Example 26 with ErrorInformation
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class PwNotifyDbStorageService method readStoredState.
@Override
public StoredNotificationState readStoredState(final UserIdentity userIdentity, final SessionLabel sessionLabel) throws PwmUnrecoverableException {
final String guid;
try {
guid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, true);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmUnrecoverableException.fromChaiException(e).getErrorInformation());
}
if (StringUtil.isEmpty(guid)) {
throw new PwmUnrecoverableException(PwmError.ERROR_MISSING_GUID);
}
final String rawDbValue;
try {
rawDbValue = pwmApplication.getDatabaseAccessor().get(TABLE, guid);
} catch (DatabaseException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DB_UNAVAILABLE, e.getMessage()));
}
return JsonUtil.deserialize(rawDbValue, StoredNotificationState.class);
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
DatabaseException(password.pwm.util.db.DatabaseException)
Example 27 with ErrorInformation
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class UserInfoReader method readMultiStringAttributesImpl.
private Map<String, List<String>> readMultiStringAttributesImpl(final Collection<String> attributes) throws PwmUnrecoverableException {
if (chaiUser == null || attributes == null || attributes.isEmpty()) {
return Collections.emptyMap();
}
// figure out uncached attributes.
final Set<String> uncachedAttributes = new HashSet<>(attributes);
uncachedAttributes.removeAll(cacheMap.keySet());
// read uncached attributes into cache
if (!uncachedAttributes.isEmpty()) {
final Map<String, Map<String, List<String>>> results;
try {
results = chaiUser.getChaiProvider().searchMultiValues(chaiUser.getEntryDN(), "(objectclass=*)", uncachedAttributes, SearchScope.BASE);
} catch (ChaiOperationException e) {
final String msg = "ldap operational error while reading user data" + e.getMessage();
LOGGER.error(sessionLabel, msg);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_LDAP_DATA_ERROR, msg));
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (results == null || results.size() != 1) {
final String msg = "ldap server did not return requested user entry " + chaiUser.getEntryDN() + " while attempting to read attribute data";
LOGGER.error(sessionLabel, msg);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_LDAP_DATA_ERROR, msg));
}
final Map<String, List<String>> allAttributeValues = results.values().iterator().next();
for (final String attribute : uncachedAttributes) {
final List<String> attributeValues = allAttributeValues.get(attribute);
if (attributeValues == null) {
cacheMap.put(attribute, Collections.emptyList());
} else {
cacheMap.put(attribute, Collections.unmodifiableList(attributeValues));
}
}
}
// build result data from cache
final Map<String, List<String>> returnMap = new HashMap<>();
for (final String attribute : attributes) {
final List<String> cachedValue = cacheMap.get(attribute);
returnMap.put(attribute, cachedValue);
}
return Collections.unmodifiableMap(returnMap);
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ErrorInformation(password.pwm.error.ErrorInformation)
List(java.util.List)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Map(java.util.Map)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
HashSet(java.util.HashSet)
Example 28 with ErrorInformation
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class IntruderManager method init.
@Override
@SuppressWarnings("checkstyle:MethodLength")
public void init(final PwmApplication pwmApplication) throws PwmException {
this.pwmApplication = pwmApplication;
final Configuration config = pwmApplication.getConfig();
status = STATUS.OPENING;
if (pwmApplication.getLocalDB() == null || pwmApplication.getLocalDB().status() != LocalDB.Status.OPEN) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "unable to start IntruderManager, LocalDB unavailable");
LOGGER.error(errorInformation.toDebugStr());
startupError = errorInformation;
status = STATUS.CLOSED;
return;
}
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.INTRUDER_ENABLE)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "intruder module not enabled");
LOGGER.debug(errorInformation.toDebugStr());
status = STATUS.CLOSED;
return;
}
final DataStore dataStore;
{
final IntruderStorageMethod intruderStorageMethod = pwmApplication.getConfig().readSettingAsEnum(PwmSetting.INTRUDER_STORAGE_METHOD, IntruderStorageMethod.class);
final String debugMsg;
final DataStorageMethod storageMethodUsed;
switch(intruderStorageMethod) {
case AUTO:
dataStore = DataStoreFactory.autoDbOrLocalDBstore(pwmApplication, DatabaseTable.INTRUDER, LocalDB.DB.INTRUDER);
if (dataStore instanceof DatabaseDataStore) {
debugMsg = "starting using auto-configured data store, Remote Database selected";
storageMethodUsed = DataStorageMethod.DB;
} else {
debugMsg = "starting using auto-configured data store, LocalDB selected";
storageMethodUsed = DataStorageMethod.LOCALDB;
}
break;
case DATABASE:
dataStore = new DatabaseDataStore(pwmApplication.getDatabaseService(), DatabaseTable.INTRUDER);
debugMsg = "starting using Remote Database data store";
storageMethodUsed = DataStorageMethod.DB;
break;
case LOCALDB:
dataStore = new LocalDBDataStore(pwmApplication.getLocalDB(), LocalDB.DB.INTRUDER);
debugMsg = "starting using LocalDB data store";
storageMethodUsed = DataStorageMethod.LOCALDB;
break;
default:
startupError = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unknown storageMethod selected: " + intruderStorageMethod);
status = STATUS.CLOSED;
return;
}
LOGGER.info(debugMsg);
serviceInfo = new ServiceInfoBean(Collections.singletonList(storageMethodUsed));
}
final RecordStore recordStore;
{
recordStore = new DataStoreRecordStore(dataStore, this);
final String threadName = JavaHelper.makeThreadName(pwmApplication, this.getClass()) + " timer";
timer = new Timer(threadName, true);
final long maxRecordAge = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.INTRUDER_RETENTION_TIME_MS));
final long cleanerRunFrequency = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.INTRUDER_CLEANUP_FREQUENCY_MS));
timer.schedule(new TimerTask() {
@Override
public void run() {
try {
recordStore.cleanup(new TimeDuration(maxRecordAge));
} catch (Exception e) {
LOGGER.error("error cleaning recordStore: " + e.getMessage(), e);
}
}
}, 1000, cleanerRunFrequency);
}
try {
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_USER_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_USER_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_USER_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.USERNAME, new RecordManagerImpl(RecordType.USERNAME, recordStore, settings));
recordManagers.put(RecordType.USER_ID, new RecordManagerImpl(RecordType.USER_ID, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.ATTRIBUTE, new RecordManagerImpl(RecordType.ATTRIBUTE, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.TOKEN_DEST, new RecordManagerImpl(RecordType.TOKEN_DEST, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder address checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.ADDRESS, new RecordManagerImpl(RecordType.ADDRESS, recordStore, settings));
}
}
status = STATUS.OPEN;
} catch (Exception e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "unexpected error starting intruder manager: " + e.getMessage());
LOGGER.error(errorInformation.toDebugStr());
startupError = errorInformation;
close();
}
}
Also used :
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
Configuration(password.pwm.config.Configuration)
DataStorageMethod(password.pwm.config.option.DataStorageMethod)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
LocalDBDataStore(password.pwm.util.localdb.LocalDBDataStore)
DatabaseDataStore(password.pwm.util.db.DatabaseDataStore)
Timer(java.util.Timer)
TimerTask(java.util.TimerTask)
DataStore(password.pwm.util.DataStore)
LocalDBDataStore(password.pwm.util.localdb.LocalDBDataStore)
DatabaseDataStore(password.pwm.util.db.DatabaseDataStore)
IntruderStorageMethod(password.pwm.config.option.IntruderStorageMethod)
TimeDuration(password.pwm.util.java.TimeDuration)
Example 29 with ErrorInformation
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class ActionExecutor method executeLdapAction.
private void executeLdapAction(final SessionLabel sessionLabel, final ActionConfiguration actionConfiguration) throws ChaiUnavailableException, PwmOperationalException, PwmUnrecoverableException {
String attributeName = actionConfiguration.getAttributeName();
String attributeValue = actionConfiguration.getAttributeValue();
final ChaiUser theUser;
if (settings.getChaiUser() != null) {
theUser = settings.getChaiUser();
} else {
if (settings.getUserIdentity() == null) {
final String errorMsg = "attempt to execute lap action but neither chaiUser or userIdentity is specified";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
theUser = pwmApplication.getProxiedChaiUser(settings.getUserIdentity());
}
if (settings.isExpandPwmMacros()) {
if (settings.getMacroMachine() == null) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "executor specified macro expansion but did not supply macro machine"));
}
final MacroMachine macroMachine = settings.getMacroMachine();
attributeName = macroMachine.expandMacros(attributeName);
attributeValue = macroMachine.expandMacros(attributeValue);
}
writeLdapAttribute(sessionLabel, theUser, attributeName, attributeValue, actionConfiguration.getLdapMethod(), settings.getMacroMachine());
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
MacroMachine(password.pwm.util.macro.MacroMachine)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 30 with ErrorInformation
use of password.pwm.error.ErrorInformation in project pwm by pwm-project.
the class CrService method validateResponses.
public void validateResponses(final ChallengeSet challengeSet, final Map<Challenge, String> responseMap, final int minRandomRequiredSetup) throws PwmDataValidationException, PwmUnrecoverableException {
// strip null keys from responseMap;
responseMap.keySet().removeIf(Objects::isNull);
{
// check for missing question texts
for (final Challenge challenge : responseMap.keySet()) {
if (!challenge.isAdminDefined()) {
final String text = challenge.getChallengeText();
if (text == null || text.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_CHALLENGE_TEXT);
throw new PwmDataValidationException(errorInformation);
}
}
}
}
{
// check responses against wordlist
final WordlistManager wordlistManager = pwmApplication.getWordlistManager();
if (wordlistManager.status() == PwmService.STATUS.OPEN) {
for (final Map.Entry<Challenge, String> entry : responseMap.entrySet()) {
final Challenge loopChallenge = entry.getKey();
if (loopChallenge.isEnforceWordlist()) {
final String answer = entry.getValue();
if (wordlistManager.containsWord(answer)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_RESPONSE_WORDLIST, null, new String[] { loopChallenge.getChallengeText() });
throw new PwmDataValidationException(errorInfo);
}
}
}
}
}
{
// check for duplicate questions. need to check the actual req params because the following dupes wont populate duplicates
final Set<String> userQuestionTexts = new HashSet<>();
for (final Challenge challenge : responseMap.keySet()) {
final String text = challenge.getChallengeText();
if (text != null) {
if (userQuestionTexts.contains(text.toLowerCase())) {
final String errorMsg = "duplicate challenge text: " + text;
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_CHALLENGE_DUPLICATE, errorMsg, new String[] { text });
throw new PwmDataValidationException(errorInformation);
} else {
userQuestionTexts.add(text.toLowerCase());
}
}
}
}
int randomCount = 0;
for (final Challenge loopChallenge : responseMap.keySet()) {
if (!loopChallenge.isRequired()) {
randomCount++;
}
}
if (minRandomRequiredSetup == 0) {
// if using recover style, then all readResponseSet must be supplied at this point.
if (randomCount < challengeSet.getRandomChallenges().size()) {
final String errorMsg = "all randoms required, but not all randoms are completed";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
}
if (randomCount < minRandomRequiredSetup) {
final String errorMsg = minRandomRequiredSetup + " randoms required, but not only " + randomCount + " randoms are completed";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
if (JavaHelper.isEmpty(responseMap)) {
final String errorMsg = "empty response set";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet)
Set(java.util.Set)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Objects(java.util.Objects)
WordlistManager(password.pwm.svc.wordlist.WordlistManager)
Challenge(com.novell.ldapchai.cr.Challenge)
ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)
Aggregations
ErrorInformation (password.pwm.error.ErrorInformation)325
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)216
PwmOperationalException (password.pwm.error.PwmOperationalException)125
PwmException (password.pwm.error.PwmException)67
UserIdentity (password.pwm.bean.UserIdentity)62
IOException (java.io.IOException)58
PwmApplication (password.pwm.PwmApplication)54
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)53
ChaiUser (com.novell.ldapchai.ChaiUser)38
PwmSession (password.pwm.http.PwmSession)38
LinkedHashMap (java.util.LinkedHashMap)35
Configuration (password.pwm.config.Configuration)33
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)32
Map (java.util.Map)32
Instant (java.time.Instant)30
ArrayList (java.util.ArrayList)30
FormConfiguration (password.pwm.config.value.data.FormConfiguration)29
ServletException (javax.servlet.ServletException)28
RestResultBean (password.pwm.ws.server.RestResultBean)26
UserInfo (password.pwm.ldap.UserInfo)23
