use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.
the class UserInfoReader method isRequiresUpdateProfile.
@Override
public boolean isRequiresUpdateProfile() throws PwmUnrecoverableException {
final Configuration configuration = pwmApplication.getConfig();
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_ENABLE)) {
LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile module is not enabled");
return false;
}
UpdateProfileProfile updateProfileProfile = null;
final Map<ProfileType, String> profileIDs = selfCachedReference.getProfileIDs();
if (profileIDs.containsKey(ProfileType.UpdateAttributes)) {
updateProfileProfile = configuration.getUpdateAttributesProfile().get(profileIDs.get(ProfileType.UpdateAttributes));
}
if (updateProfileProfile == null) {
return false;
}
if (!updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_FORCE_SETUP)) {
LOGGER.debug(sessionLabel, "checkProfiles: " + userIdentity.toString() + " profile force setup is not enabled");
return false;
}
final List<FormConfiguration> updateFormFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
try {
final Map<FormConfiguration, List<String>> valueMap = FormUtility.populateFormMapFromLdap(updateFormFields, sessionLabel, selfCachedReference, FormUtility.Flag.ReturnEmptyValues);
final Map<FormConfiguration, String> singleValueMap = FormUtility.multiValueMapToSingleValue(valueMap);
FormUtility.validateFormValues(configuration, singleValueMap, locale);
LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " has value for attributes, update profile will not be required");
return false;
} catch (PwmDataValidationException e) {
LOGGER.debug(sessionLabel, "checkProfile: " + userIdentity + " does not have good attributes (" + e.getMessage() + "), update profile will be required");
return true;
} catch (PwmUnrecoverableException e) {
e.printStackTrace();
}
return false;
}
use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.
the class UserInfoReader method getPasswordStatus.
@Override
public PasswordStatus getPasswordStatus() throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final PasswordStatus.PasswordStatusBuilder passwordStatusBuilder = PasswordStatus.builder();
final String userDN = chaiUser.getEntryDN();
final PwmPasswordPolicy passwordPolicy = selfCachedReference.getPasswordPolicy();
final long startTime = System.currentTimeMillis();
LOGGER.trace(sessionLabel, "beginning password status check process for " + userDN);
// check if password meets existing policy.
if (passwordPolicy.getRuleHelper().readBooleanValue(PwmPasswordRule.EnforceAtLogin)) {
if (currentPassword != null) {
try {
final PwmPasswordRuleValidator passwordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
passwordRuleValidator.testPassword(currentPassword, null, selfCachedReference, chaiUser);
} catch (PwmDataValidationException | PwmUnrecoverableException e) {
LOGGER.debug(sessionLabel, "user " + userDN + " password does not conform to current password policy (" + e.getMessage() + "), marking as requiring change.");
passwordStatusBuilder.violatesPolicy(true);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
}
}
boolean ldapPasswordExpired = false;
try {
ldapPasswordExpired = chaiUser.isPasswordExpired();
if (ldapPasswordExpired) {
LOGGER.trace(sessionLabel, "password for " + userDN + " appears to be expired");
} else {
LOGGER.trace(sessionLabel, "password for " + userDN + " does not appear to be expired");
}
} catch (ChaiOperationException e) {
LOGGER.info(sessionLabel, "error reading LDAP attributes for " + userDN + " while reading isPasswordExpired(): " + e.getMessage());
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
final Instant ldapPasswordExpirationTime = selfCachedReference.getPasswordExpirationTime();
boolean preExpired = false;
if (ldapPasswordExpirationTime != null) {
final TimeDuration expirationInterval = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
LOGGER.trace(sessionLabel, "read password expiration time: " + JavaHelper.toIsoDate(ldapPasswordExpirationTime) + ", " + expirationInterval.asCompactString() + " from now");
final TimeDuration diff = TimeDuration.fromCurrent(ldapPasswordExpirationTime);
// now check to see if the user's expire time is within the 'preExpireTime' setting.
final long preExpireMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_PRE_TIME) * 1000;
if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preExpireMs) {
LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as pre-expired");
preExpired = true;
} else if (ldapPasswordExpired) {
preExpired = true;
LOGGER.debug(sessionLabel, "user " + userDN + " password is expired, marking as pre-expired.");
}
// now check to see if the user's expire time is within the 'preWarnTime' setting.
final long preWarnMs = config.readSettingAsLong(PwmSetting.PASSWORD_EXPIRE_WARN_TIME) * 1000;
// don't check if the 'preWarnTime' setting is zero or less than the expirePreTime
if (!ldapPasswordExpired && !preExpired) {
if (!(preWarnMs == 0 || preWarnMs < preExpireMs)) {
if (diff.getTotalMilliseconds() > 0 && diff.getTotalMilliseconds() < preWarnMs) {
LOGGER.debug(sessionLabel, "user " + userDN + " password will expire within " + diff.asCompactString() + ", marking as within warn period");
passwordStatusBuilder.warnPeriod(true);
}
}
}
passwordStatusBuilder.preExpired(preExpired);
}
LOGGER.debug(sessionLabel, "completed user password status check for " + userDN + " " + passwordStatusBuilder + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
passwordStatusBuilder.expired(ldapPasswordExpired);
return passwordStatusBuilder.build();
}
use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.
the class CrService method validateResponses.
public void validateResponses(final ChallengeSet challengeSet, final Map<Challenge, String> responseMap, final int minRandomRequiredSetup) throws PwmDataValidationException, PwmUnrecoverableException {
// strip null keys from responseMap;
responseMap.keySet().removeIf(Objects::isNull);
{
// check for missing question texts
for (final Challenge challenge : responseMap.keySet()) {
if (!challenge.isAdminDefined()) {
final String text = challenge.getChallengeText();
if (text == null || text.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_CHALLENGE_TEXT);
throw new PwmDataValidationException(errorInformation);
}
}
}
}
{
// check responses against wordlist
final WordlistManager wordlistManager = pwmApplication.getWordlistManager();
if (wordlistManager.status() == PwmService.STATUS.OPEN) {
for (final Map.Entry<Challenge, String> entry : responseMap.entrySet()) {
final Challenge loopChallenge = entry.getKey();
if (loopChallenge.isEnforceWordlist()) {
final String answer = entry.getValue();
if (wordlistManager.containsWord(answer)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_RESPONSE_WORDLIST, null, new String[] { loopChallenge.getChallengeText() });
throw new PwmDataValidationException(errorInfo);
}
}
}
}
}
{
// check for duplicate questions. need to check the actual req params because the following dupes wont populate duplicates
final Set<String> userQuestionTexts = new HashSet<>();
for (final Challenge challenge : responseMap.keySet()) {
final String text = challenge.getChallengeText();
if (text != null) {
if (userQuestionTexts.contains(text.toLowerCase())) {
final String errorMsg = "duplicate challenge text: " + text;
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_CHALLENGE_DUPLICATE, errorMsg, new String[] { text });
throw new PwmDataValidationException(errorInformation);
} else {
userQuestionTexts.add(text.toLowerCase());
}
}
}
}
int randomCount = 0;
for (final Challenge loopChallenge : responseMap.keySet()) {
if (!loopChallenge.isRequired()) {
randomCount++;
}
}
if (minRandomRequiredSetup == 0) {
// if using recover style, then all readResponseSet must be supplied at this point.
if (randomCount < challengeSet.getRandomChallenges().size()) {
final String errorMsg = "all randoms required, but not all randoms are completed";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
}
if (randomCount < minRandomRequiredSetup) {
final String errorMsg = minRandomRequiredSetup + " randoms required, but not only " + randomCount + " randoms are completed";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
if (JavaHelper.isEmpty(responseMap)) {
final String errorMsg = "empty response set";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMsg);
throw new PwmDataValidationException(errorInfo);
}
}
use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.
the class FormUtility method readFormValuesFromMap.
public static Map<FormConfiguration, String> readFormValuesFromMap(final Map<String, String> inputMap, final Collection<FormConfiguration> formItems, final Locale locale) throws PwmDataValidationException, PwmUnrecoverableException {
if (formItems == null || formItems.isEmpty()) {
return Collections.emptyMap();
}
final Map<FormConfiguration, String> returnMap = new LinkedHashMap<>();
if (inputMap == null) {
return returnMap;
}
for (final FormConfiguration formItem : formItems) {
final String keyName = formItem.getName();
final String value = inputMap.get(keyName);
if (formItem.isRequired() && !formItem.isReadonly()) {
if (StringUtil.isEmpty(value)) {
final String errorMsg = "missing required value for field '" + formItem.getName() + "'";
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_REQUIRED, errorMsg, new String[] { formItem.getLabel(locale) });
throw new PwmDataValidationException(error);
}
}
if (formItem.isConfirmationRequired()) {
final String confirmValue = inputMap.get(keyName + Validator.PARAM_CONFIRM_SUFFIX);
if (confirmValue == null || !confirmValue.equals(value)) {
final String errorMsg = "incorrect confirmation value for field '" + formItem.getName() + "'";
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_BAD_CONFIRM, errorMsg, new String[] { formItem.getLabel(locale) });
throw new PwmDataValidationException(error);
}
}
if (formItem.getType() == FormConfiguration.Type.checkbox) {
final String parsedValue = parseInputValueToFormValue(formItem, value);
returnMap.put(formItem, parsedValue);
} else if (value != null && !formItem.isReadonly()) {
final String parsedValue = parseInputValueToFormValue(formItem, value);
returnMap.put(formItem, parsedValue);
}
}
return returnMap;
}
use of password.pwm.error.PwmDataValidationException in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckAttributes.
@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
// final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.isBogusUser()) {
final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
// add a bit of jitter to pretend like we're checking a data source
JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
if (forgottenPasswordBean.getUserSearchValues() != null) {
final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
// check attributes
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
final Locale userLocale = pwmRequest.getLocale();
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
if (requiredAttributesForm.isEmpty()) {
return ProcessStatus.Continue;
}
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formConfiguration = entry.getKey();
final String attrName = formConfiguration.getName();
try {
if (theUser.compareStringAttribute(attrName, entry.getValue())) {
LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
} else {
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
} catch (ChaiOperationException e) {
LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
} catch (PwmDataValidationException e) {
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
}
return ProcessStatus.Continue;
}
Aggregations