Examples with FormConfiguration password.pwm.config.value.data.FormConfiguration used on opensource projects

Example 16 with FormConfiguration

use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.

the class ActivateUserServlet method handleActivateRequest.

@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            throw new PwmUnrecoverableException(errorInfo);
        }
    }
    pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
    final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        // read the values from the request
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
        // check for intruders
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // read the context attr
        final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
        // read the profile attr
        final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
        // read an ldap user object based on the params
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
        }
        ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
        final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
        if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
            final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
            pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            throw new PwmUnrecoverableException(errorInformation);
        }
        final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
        activateUserBean.setUserIdentity(userIdentity);
        activateUserBean.setFormValidated(true);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
    } catch (PwmOperationalException e) {
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
    }
    return ProcessStatus.Continue;
}

Example 17 with FormConfiguration

use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.

the class GuestRegistrationServlet method handleUpdateRequest.

protected void handleUpdateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    // Fetch the session state bean.
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final List<FormConfiguration> formItems = pwmApplication.getConfig().readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
    final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItems, pwmRequest.getLocale());
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        // read current values from user.
        final ChaiUser theGuest = pwmSession.getSessionManager().getActor(pwmApplication, guestRegistrationBean.getUpdateUserIdentity());
        // check unique fields against ldap
        FormUtility.validateFormValueUniqueness(pwmApplication, formValues, ssBean.getLocale(), Collections.singletonList(guestRegistrationBean.getUpdateUserIdentity()));
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // Update user attributes
        LdapOperationsHelper.writeFormValuesToLdap(pwmApplication, pwmSession.getSessionManager().getMacroMachine(pwmApplication), theGuest, formValues, false);
        // Write expirationDate
        if (expirationDate != null) {
            theGuest.writeDateAttribute(expirationAttribute, expirationDate);
        }
        // send email.
        final UserInfo guestUserInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmRequest.getSessionLabel(), pwmRequest.getLocale(), guestRegistrationBean.getUpdateUserIdentity(), theGuest.getChaiProvider());
        this.sendUpdateGuestEmailConfirmation(pwmRequest, guestUserInfoBean);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.UPDATED_GUESTS);
        // everything good so forward to confirmation page.
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateGuest);
        return;
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error writing to ldap: " + e.getMessage());
        LOGGER.error(pwmSession, info);
        setLastError(pwmRequest, info);
    }
    this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
}

Example 18 with FormConfiguration

use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.

the class ActivateUserUtils method validateParamsAgainstLDAP.

static void validateParamsAgainstLDAP(final PwmRequest pwmRequest, final Map<FormConfiguration, String> formValues, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmDataValidationException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final String searchFilter = figureLdapSearchFilter(pwmRequest);
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
    for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
        final FormConfiguration formItem = entry.getKey();
        final String attrName = formItem.getName();
        final String tokenizedAttrName = "%" + attrName + "%";
        if (searchFilter.contains(tokenizedAttrName)) {
            LOGGER.trace(pwmSession, "skipping validation of ldap value for '" + attrName + "' because it is in search filter");
        } else {
            final String value = entry.getValue();
            try {
                if (!chaiUser.compareStringAttribute(attrName, value)) {
                    final String errorMsg = "incorrect value for '" + attrName + "'";
                    final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, errorMsg, new String[] { attrName });
                    LOGGER.debug(pwmSession.getLabel(), errorInfo.toDebugStr());
                    throw new PwmDataValidationException(errorInfo);
                }
                LOGGER.trace(pwmSession.getLabel(), "successful validation of ldap value for '" + attrName + "'");
            } catch (ChaiOperationException e) {
                LOGGER.error(pwmSession.getLabel(), "error during param validation of '" + attrName + "', error: " + e.getMessage());
                throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, "ldap error testing value for '" + attrName + "'", new String[] { attrName }));
            }
        }
    }
}

Example 19 with FormConfiguration

use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.

the class ActivateUserUtils method figureLdapSearchFilter.

static String figureLdapSearchFilter(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
    final String configuredSearchFilter = config.readSettingAsString(PwmSetting.ACTIVATE_USER_SEARCH_FILTER);
    final String searchFilter;
    if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
        searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, configuredActivationForm);
        LOGGER.trace(pwmRequest, "auto generated search filter based on activation form: " + searchFilter);
    } else {
        searchFilter = configuredSearchFilter;
    }
    return searchFilter;
}

Example 20 with FormConfiguration

use of password.pwm.config.value.data.FormConfiguration in project pwm by pwm-project.

the class ChangePasswordServlet method processFormAction.

@ActionHandler(action = "form")
ProcessStatus processFormAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
    final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
    final LoginInfoBean loginBean = pwmRequest.getPwmSession().getLoginInfoBean();
    final PasswordData currentPassword = pwmRequest.readParameterAsPassword("currentPassword");
    // check the current password
    if (cpb.isCurrentPasswordRequired() && loginBean.getUserCurrentPassword() != null) {
        if (currentPassword == null) {
            LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is missing");
            setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER));
            return ProcessStatus.Continue;
        }
        final boolean passed;
        {
            final boolean caseSensitive = Boolean.parseBoolean(userInfo.getPasswordPolicy().getValue(PwmPasswordRule.CaseSensitive));
            final PasswordData storedPassword = loginBean.getUserCurrentPassword();
            passed = caseSensitive ? storedPassword.equals(currentPassword) : storedPassword.equalsIgnoreCase(currentPassword);
        }
        if (!passed) {
            pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
            LOGGER.debug(pwmRequest, "failed password validation check: currentPassword value is incorrect");
            setLastError(pwmRequest, new ErrorInformation(PwmError.ERROR_BAD_CURRENT_PASSWORD));
            return ProcessStatus.Continue;
        }
        cpb.setCurrentPasswordPassed(true);
    }
    final List<FormConfiguration> formItem = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PASSWORD_REQUIRE_FORM);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItem, ssBean.getLocale());
        ChangePasswordServletUtil.validateParamsAgainstLDAP(formValues, pwmRequest.getPwmSession(), pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication()));
        cpb.setFormPassed(true);
    } catch (PwmOperationalException e) {
        pwmRequest.getPwmApplication().getIntruderManager().convenience().markAddressAndSession(pwmRequest.getPwmSession());
        pwmRequest.getPwmApplication().getIntruderManager().convenience().markUserIdentity(userInfo.getUserIdentity(), pwmRequest.getSessionLabel());
        LOGGER.debug(pwmRequest, e.getErrorInformation());
        setLastError(pwmRequest, e.getErrorInformation());
        return ProcessStatus.Continue;
    }
    return ProcessStatus.Continue;
}