use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ForgottenPasswordServlet method processEnterRemoteResponse.
@ActionHandler(action = "enterRemoteResponse")
private ProcessStatus processEnterRemoteResponse(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final String prefix = "remote-";
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final VerificationMethodSystem remoteRecoveryMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
final Map<String, String> remoteResponses = new LinkedHashMap<>();
{
final Map<String, String> inputMap = pwmRequest.readParametersAsMap();
for (final Map.Entry<String, String> entry : inputMap.entrySet()) {
final String name = entry.getKey();
if (name != null && name.startsWith(prefix)) {
final String strippedName = name.substring(prefix.length(), name.length());
final String value = entry.getValue();
remoteResponses.put(strippedName, value);
}
}
}
final ErrorInformation errorInformation = remoteRecoveryMethod.respondToPrompts(remoteResponses);
if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.COMPLETE) {
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.REMOTE_RESPONSES);
}
if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.FAILED) {
forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(null);
pwmRequest.respondWithError(errorInformation, true);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
LOGGER.debug(pwmRequest, "unsuccessful remote response verification input: " + errorInformation.toDebugStr());
return ProcessStatus.Continue;
}
if (errorInformation != null) {
setLastError(pwmRequest, errorInformation);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
}
return ProcessStatus.Continue;
}
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ForgottenPasswordServlet method processEnterCode.
@ActionHandler(action = "enterCode")
private ProcessStatus processEnterCode(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
ErrorInformation errorInformation = null;
try {
final TokenPayload tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, forgottenPasswordBean.getProgress().getTokenDestination(), null, TokenType.FORGOTTEN_PW, TokenService.TokenEntryType.unauthenticated);
// token correct
if (forgottenPasswordBean.getUserIdentity() == null) {
// clean session, user supplied token (clicked email, etc) and this is first request
ForgottenPasswordUtil.initForgottenPasswordBean(pwmRequest, tokenPayload.getUserIdentity(), forgottenPasswordBean);
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.TOKEN);
StatisticsManager.incrementStat(pwmRequest.getPwmApplication(), Statistic.RECOVERY_TOKENS_PASSED);
if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_TOKEN_SUCCESS);
return ProcessStatus.Halt;
}
} catch (PwmUnrecoverableException e) {
LOGGER.debug(pwmRequest, "error while checking entered token: ");
errorInformation = e.getErrorInformation();
} catch (PwmOperationalException e) {
final String errorMsg = "token incorrect: " + e.getMessage();
errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
}
if (!forgottenPasswordBean.getProgress().getSatisfiedMethods().contains(IdentityVerificationMethod.TOKEN)) {
if (errorInformation == null) {
errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT);
}
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
}
return ProcessStatus.Continue;
}
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckAttributes.
@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
// final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.isBogusUser()) {
final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
// add a bit of jitter to pretend like we're checking a data source
JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
if (forgottenPasswordBean.getUserSearchValues() != null) {
final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
// check attributes
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
final Locale userLocale = pwmRequest.getLocale();
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
if (requiredAttributesForm.isEmpty()) {
return ProcessStatus.Continue;
}
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formConfiguration = entry.getKey();
final String attrName = formConfiguration.getName();
try {
if (theUser.compareStringAttribute(attrName, entry.getValue())) {
LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
} else {
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
} catch (ChaiOperationException e) {
LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
} catch (PwmDataValidationException e) {
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
}
return ProcessStatus.Continue;
}
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ForgottenPasswordServlet method processOAuthReturn.
@ActionHandler(action = "oauthReturn")
private ProcessStatus processOAuthReturn(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getProgress().getInProgressVerificationMethod() != IdentityVerificationMethod.OAUTH) {
LOGGER.debug(pwmRequest, "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence");
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
return ProcessStatus.Halt;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
LOGGER.debug(pwmRequest, "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence");
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
return ProcessStatus.Halt;
}
final String encryptedResult = pwmRequest.readParameterAsString(PwmConstants.PARAM_RECOVERY_OAUTH_RESULT, PwmHttpRequestWrapper.Flag.BypassValidation);
final OAuthForgottenPasswordResults results = pwmRequest.getPwmApplication().getSecureService().decryptObject(encryptedResult, OAuthForgottenPasswordResults.class);
LOGGER.trace(pwmRequest, "received ");
final String userDNfromOAuth = results.getUsername();
if (userDNfromOAuth == null || userDNfromOAuth.isEmpty()) {
final String errorMsg = "oauth server coderesolver endpoint did not return a username value";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
final UserIdentity oauthUserIdentity;
{
final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
try {
oauthUserIdentity = userSearchEngine.resolveUsername(userDNfromOAuth, null, null, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
final String errorMsg = "unexpected error searching for oauth supplied username in ldap; error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
final boolean userMatch;
{
final UserIdentity userIdentityInBean = forgottenPasswordBean.getUserIdentity();
userMatch = userIdentityInBean != null && userIdentityInBean.equals(oauthUserIdentity);
}
if (userMatch) {
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.OAUTH);
} else {
final String errorMsg = "oauth server username does not match previously identified user";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
return ProcessStatus.Continue;
}
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckResponses.
@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
// read the supplied responses from the user
final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
final boolean responsesPassed;
try {
responsesPassed = responseSet.test(crMap);
} catch (ChaiUnavailableException e) {
if (e.getCause() instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) e.getCause();
}
throw e;
}
// special case for nmas, clear out existing challenges and input fields.
if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
}
if (responsesPassed) {
LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
} else {
final String errorMsg = "incorrect response to one or more challenges";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
} catch (ChaiValidationException e) {
LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
return ProcessStatus.Continue;
}
Aggregations