyAndError(pwmRequest, errorInformation);
return ProcessStatus.Halt;
}
}
if (PwmApplicationMode.CONFIGURATION != pwmRequest.getPwmApplication().getApplicationMode()) {
authRequired = true;
}
if (!authRequired) {
return ProcessStatus.Continue;
}
if (!storedConfig.hasPassword()) {
final String errorMsg = "config file does not have a configuration password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg, new String[] { errorMsg });
return denyAndError(pwmRequest, errorInformation);
}
if (configManagerBean.isPasswordVerified()) {
return ProcessStatus.Continue;
}
String persistentLoginValue = null;
boolean persistentLoginAccepted = false;
boolean persistentLoginEnabled = false;
if (pwmRequest.getConfig().isDefaultValue(PwmSetting.PWM_SECURITY_KEY)) {
LOGGER.debug(pwmRequest, "security not available, persistent login not possible.");
} else {
persistentLoginEnabled = true;
final PwmSecurityKey securityKey = pwmRequest.getConfig().getSecurityKey();
if (PwmApplicationMode.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
persistentLoginValue = SecureEngine.hash(storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH) + pwmSession.getUserInfo().getUserIdentity().toDelimitedKey(), PwmHashAlgorithm.SHA512);
} else {
persistentLoginValue = SecureEngine.hash(storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH), PwmHashAlgorithm.SHA512);
}
{
final String cookieStr = pwmRequest.readCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN);
if (securityKey != null && cookieStr != null && !cookieStr.isEmpty()) {
try {
final String jsonStr = pwmApplication.getSecureService().decryptStringValue(cookieStr);
final PersistentLoginInfo persistentLoginInfo = JsonUtil.deserialize(jsonStr, PersistentLoginInfo.class);
if (persistentLoginInfo != null && persistentLoginValue != null) {
if (persistentLoginInfo.getExpireDate().isAfter(Instant.now())) {
if (persistentLoginValue.equals(persistentLoginInfo.getPassword())) {
persistentLoginAccepted = true;
LOGGER.debug(pwmRequest, "accepting persistent config login from cookie (expires " + JavaHelper.toIsoDate(persistentLoginInfo.getExpireDate()) + ")");
}
}
}
} catch (Exception e) {
LOGGER.error(pwmRequest, "error examining persistent config login cookie: " + e.getMessage());
}
if (!persistentLoginAccepted) {
pwmRequest.getPwmResponse().removeCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, null);
LOGGER.debug(pwmRequest, "removing non-working persistent config login cookie");
}
}
}
}
final String password = pwmRequest.readParameterAsString("password");
boolean passwordAccepted = false;
if (!persistentLoginAccepted) {
if (password != null && password.length() > 0) {
if (storedConfig.verifyPassword(password, pwmRequest.getConfig())) {
passwordAccepted = true;
LOGGER.trace(pwmRequest, "valid configuration password accepted");
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), true);
} else {
LOGGER.trace(pwmRequest, "configuration password is not correct");
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
pwmApplication.getIntruderManager().mark(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME, pwmSession.getLabel());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_PASSWORD_ONLY_BAD);
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), false);
return denyAndError(pwmRequest, errorInformation);
}
}
}
if ((persistentLoginAccepted || passwordAccepted)) {
configManagerBean.setPasswordVerified(true);
pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
pwmApplication.getIntruderManager().clear(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME);
if (persistentLoginEnabled && !persistentLoginAccepted && "on".equals(pwmRequest.readParameterAsString("remember"))) {
final int persistentSeconds = figureMaxLoginSeconds(pwmRequest);
if (persistentSeconds > 0) {
final Instant expirationDate = Instant.ofEpochMilli(System.currentTimeMillis() + (persistentSeconds * 1000));
final PersistentLoginInfo persistentLoginInfo = new PersistentLoginInfo(expirationDate, persistentLoginValue);
final String jsonPersistentLoginInfo = JsonUtil.serialize(persistentLoginInfo);
final String cookieValue = pwmApplication.getSecureService().encryptToString(jsonPersistentLoginInfo);
pwmRequest.getPwmResponse().writeCookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, cookieValue, persistentSeconds);
LOGGER.debug(pwmRequest, "set persistent config login cookie (expires " + JavaHelper.toIsoDate(expirationDate) + ")");
}
}
if (configManagerBean.getPrePasswordEntryUrl() != null) {
final String originalUrl = configManagerBean.getPrePasswordEntryUrl();
configManagerBean.setPrePasswordEntryUrl(null);
pwmRequest.getPwmResponse().sendRedirect(originalUrl);
return ProcessStatus.Halt;
}
return ProcessStatus.Continue;
}
if (configManagerBean.getPrePasswordEntryUrl() == null) {
configManagerBean.setPrePasswordEntryUrl(pwmRequest.getHttpServletRequest().getRequestURL().toString());
}
forwardToJsp(pwmRequest);
return ProcessStatus.Halt;
}
Also used :
PwmApplication(password.pwm.PwmApplication)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
Instant(java.time.Instant)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey)
PwmSession(password.pwm.http.PwmSession)
ConfigurationReader(password.pwm.config.stored.ConfigurationReader)
Example 2 with StoredConfigurationImpl
use of password.pwm.config.stored.StoredConfigurationImpl in project pwm by pwm-project.
the class Configuration method getStoredConfiguration.
public StoredConfigurationImpl getStoredConfiguration() throws PwmUnrecoverableException {
final StoredConfigurationImpl copiedStoredConfiguration = StoredConfigurationImpl.copy(storedConfiguration);
copiedStoredConfiguration.lock();
return copiedStoredConfiguration;
}
Also used :
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
Example 3 with StoredConfigurationImpl
use of password.pwm.config.stored.StoredConfigurationImpl in project pwm by pwm-project.
the class ConfigGuideServlet method restSkipGuide.
@ActionHandler(action = "skipGuide")
private ProcessStatus restSkipGuide(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final Map<String, String> inputJson = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
final String password = inputJson.get("password");
final ContextManager contextManager = ContextManager.getContextManager(pwmRequest);
try {
final StoredConfigurationImpl storedConfiguration = new StoredConfigurationImpl();
storedConfiguration.writeConfigProperty(ConfigurationProperty.CONFIG_IS_EDITABLE, "true");
storedConfiguration.setPassword(password);
ConfigGuideUtils.writeConfig(contextManager, storedConfiguration);
pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown));
pwmRequest.invalidateSession();
} catch (PwmOperationalException e) {
LOGGER.error("error during skip config guide: " + e.getMessage(), e);
}
return ProcessStatus.Halt;
}
Also used :
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
ContextManager(password.pwm.http.ContextManager)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 4 with StoredConfigurationImpl
use of password.pwm.config.stored.StoredConfigurationImpl in project pwm by pwm-project.
the class ConfigGuideServlet method restWriteSetting.
@ActionHandler(action = "writeSetting")
private ProcessStatus restWriteSetting(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final String profileID = "default";
final String key = pwmRequest.readParameterAsString("key");
final String bodyString = pwmRequest.readRequestBodyAsString();
final PwmSetting setting = PwmSetting.forKey(key);
final ConfigGuideBean configGuideBean = getBean(pwmRequest);
final StoredConfigurationImpl storedConfigurationImpl = ConfigGuideForm.generateStoredConfig(configGuideBean);
final LinkedHashMap<String, Object> returnMap = new LinkedHashMap<>();
try {
final StoredValue storedValue = ValueFactory.fromJson(setting, bodyString);
final List<String> errorMsgs = storedValue.validateValue(setting);
if (errorMsgs != null && !errorMsgs.isEmpty()) {
returnMap.put("errorMessage", setting.getLabel(pwmRequest.getLocale()) + ": " + errorMsgs.get(0));
}
if (setting == PwmSetting.CHALLENGE_RANDOM_CHALLENGES) {
configGuideBean.getFormData().put(ConfigGuideFormField.CHALLENGE_RESPONSE_DATA, JsonUtil.serialize((Serializable) storedValue.toNativeObject()));
}
} catch (Exception e) {
final String errorMsg = "error writing default value for setting " + setting.toString() + ", error: " + e.getMessage();
LOGGER.error(errorMsg, e);
throw new IllegalStateException(errorMsg, e);
}
returnMap.put("key", key);
returnMap.put("category", setting.getCategory().toString());
returnMap.put("syntax", setting.getSyntax().toString());
returnMap.put("isDefault", storedConfigurationImpl.isDefaultValue(setting, profileID));
pwmRequest.outputJsonResult(RestResultBean.withData(returnMap));
return ProcessStatus.Halt;
}
Also used :
PwmSetting(password.pwm.config.PwmSetting)
ConfigGuideBean(password.pwm.http.bean.ConfigGuideBean)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
Serializable(java.io.Serializable)
StoredValue(password.pwm.config.StoredValue)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
LinkedHashMap(java.util.LinkedHashMap)
Example 5 with StoredConfigurationImpl
use of password.pwm.config.stored.StoredConfigurationImpl in project pwm by pwm-project.
the class ConfigManagerServlet method doDownloadConfig.
private void doDownloadConfig(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmResponse resp = pwmRequest.getPwmResponse();
try {
final StoredConfigurationImpl storedConfiguration = readCurrentConfiguration(pwmRequest);
final OutputStream responseWriter = resp.getOutputStream();
resp.setHeader(HttpHeader.ContentDisposition, "attachment;filename=" + PwmConstants.DEFAULT_CONFIG_FILE_FILENAME);
resp.setContentType(HttpContentType.xml);
storedConfiguration.toXml(responseWriter);
responseWriter.close();
} catch (Exception e) {
LOGGER.error(pwmSession, "unable to download configuration: " + e.getMessage());
}
}
Also used :
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
PwmResponse(password.pwm.http.PwmResponse)
ZipOutputStream(java.util.zip.ZipOutputStream)
OutputStream(java.io.OutputStream)
PwmSession(password.pwm.http.PwmSession)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
Aggregations
StoredConfigurationImpl (password.pwm.config.stored.StoredConfigurationImpl)34
PwmException (password.pwm.error.PwmException)11
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)11
IOException (java.io.IOException)9
ServletException (javax.servlet.ServletException)9
PwmSetting (password.pwm.config.PwmSetting)9
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)8
LinkedHashMap (java.util.LinkedHashMap)8
ConfigurationReader (password.pwm.config.stored.ConfigurationReader)7
ErrorInformation (password.pwm.error.ErrorInformation)7
PwmOperationalException (password.pwm.error.PwmOperationalException)7
ConfigManagerBean (password.pwm.http.bean.ConfigManagerBean)7
ConfigGuideBean (password.pwm.http.bean.ConfigGuideBean)6
ArrayList (java.util.ArrayList)5
PwmApplication (password.pwm.PwmApplication)5
StoredValue (password.pwm.config.StoredValue)5
PwmLocaleBundle (password.pwm.i18n.PwmLocaleBundle)5
RestResultBean (password.pwm.ws.server.RestResultBean)5
Instant (java.time.Instant)4
List (java.util.List)4
