Search in sources :

Example 81 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class ForgottenPasswordServlet method processEnterRemoteResponse.

@ActionHandler(action = "enterRemoteResponse")
private ProcessStatus processEnterRemoteResponse(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final String prefix = "remote-";
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final VerificationMethodSystem remoteRecoveryMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
    final Map<String, String> remoteResponses = new LinkedHashMap<>();
    {
        final Map<String, String> inputMap = pwmRequest.readParametersAsMap();
        for (final Map.Entry<String, String> entry : inputMap.entrySet()) {
            final String name = entry.getKey();
            if (name != null && name.startsWith(prefix)) {
                final String strippedName = name.substring(prefix.length(), name.length());
                final String value = entry.getValue();
                remoteResponses.put(strippedName, value);
            }
        }
    }
    final ErrorInformation errorInformation = remoteRecoveryMethod.respondToPrompts(remoteResponses);
    if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.COMPLETE) {
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.REMOTE_RESPONSES);
    }
    if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.FAILED) {
        forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(null);
        pwmRequest.respondWithError(errorInformation, true);
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
        LOGGER.debug(pwmRequest, "unsuccessful remote response verification input: " + errorInformation.toDebugStr());
        return ProcessStatus.Continue;
    }
    if (errorInformation != null) {
        setLastError(pwmRequest, errorInformation);
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap) VerificationMethodSystem(password.pwm.VerificationMethodSystem) LinkedHashMap(java.util.LinkedHashMap)

Example 82 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class ForgottenPasswordServlet method processEnterCode.

@ActionHandler(action = "enterCode")
private ProcessStatus processEnterCode(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
    ErrorInformation errorInformation = null;
    try {
        final TokenPayload tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, forgottenPasswordBean.getProgress().getTokenDestination(), null, TokenType.FORGOTTEN_PW, TokenService.TokenEntryType.unauthenticated);
        // token correct
        if (forgottenPasswordBean.getUserIdentity() == null) {
            // clean session, user supplied token (clicked email, etc) and this is first request
            ForgottenPasswordUtil.initForgottenPasswordBean(pwmRequest, tokenPayload.getUserIdentity(), forgottenPasswordBean);
        }
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.TOKEN);
        StatisticsManager.incrementStat(pwmRequest.getPwmApplication(), Statistic.RECOVERY_TOKENS_PASSED);
        if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
            pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
            pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_TOKEN_SUCCESS);
            return ProcessStatus.Halt;
        }
    } catch (PwmUnrecoverableException e) {
        LOGGER.debug(pwmRequest, "error while checking entered token: ");
        errorInformation = e.getErrorInformation();
    } catch (PwmOperationalException e) {
        final String errorMsg = "token incorrect: " + e.getMessage();
        errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
    }
    if (!forgottenPasswordBean.getProgress().getSatisfiedMethods().contains(IdentityVerificationMethod.TOKEN)) {
        if (errorInformation == null) {
            errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT);
        }
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) TokenPayload(password.pwm.svc.token.TokenPayload) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 83 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckAttributes.

@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    // final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.isBogusUser()) {
        final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
        // add a bit of jitter to pretend like we're checking a data source
        JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
        if (forgottenPasswordBean.getUserSearchValues() != null) {
            final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
            final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
            pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
        }
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
        forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
        setLastError(pwmRequest, errorInformation);
        return ProcessStatus.Continue;
    }
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        // check attributes
        final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
        final Locale userLocale = pwmRequest.getLocale();
        final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
        if (requiredAttributesForm.isEmpty()) {
            return ProcessStatus.Continue;
        }
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formConfiguration = entry.getKey();
            final String attrName = formConfiguration.getName();
            try {
                if (theUser.compareStringAttribute(attrName, entry.getValue())) {
                    LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
                } else {
                    throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
                }
            } catch (ChaiOperationException e) {
                LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
                throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
            }
        }
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
    } catch (PwmDataValidationException e) {
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
    }
    return ProcessStatus.Continue;
}
Also used : Locale(java.util.Locale) UserIdentity(password.pwm.bean.UserIdentity) ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap)

Example 84 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class ForgottenPasswordServlet method processOAuthReturn.

@ActionHandler(action = "oauthReturn")
private ProcessStatus processOAuthReturn(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.getProgress().getInProgressVerificationMethod() != IdentityVerificationMethod.OAUTH) {
        LOGGER.debug(pwmRequest, "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence");
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
        pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
        return ProcessStatus.Halt;
    }
    if (forgottenPasswordBean.getUserIdentity() == null) {
        LOGGER.debug(pwmRequest, "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence");
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
        pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
        return ProcessStatus.Halt;
    }
    final String encryptedResult = pwmRequest.readParameterAsString(PwmConstants.PARAM_RECOVERY_OAUTH_RESULT, PwmHttpRequestWrapper.Flag.BypassValidation);
    final OAuthForgottenPasswordResults results = pwmRequest.getPwmApplication().getSecureService().decryptObject(encryptedResult, OAuthForgottenPasswordResults.class);
    LOGGER.trace(pwmRequest, "received ");
    final String userDNfromOAuth = results.getUsername();
    if (userDNfromOAuth == null || userDNfromOAuth.isEmpty()) {
        final String errorMsg = "oauth server coderesolver endpoint did not return a username value";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    final UserIdentity oauthUserIdentity;
    {
        final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
        try {
            oauthUserIdentity = userSearchEngine.resolveUsername(userDNfromOAuth, null, null, pwmRequest.getSessionLabel());
        } catch (PwmOperationalException e) {
            final String errorMsg = "unexpected error searching for oauth supplied username in ldap; error: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    final boolean userMatch;
    {
        final UserIdentity userIdentityInBean = forgottenPasswordBean.getUserIdentity();
        userMatch = userIdentityInBean != null && userIdentityInBean.equals(oauthUserIdentity);
    }
    if (userMatch) {
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.OAUTH);
    } else {
        final String errorMsg = "oauth server username does not match previously identified user";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) OAuthForgottenPasswordResults(password.pwm.http.servlet.oauth.OAuthForgottenPasswordResults) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 85 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckResponses.

@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
    if (responseSet == null) {
        final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        // read the supplied responses from the user
        final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
        final boolean responsesPassed;
        try {
            responsesPassed = responseSet.test(crMap);
        } catch (ChaiUnavailableException e) {
            if (e.getCause() instanceof PwmUnrecoverableException) {
                throw (PwmUnrecoverableException) e.getCause();
            }
            throw e;
        }
        // special case for nmas, clear out existing challenges and input fields.
        if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
            forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
        }
        if (responsesPassed) {
            LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
        } else {
            final String errorMsg = "incorrect response to one or more challenges";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
            return ProcessStatus.Continue;
        }
    } catch (ChaiValidationException e) {
        LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
        return ProcessStatus.Continue;
    }
    forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
    return ProcessStatus.Continue;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) Challenge(com.novell.ldapchai.cr.Challenge) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) NMASCrOperator(password.pwm.util.operations.cr.NMASCrOperator) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

ErrorInformation (password.pwm.error.ErrorInformation)325 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)216 PwmOperationalException (password.pwm.error.PwmOperationalException)125 PwmException (password.pwm.error.PwmException)67 UserIdentity (password.pwm.bean.UserIdentity)62 IOException (java.io.IOException)58 PwmApplication (password.pwm.PwmApplication)54 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)53 ChaiUser (com.novell.ldapchai.ChaiUser)38 PwmSession (password.pwm.http.PwmSession)38 LinkedHashMap (java.util.LinkedHashMap)35 Configuration (password.pwm.config.Configuration)33 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)32 Map (java.util.Map)32 Instant (java.time.Instant)30 ArrayList (java.util.ArrayList)30 FormConfiguration (password.pwm.config.value.data.FormConfiguration)29 ServletException (javax.servlet.ServletException)28 RestResultBean (password.pwm.ws.server.RestResultBean)26 UserInfo (password.pwm.ldap.UserInfo)23