Search in sources :

Example 1 with PwmDataValidationException

use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.

the class UserInfoReader method isRequiresUpdateProfile.

@Override
public boolean isRequiresUpdateProfile() throws PwmUnrecoverableException {
    final Configuration configuration = pwmApplication.getConfig();
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_ENABLE)) {
        LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile module is not enabled");
        return false;
    }
    UpdateProfileProfile updateProfileProfile = null;
    final Map<ProfileType, String> profileIDs = selfCachedReference.getProfileIDs();
    if (profileIDs.containsKey(ProfileType.UpdateAttributes)) {
        updateProfileProfile = configuration.getUpdateAttributesProfile().get(profileIDs.get(ProfileType.UpdateAttributes));
    }
    if (updateProfileProfile == null) {
        return false;
    }
    if (!updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_FORCE_SETUP)) {
        LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile force setup is not enabled");
        return false;
    }
    final List<FormConfiguration> updateFormFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
    try {
        final Map<FormConfiguration, List<String>> valueMap = FormUtility.populateFormMapFromLdap(updateFormFields, sessionLabel, selfCachedReference, FormUtility.Flag.ReturnEmptyValues);
        final Map<FormConfiguration, String> singleValueMap = FormUtility.multiValueMapToSingleValue(valueMap);
        FormUtility.validateFormValues(configuration, singleValueMap, locale);
        LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " has value for attributes, update profile will not be required");
        return false;
    } catch (PwmDataValidationException e) {
        LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " does not have good attributes (" + e.getMessage() + "), update profile will be required");
        return true;
    } catch (PwmUnrecoverableException e) {
        e.printStackTrace();
    }
    return false;
}
Also used : PwmDataValidationException(password.pwm.error.PwmDataValidationException) ProfileType(password.pwm.config.profile.ProfileType) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration) UpdateProfileProfile(password.pwm.config.profile.UpdateProfileProfile) FormConfiguration(password.pwm.config.value.data.FormConfiguration) List(java.util.List) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 2 with PwmDataValidationException

use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.

the class UserInfoReader method getPasswordStatus.

@Override
public PasswordStatus getPasswordStatus() throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final PasswordStatus.PasswordStatusBuilder passwordStatusBuilder = PasswordStatus.builder();
    final String userDN = chaiUser.getEntryDN();
    final PwmPasswordPolicy passwordPolicy = selfCachedReference.getPasswordPolicy();
    final long startTime = System.currentTimeMillis();
    LOGGER.trace(sessionLabel, "beginning password status check process for " + userDN);
    // check if password meets existing policy.
    if (passwordPolicy.getRuleHelper().readBooleanValue(PwmPasswordRule.EnforceAtLogin)) {
        if (currentPassword != null) {
            try {
                final PwmPasswordRuleValidator passwordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
                passwordRuleValidator.testPassword(currentPassword, null, selfCachedReference, chaiUser);
            } catch (PwmDataValidationException | PwmUnrecoverableException e) {
                LOGGER.debug(sessionLabel, "user " + userDN + " password does not conform to current password policy (" + e.getMessage() + "), marking as requiring change.");
                passwordStatusBuilder.violatesPolicy(true);
            } catch (ChaiUnavailableException e) {
                throw PwmUnrecoverableException.fromChaiException(e);
            }
        }
    }
    boolean ldapPasswordExpired = false;
    try {
        ldapPasswordExpired = chaiUser.isPasswordExpired();
        if (ldapPasswordExpired) {
            LOGGER.trace(sessionLabel, "password for " + userDN + " appears to be expired");
        } else {
            LOGGER.trace(sessionLabel, "password for " + userDN + " does not appear to be expired");
        }
    } catch (ChaiOperationException e) {
        LOGGER.info(sessionLabel, "error reading LDAP attributes for " + userDN + " while reading isPasswordExpired(): " + e.getMessage());
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    final Instant ldapPasswordExpirationTime = selfCachedReference.getPasswordExpirationTime();
    boolean preExpired = false;
    if (ldapPasswordExpirationTime != null) {
        final TimeDuration expirationInterval = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
        LOGGER.trace(sessionLabel, "read password expiration time: " + JavaHelper.toIsoDate(ldapPasswordExpirationTime) + ", " + expirationInterval.asCompactString() + " from now");
        final TimeDuration diff = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
        // now check to see if the user's expire time is within the 'preExpireTime' setting.
        final long preExpireMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_PRE_TIME) * 1000;
        if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preExpireMs) {
            LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as pre-expired");
            preExpired = true;
        } else if (ldapPasswordExpired) {
            preExpired = true;
            LOGGER.debug(sessionLabel, "user " + userDN + " password is expired, marking as pre-expired.");
        }
        // now check to see if the user's expire time is within the 'preWarnTime' setting.
        final long preWarnMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_WARN_TIME) * 1000;
        // don't check if the 'preWarnTime' setting is zero or less than the expirePreTime
        if (!ldapPasswordExpired && !preExpired) {
            if (!(preWarnMs == 0 || preWarnMs < preExpireMs)) {
                if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preWarnMs) {
                    LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as within warn period");
                    passwordStatusBuilder.warnPeriod(true);
                }
            }
        }
        passwordStatusBuilder.preExpired(preExpired);
    }
    LOGGER.debug(sessionLabel, "completed user password status check for " + userDN + " " + passwordStatusBuilder + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
    passwordStatusBuilder.expired(ldapPasswordExpired);
    return passwordStatusBuilder.build();
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) FormConfiguration(password.pwm.config.value.data.FormConfiguration) Configuration(password.pwm.config.Configuration) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator) PwmDataValidationException(password.pwm.error.PwmDataValidationException) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PasswordStatus(password.pwm.bean.PasswordStatus) TimeDuration(password.pwm.util.java.TimeDuration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 3 with PwmDataValidationException

use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.

the class CrService method validateResponses.

public void validateResponses(final ChallengeSet challengeSet, final Map<Challenge, String> responseMap, final int minRandomRequiredSetup) throws PwmDataValidationException, PwmUnrecoverableException {
    // strip null keys from responseMap;
    responseMap.keySet().removeIf(Objects::isNull);
    {
        // check for missing question texts
        for (final Challenge challenge : responseMap.keySet()) {
            if (!challenge.isAdminDefined()) {
                final String text = challenge.getChallengeText();
                if (text == null || text.length() < 1) {
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_CHALLENGE_TEXT);
                    throw new PwmDataValidationException(errorInformation);
                }
            }
        }
    }
    {
        // check responses against wordlist
        final WordlistManager wordlistManager = pwmApplication.getWordlistManager();
        if (wordlistManager.status() == PwmService.STATUS.OPEN) {
            for (final Map.Entry<Challenge, String> entry : responseMap.entrySet()) {
                final Challenge loopChallenge = entry.getKey();
                if (loopChallenge.isEnforceWordlist()) {
                    final String answer = entry.getValue();
                    if (wordlistManager.containsWord(answer)) {
                        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_RESPONSE_WORDLIST, null, new String[] { loopChallenge.getChallengeText() });
                        throw new PwmDataValidationException(errorInfo);
                    }
                }
            }
        }
    }
    {
        // check for duplicate questions.  need to check the actual req params because the following dupes wont populate duplicates
        final Set<String> userQuestionTexts = new HashSet<>();
        for (final Challenge challenge : responseMap.keySet()) {
            final String text = challenge.getChallengeText();
            if (text != null) {
                if (userQuestionTexts.contains(text.toLowerCase())) {
                    final String errorMsg = "duplicate challenge text: " + text;
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_CHALLENGE_DUPLICATE, errorMsg, new String[] { text });
                    throw new PwmDataValidationException(errorInformation);
                } else {
                    userQuestionTexts.add(text.toLowerCase());
                }
            }
        }
    }
    int randomCount = 0;
    for (final Challenge loopChallenge : responseMap.keySet()) {
        if (!loopChallenge.isRequired()) {
            randomCount++;
        }
    }
    if (minRandomRequiredSetup == 0) {
        // if using recover style, then all readResponseSet must be supplied at this point.
        if (randomCount < challengeSet.getRandomChallenges().size()) {
            final String errorMsg = "all randoms required, but not all randoms are completed";
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
            throw new PwmDataValidationException(errorInfo);
        }
    }
    if (randomCount < minRandomRequiredSetup) {
        final String errorMsg = minRandomRequiredSetup + " randoms required, but not only " + randomCount + " randoms are completed";
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
        throw new PwmDataValidationException(errorInfo);
    }
    if (JavaHelper.isEmpty(responseMap)) {
        final String errorMsg = "empty response set";
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMsg);
        throw new PwmDataValidationException(errorInfo);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) Set(java.util.Set) ResponseSet(com.novell.ldapchai.cr.ResponseSet) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) Objects(java.util.Objects) WordlistManager(password.pwm.svc.wordlist.WordlistManager) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)

Example 4 with PwmDataValidationException

use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.

the class FormUtility method readFormValuesFromMap.

public static Map<FormConfiguration, String> readFormValuesFromMap(final Map<String, String> inputMap, final Collection<FormConfiguration> formItems, final Locale locale) throws PwmDataValidationException, PwmUnrecoverableException {
    if (formItems == null || formItems.isEmpty()) {
        return Collections.emptyMap();
    }
    final Map<FormConfiguration, String> returnMap = new LinkedHashMap<>();
    if (inputMap == null) {
        return returnMap;
    }
    for (final FormConfiguration formItem : formItems) {
        final String keyName = formItem.getName();
        final String value = inputMap.get(keyName);
        if (formItem.isRequired() && !formItem.isReadonly()) {
            if (StringUtil.isEmpty(value)) {
                final String errorMsg = "missing required value for field '" + formItem.getName() + "'";
                final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_REQUIRED, errorMsg, new String[] { formItem.getLabel(locale) });
                throw new PwmDataValidationException(error);
            }
        }
        if (formItem.isConfirmationRequired()) {
            final String confirmValue = inputMap.get(keyName + Validator.PARAM_CONFIRM_SUFFIX);
            if (confirmValue == null || !confirmValue.equals(value)) {
                final String errorMsg = "incorrect confirmation value for field '" + formItem.getName() + "'";
                final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_BAD_CONFIRM, errorMsg, new String[] { formItem.getLabel(locale) });
                throw new PwmDataValidationException(error);
            }
        }
        if (formItem.getType() == FormConfiguration.Type.checkbox) {
            final String parsedValue = parseInputValueToFormValue(formItem, value);
            returnMap.put(formItem, parsedValue);
        } else if (value != null && !formItem.isReadonly()) {
            final String parsedValue = parseInputValueToFormValue(formItem, value);
            returnMap.put(formItem, parsedValue);
        }
    }
    return returnMap;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) FormConfiguration(password.pwm.config.value.data.FormConfiguration) LinkedHashMap(java.util.LinkedHashMap)

Example 5 with PwmDataValidationException

use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckAttributes.

@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    // final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.isBogusUser()) {
        final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
        // add a bit of jitter to pretend like we're checking a data source
        JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
        if (forgottenPasswordBean.getUserSearchValues() != null) {
            final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
            final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
            pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
        }
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
        forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
        setLastError(pwmRequest, errorInformation);
        return ProcessStatus.Continue;
    }
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        // check attributes
        final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
        final Locale userLocale = pwmRequest.getLocale();
        final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
        if (requiredAttributesForm.isEmpty()) {
            return ProcessStatus.Continue;
        }
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formConfiguration = entry.getKey();
            final String attrName = formConfiguration.getName();
            try {
                if (theUser.compareStringAttribute(attrName, entry.getValue())) {
                    LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
                } else {
                    throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
                }
            } catch (ChaiOperationException e) {
                LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
                throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
            }
        }
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
    } catch (PwmDataValidationException e) {
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
    }
    return ProcessStatus.Continue;
}
Also used : Locale(java.util.Locale) UserIdentity(password.pwm.bean.UserIdentity) ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

PwmDataValidationException (password.pwm.error.PwmDataValidationException)18 ErrorInformation (password.pwm.error.ErrorInformation)13 FormConfiguration (password.pwm.config.value.data.FormConfiguration)7 ChaiUser (com.novell.ldapchai.ChaiUser)5 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)5 LinkedHashMap (java.util.LinkedHashMap)4 Map (java.util.Map)4 PwmOperationalException (password.pwm.error.PwmOperationalException)4 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)4 PwmPasswordRuleValidator (password.pwm.util.PwmPasswordRuleValidator)4 Challenge (com.novell.ldapchai.cr.Challenge)3 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)3 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)3 PwmApplication (password.pwm.PwmApplication)3 PwmSession (password.pwm.http.PwmSession)3 SetupResponsesBean (password.pwm.http.bean.SetupResponsesBean)3 PasswordData (password.pwm.util.PasswordData)3 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 Instant (java.time.Instant)2 List (java.util.List)2