use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.
the class ActivateUserServlet method handleActivateRequest.
@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Configuration config = pwmApplication.getConfig();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
throw new PwmUnrecoverableException(errorInfo);
}
}
pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
Map<FormConfiguration, String> formValues = new HashMap<>();
try {
// read the values from the request
formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
// check for intruders
pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
// read the context attr
final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
// read the profile attr
final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
// see if the values meet the configured form requirements.
FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
// read an ldap user object based on the params
final UserIdentity userIdentity;
{
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
}
ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
throw new PwmUnrecoverableException(errorInformation);
}
final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
activateUserBean.setUserIdentity(userIdentity);
activateUserBean.setFormValidated(true);
pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
} catch (PwmOperationalException e) {
pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
setLastError(pwmRequest, e.getErrorInformation());
LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
}
return ProcessStatus.Continue;
}
use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.
the class GuestRegistrationServlet method handleUpdateRequest.
protected void handleUpdateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
// Fetch the session state bean.
final PwmSession pwmSession = pwmRequest.getPwmSession();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmApplication.getConfig();
final List<FormConfiguration> formItems = pwmApplication.getConfig().readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
try {
// read the values from the request
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItems, pwmRequest.getLocale());
// see if the values meet form requirements.
FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
// read current values from user.
final ChaiUser theGuest = pwmSession.getSessionManager().getActor(pwmApplication, guestRegistrationBean.getUpdateUserIdentity());
// check unique fields against ldap
FormUtility.validateFormValueUniqueness(pwmApplication, formValues, ssBean.getLocale(), Collections.singletonList(guestRegistrationBean.getUpdateUserIdentity()));
final Instant expirationDate = readExpirationFromRequest(pwmRequest);
// Update user attributes
LdapOperationsHelper.writeFormValuesToLdap(pwmApplication, pwmSession.getSessionManager().getMacroMachine(pwmApplication), theGuest, formValues, false);
// Write expirationDate
if (expirationDate != null) {
theGuest.writeDateAttribute(expirationAttribute, expirationDate);
}
// send email.
final UserInfo guestUserInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmRequest.getSessionLabel(), pwmRequest.getLocale(), guestRegistrationBean.getUpdateUserIdentity(), theGuest.getChaiProvider());
this.sendUpdateGuestEmailConfirmation(pwmRequest, guestUserInfoBean);
pwmApplication.getStatisticsManager().incrementValue(Statistic.UPDATED_GUESTS);
// everything good so forward to confirmation page.
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateGuest);
return;
} catch (PwmOperationalException e) {
LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
setLastError(pwmRequest, e.getErrorInformation());
} catch (ChaiOperationException e) {
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error writing to ldap: " + e.getMessage());
LOGGER.error(pwmSession, info);
setLastError(pwmRequest, info);
}
this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
}
use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.
the class ActivateUserUtils method validateParamsAgainstLDAP.
static void validateParamsAgainstLDAP(final PwmRequest pwmRequest, final Map<FormConfiguration, String> formValues, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmDataValidationException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final String searchFilter = figureLdapSearchFilter(pwmRequest);
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
final String attrName = formItem.getName();
final String tokenizedAttrName = "%" + attrName + "%";
if (searchFilter.contains(tokenizedAttrName)) {
LOGGER.trace(pwmSession, "skipping validation of ldap value for '" + attrName + "' because it is in search filter");
} else {
final String value = entry.getValue();
try {
if (!chaiUser.compareStringAttribute(attrName, value)) {
final String errorMsg = "incorrect value for '" + attrName + "'";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, errorMsg, new String[] { attrName });
LOGGER.debug(pwmSession.getLabel(), errorInfo.toDebugStr());
throw new PwmDataValidationException(errorInfo);
}
LOGGER.trace(pwmSession.getLabel(), "successful validation of ldap value for '" + attrName + "'");
} catch (ChaiOperationException e) {
LOGGER.error(pwmSession.getLabel(), "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, "ldap error testing value for '" + attrName + "'", new String[] { attrName }));
}
}
}
}
use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.
the class ActivateUserUtils method figureLdapSearchFilter.
static String figureLdapSearchFilter(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmApplication.getConfig();
final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
final String configuredSearchFilter = config.readSettingAsString(PwmSetting.ACTIVATE_USER_SEARCH_FILTER);
final String searchFilter;
if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, configuredActivationForm);
LOGGER.trace(pwmRequest, "auto generated search filter based on activation form: " + searchFilter);
} else {
searchFilter = configuredSearchFilter;
}
return searchFilter;
}
use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.
the class ChangePasswordServlet method processFormAction.
@ActionHandler(action = "form")
ProcessStatus processFormAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
final LoginInfoBean loginBean = pwmRequest.getPwmSession().getLoginInfoBean();
final PasswordData currentPassword = pwmRequest.readParameterAsPassword("currentPassword");
// check the current password
if (cpb.isCurrentPasswordRequired() && loginBean.getUserCurrentPassword() != null) {
if (currentPassword == null) {
LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is missing");
setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER));
return ProcessStatus.Continue;
}
final boolean passed;
{
final boolean caseSensitive = Boolean.parseBoolean(userInfo.getPasswordPolicy().getValue(PwmPasswordRule.CaseSensitive));
final PasswordData storedPassword = loginBean.getUserCurrentPassword();
passed = caseSensitive ? storedPassword.equals(currentPassword) : storedPassword.equalsIgnoreCase(currentPassword);
}
if (!passed) {
pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is incorrect");
setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_BAD_CURRENT_PASSWORD));
return ProcessStatus.Continue;
}
cpb.setCurrentPasswordPassed(true);
}
final List<FormConfiguration> formItem = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PASSWORD_REQUIRE_FORM);
try {
// read the values from the request
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItem, ssBean.getLocale());
ChangePasswordServletUtil.validateParamsAgainstLDAP(formValues, pwmRequest.getPwmSession(), pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication()));
cpb.setFormPassed(true);
} catch (PwmOperationalException e) {
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAddressAndSession(pwmRequest.getPwmSession());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
LOGGER.debug(pwmRequest, e.getErrorInformation());
setLastError(pwmRequest, e.getErrorInformation());
return ProcessStatus.Continue;
}
return ProcessStatus.Continue;
}
Aggregations