Search in sources :

Example 36 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class PasswordUtility method helpdeskSetUserPassword.

public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final SessionLabel sessionLabel = pwmSession.getLabel();
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    if (!pwmSession.isAuthenticated()) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
    if (helpdeskProfile == null) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // mark the event log
    {
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // update statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
    {
        // execute configured actions
        LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
        final List<ActionConfiguration> actions = new ArrayList<>();
        actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
        actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
        if (!actions.isEmpty()) {
            final LoginInfoBean loginInfoBean = new LoginInfoBean();
            loginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
    if (settingClearResponses == HelpdeskClearResponseMode.yes) {
        final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
        // mark the event log
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // send email notification
    sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
    // expire if so configured
    if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
        LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
        try {
            proxiedUser.expirePassword();
        } catch (ChaiOperationException e) {
            LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
        }
    }
    // send password
    final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
    if (sendPassword) {
        final MessageSendMethod messageSendMethod;
        {
            final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
            final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
            messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        }
        PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) LoginInfoBean(password.pwm.bean.LoginInfoBean) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmOperationalException(password.pwm.error.PwmOperationalException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 37 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class PasswordUtility method determineConfiguredPolicyProfileForUser.

public static PwmPasswordPolicy determineConfiguredPolicyProfileForUser(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final Locale locale) throws PwmUnrecoverableException {
    final List<String> profiles = pwmApplication.getConfig().getPasswordProfileIDs();
    if (profiles.isEmpty()) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no password profiles are configured"));
    }
    for (final String profile : profiles) {
        final PwmPasswordPolicy loopPolicy = pwmApplication.getConfig().getPasswordPolicy(profile, locale);
        final List<UserPermission> userPermissions = loopPolicy.getUserPermissions();
        LOGGER.debug(pwmSession, "testing password policy profile '" + profile + "'");
        try {
            final boolean match = LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, userPermissions);
            if (match) {
                return loopPolicy;
            }
        } catch (PwmUnrecoverableException e) {
            LOGGER.error(pwmSession, "unexpected error while testing password policy profile '" + profile + "', error: " + e.getMessage());
        }
    }
    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is configured"));
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserPermission(password.pwm.config.value.data.UserPermission)

Example 38 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class PasswordUtility method isPasswordWithinMinimumLifetimeImpl.

public static boolean isPasswordWithinMinimumLifetimeImpl(final ChaiUser chaiUser, final SessionLabel sessionLabel, final PwmPasswordPolicy passwordPolicy, final Instant lastModified, final PasswordStatus passwordStatus) throws PwmUnrecoverableException {
    // for oracle DS; this check is also handled in UserAuthenticator.
    try {
        if (DirectoryVendor.ORACLE_DS == chaiUser.getChaiProvider().getDirectoryVendor()) {
            final String oracleDSPrePasswordAllowChangeTime = chaiUser.readStringAttribute("passwordAllowChangeTime");
            if (oracleDSPrePasswordAllowChangeTime != null && !oracleDSPrePasswordAllowChangeTime.isEmpty()) {
                final Instant date = OracleDSEntries.convertZuluToDate(oracleDSPrePasswordAllowChangeTime);
                if (Instant.now().isBefore(date)) {
                    LOGGER.debug("discovered oracleds allowed change time is set to: " + JavaHelper.toIsoDate(date) + ", won't permit password change");
                    final String errorMsg = "change not permitted until " + JavaHelper.toIsoDate(date);
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.PASSWORD_TOO_SOON, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            return false;
        }
    } catch (ChaiException e) {
        LOGGER.debug(sessionLabel, "unexpected error reading OracleDS password allow modification time: " + e.getMessage());
    }
    final TimeDuration minimumLifetime;
    {
        final int minimumLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
        if (minimumLifetimeSeconds < 1) {
            return false;
        }
        if (lastModified == null) {
            LOGGER.debug(sessionLabel, "skipping minimum lifetime check, password last set time is unknown");
            return false;
        }
        minimumLifetime = new TimeDuration(minimumLifetimeSeconds, TimeUnit.SECONDS);
    }
    final TimeDuration passwordAge = TimeDuration.fromCurrent(lastModified);
    LOGGER.trace(sessionLabel, "beginning check for minimum lifetime, lastModified=" + JavaHelper.toIsoDate(lastModified) + ", minimumLifetimeSeconds=" + minimumLifetime.asCompactString() + ", passwordAge=" + passwordAge.asCompactString());
    if (lastModified.isAfter(Instant.now())) {
        LOGGER.debug(sessionLabel, "skipping minimum lifetime check, password lastModified time is in the future");
        return false;
    }
    final boolean passwordTooSoon = passwordAge.isShorterThan(minimumLifetime);
    if (!passwordTooSoon) {
        LOGGER.trace(sessionLabel, "minimum lifetime check passed, password age ");
        return false;
    }
    if (passwordStatus.isExpired() || passwordStatus.isPreExpired() || passwordStatus.isWarnPeriod()) {
        LOGGER.debug(sessionLabel, "current password is too young, but skipping enforcement of minimum lifetime check because current password is expired");
        return false;
    }
    return true;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) TimeDuration(password.pwm.util.java.TimeDuration) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 39 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class DbCrOperator method writeResponses.

@Override
public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGUID, final ResponseInfoBean responseInfoBean) throws PwmUnrecoverableException {
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save responses to remote database, user " + theUser.getEntryDN() + " does not have a guid"));
    }
    LOGGER.trace("attempting to save responses for " + theUser.getEntryDN() + " in remote database (key=" + userGUID + ")");
    try {
        final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(responseInfoBean.getCrMap(), responseInfoBean.getHelpdeskCrMap(), responseInfoBean.getLocale(), responseInfoBean.getMinRandoms(), theUser.getChaiProvider().getChaiConfiguration(), responseInfoBean.getCsIdentifier());
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseService().getAccessor();
        databaseAccessor.put(DatabaseTable.PWM_RESPONSES, userGUID, responseSet.stringValue());
        LOGGER.info("saved responses for " + theUser.getEntryDN() + " in remote database (key=" + userGUID + ")");
    } catch (ChaiException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    } catch (DatabaseException e) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, "unexpected error saving responses for " + theUser.getEntryDN() + " in remote database: " + e.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        LOGGER.error(errorInfo.toDebugStr());
        pwmOE.initCause(e);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiResponseSet(com.novell.ldapchai.cr.ChaiResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) DatabaseAccessor(password.pwm.util.db.DatabaseAccessor) ChaiException(com.novell.ldapchai.exception.ChaiException) DatabaseException(password.pwm.util.db.DatabaseException)

Example 40 with ErrorInformation

use of password.pwm.error.ErrorInformation in project pwm by pwm-project.

the class DbCrOperator method clearResponses.

public void clearResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGUID) throws PwmUnrecoverableException {
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot clear responses to remote database, user " + theUser.getEntryDN() + " does not have a guid"));
    }
    try {
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseService().getAccessor();
        databaseAccessor.remove(DatabaseTable.PWM_RESPONSES, userGUID);
        LOGGER.info("cleared responses for user " + theUser.getEntryDN() + " in remote database");
    } catch (DatabaseException e) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_CLEARING_RESPONSES, "unexpected error clearing responses for " + theUser.getEntryDN() + " in remote database, error: " + e.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(e);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) DatabaseAccessor(password.pwm.util.db.DatabaseAccessor) DatabaseException(password.pwm.util.db.DatabaseException)

Aggregations

ErrorInformation (password.pwm.error.ErrorInformation)325 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)216 PwmOperationalException (password.pwm.error.PwmOperationalException)125 PwmException (password.pwm.error.PwmException)67 UserIdentity (password.pwm.bean.UserIdentity)62 IOException (java.io.IOException)58 PwmApplication (password.pwm.PwmApplication)54 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)53 ChaiUser (com.novell.ldapchai.ChaiUser)38 PwmSession (password.pwm.http.PwmSession)38 LinkedHashMap (java.util.LinkedHashMap)35 Configuration (password.pwm.config.Configuration)33 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)32 Map (java.util.Map)32 Instant (java.time.Instant)30 ArrayList (java.util.ArrayList)30 FormConfiguration (password.pwm.config.value.data.FormConfiguration)29 ServletException (javax.servlet.ServletException)28 RestResultBean (password.pwm.ws.server.RestResultBean)26 UserInfo (password.pwm.ldap.UserInfo)23