use of password.pwm.error.PwmException in project pwm by pwm-project.
the class IntruderManager method init.
@Override
@SuppressWarnings("checkstyle:MethodLength")
public void init(final PwmApplication pwmApplication) throws PwmException {
this.pwmApplication = pwmApplication;
final Configuration config = pwmApplication.getConfig();
status = STATUS.OPENING;
if (pwmApplication.getLocalDB() == null || pwmApplication.getLocalDB().status() != LocalDB.Status.OPEN) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "unable to start IntruderManager, LocalDB unavailable");
LOGGER.error(errorInformation.toDebugStr());
startupError = errorInformation;
status = STATUS.CLOSED;
return;
}
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.INTRUDER_ENABLE)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "intruder module not enabled");
LOGGER.debug(errorInformation.toDebugStr());
status = STATUS.CLOSED;
return;
}
final DataStore dataStore;
{
final IntruderStorageMethod intruderStorageMethod = pwmApplication.getConfig().readSettingAsEnum(PwmSetting.INTRUDER_STORAGE_METHOD, IntruderStorageMethod.class);
final String debugMsg;
final DataStorageMethod storageMethodUsed;
switch(intruderStorageMethod) {
case AUTO:
dataStore = DataStoreFactory.autoDbOrLocalDBstore(pwmApplication, DatabaseTable.INTRUDER, LocalDB.DB.INTRUDER);
if (dataStore instanceof DatabaseDataStore) {
debugMsg = "starting using auto-configured data store, Remote Database selected";
storageMethodUsed = DataStorageMethod.DB;
} else {
debugMsg = "starting using auto-configured data store, LocalDB selected";
storageMethodUsed = DataStorageMethod.LOCALDB;
}
break;
case DATABASE:
dataStore = new DatabaseDataStore(pwmApplication.getDatabaseService(), DatabaseTable.INTRUDER);
debugMsg = "starting using Remote Database data store";
storageMethodUsed = DataStorageMethod.DB;
break;
case LOCALDB:
dataStore = new LocalDBDataStore(pwmApplication.getLocalDB(), LocalDB.DB.INTRUDER);
debugMsg = "starting using LocalDB data store";
storageMethodUsed = DataStorageMethod.LOCALDB;
break;
default:
startupError = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unknown storageMethod selected: " + intruderStorageMethod);
status = STATUS.CLOSED;
return;
}
LOGGER.info(debugMsg);
serviceInfo = new ServiceInfoBean(Collections.singletonList(storageMethodUsed));
}
final RecordStore recordStore;
{
recordStore = new DataStoreRecordStore(dataStore, this);
final String threadName = JavaHelper.makeThreadName(pwmApplication, this.getClass()) + " timer";
timer = new Timer(threadName, true);
final long maxRecordAge = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.INTRUDER_RETENTION_TIME_MS));
final long cleanerRunFrequency = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.INTRUDER_CLEANUP_FREQUENCY_MS));
timer.schedule(new TimerTask() {
@Override
public void run() {
try {
recordStore.cleanup(new TimeDuration(maxRecordAge));
} catch (Exception e) {
LOGGER.error("error cleaning recordStore: " + e.getMessage(), e);
}
}
}, 1000, cleanerRunFrequency);
}
try {
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_USER_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_USER_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_USER_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.USERNAME, new RecordManagerImpl(RecordType.USERNAME, recordStore, settings));
recordManagers.put(RecordType.USER_ID, new RecordManagerImpl(RecordType.USER_ID, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ATTRIBUTE_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.ATTRIBUTE, new RecordManagerImpl(RecordType.ATTRIBUTE, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_TOKEN_DEST_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder user checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.TOKEN_DEST, new RecordManagerImpl(RecordType.TOKEN_DEST, recordStore, settings));
}
}
{
final IntruderSettings settings = new IntruderSettings();
settings.setCheckCount((int) config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_MAX_ATTEMPTS));
settings.setResetDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_RESET_TIME)));
settings.setCheckDuration(new TimeDuration(1000 * config.readSettingAsLong(PwmSetting.INTRUDER_ADDRESS_CHECK_TIME)));
if (settings.getCheckCount() == 0 || settings.getCheckDuration().getTotalMilliseconds() == 0 || settings.getResetDuration().getTotalMilliseconds() == 0) {
LOGGER.info("intruder address checking will remain disabled due to configuration settings");
} else {
recordManagers.put(RecordType.ADDRESS, new RecordManagerImpl(RecordType.ADDRESS, recordStore, settings));
}
}
status = STATUS.OPEN;
} catch (Exception e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "unexpected error starting intruder manager: " + e.getMessage());
LOGGER.error(errorInformation.toDebugStr());
startupError = errorInformation;
close();
}
}
use of password.pwm.error.PwmException in project pwm by pwm-project.
the class ForgottenPasswordUtil method doActionSendNewPassword.
static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
LOGGER.trace(pwmRequest, "beginning process to send new password to user");
if (!forgottenPasswordBean.getProgress().isAllPassed()) {
return;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
try {
// try unlocking user
theUser.unlockPassword();
LOGGER.trace(pwmRequest, "unlock account succeeded");
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
try {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
// add post change actions
ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
// create new password
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
// set the password
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
} catch (ChaiException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
theUser.expirePassword();
}
// mark the event log
{
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
pwmApplication.getAuditManager().submit(auditRecord);
}
final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
// send email or SMS
final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
} catch (PwmException e) {
LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
pwmRequest.respondWithError(e.getErrorInformation());
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
} finally {
ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
// the user should not be authenticated, this is a safety method
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
// the password set flag should not have been set, this is a safety method
pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
}
}
use of password.pwm.error.PwmException in project pwm by pwm-project.
the class RemoteVerificationMethod method sendRemoteRequest.
private void sendRemoteRequest(final Map<String, String> userResponses) throws PwmUnrecoverableException {
lastResponse = null;
final Map<String, String> headers = new LinkedHashMap<>();
headers.put(HttpHeader.Content_Type.getHttpName(), HttpContentType.json.getHeaderValue());
headers.put(HttpHeader.Accept_Language.getHttpName(), locale.toLanguageTag());
final RemoteVerificationRequestBean remoteVerificationRequestBean = new RemoteVerificationRequestBean();
remoteVerificationRequestBean.setResponseSessionID(this.remoteSessionID);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, PwmConstants.DEFAULT_LOCALE, SessionLabel.SYSTEM_LABEL, userInfo.getUserIdentity());
remoteVerificationRequestBean.setUserInfo(PublicUserInfoBean.fromUserInfoBean(userInfo, pwmApplication.getConfig(), locale, macroMachine));
remoteVerificationRequestBean.setUserResponses(userResponses);
final PwmHttpClientRequest pwmHttpClientRequest = new PwmHttpClientRequest(HttpMethod.POST, url, JsonUtil.serialize(remoteVerificationRequestBean), headers);
try {
final PwmHttpClientResponse response = pwmHttpClient.makeRequest(pwmHttpClientRequest);
final String responseBodyStr = response.getBody();
this.lastResponse = JsonUtil.deserialize(responseBodyStr, RemoteVerificationResponseBean.class);
} catch (PwmException e) {
LOGGER.error(sessionLabel, e.getErrorInformation());
throw new PwmUnrecoverableException(e.getErrorInformation());
} catch (Exception e) {
final String errorMsg = "error reading remote responses web service response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
}
}
use of password.pwm.error.PwmException in project pwm by pwm-project.
the class HelpdeskServlet method processSetPasswordAction.
@ActionHandler(action = "setPassword")
private ProcessStatus processSetPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskProfile helpdeskProfile = pwmRequest.getPwmSession().getSessionManager().getHelpdeskProfile(pwmRequest.getPwmApplication());
final RestSetPasswordServer.JsonInputData jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestSetPasswordServer.JsonInputData.class);
final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
if (mode == HelpdeskUIMode.none) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
}
final PasswordData newPassword;
if (jsonInput.getPassword() == null) {
if (mode != HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to " + mode + " and no password is included in request"));
}
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, chaiUser, pwmRequest.getLocale());
newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), passwordPolicy, pwmRequest.getPwmApplication());
} else {
if (mode == HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to autogen yet a password is included in request"));
}
newPassword = new PasswordData(jsonInput.getPassword());
}
try {
PasswordUtility.helpdeskSetUserPassword(pwmRequest.getPwmSession(), chaiUser, userInfo, pwmRequest.getPwmApplication(), newPassword);
} catch (PwmException e) {
LOGGER.error("error during set password REST operation: " + e.getMessage());
pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
return ProcessStatus.Halt;
}
pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_ChangedHelpdeskPassword, userInfo.getUsername()));
return ProcessStatus.Halt;
}
use of password.pwm.error.PwmException in project pwm by pwm-project.
the class ConfigGuideServlet method restUploadJDBCDriver.
@ActionHandler(action = "uploadJDBCDriver")
private ProcessStatus restUploadJDBCDriver(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
try {
final ConfigGuideBean configGuideBean = getBean(pwmRequest);
final int maxFileSize = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.CONFIG_MAX_JDBC_JAR_SIZE));
final FileValue fileValue = ConfigEditorServletUtils.readFileUploadToSettingValue(pwmRequest, maxFileSize);
configGuideBean.setDatabaseDriver(fileValue);
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
} catch (PwmException e) {
final RestResultBean restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
LOGGER.error(pwmRequest, e.getErrorInformation().toDebugStr());
}
return ProcessStatus.Halt;
}
Aggregations