Search in sources :

Example 51 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class NewUserServlet method handleEnterCodeRequest.

@ActionHandler(action = "enterCode")
private ProcessStatus handleEnterCodeRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final NewUserBean newUserBean = getNewUserBean(pwmRequest);
    final NewUserProfile newUserProfile = getNewUserProfile(pwmRequest);
    final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
    final TokenDestinationItem tokenDestinationItem = NewUserUtils.tokenDestinationItemForCurrentValidation(pwmRequest, newUserBean, newUserProfile);
    ErrorInformation errorInformation = null;
    TokenPayload tokenPayload = null;
    try {
        tokenPayload = TokenUtil.checkEnteredCode(pwmRequest, userEnteredCode, tokenDestinationItem, null, TokenType.NEWUSER, TokenService.TokenEntryType.unauthenticated);
    } catch (PwmUnrecoverableException e) {
        LOGGER.debug(pwmRequest, "error while checking entered token: ");
        errorInformation = e.getErrorInformation();
    }
    if (tokenPayload != null) {
        try {
            final NewUserTokenData newUserTokenData = NewUserFormUtils.fromTokenPayload(pwmRequest, tokenPayload);
            newUserBean.setProfileID(newUserTokenData.getProfileID());
            final NewUserForm newUserFormFromToken = newUserTokenData.getFormData();
            final TokenDestinationItem.Type tokenType = tokenPayload.getDestination().getType();
            if (tokenType == TokenDestinationItem.Type.email) {
                try {
                    verifyForm(pwmRequest, newUserFormFromToken, false);
                    newUserBean.setRemoteInputData(newUserTokenData.getInjectionData());
                    newUserBean.setNewUserForm(newUserFormFromToken);
                    newUserBean.setProfileID(newUserTokenData.getProfileID());
                    newUserBean.setFormPassed(true);
                    newUserBean.getCompletedTokenFields().addAll(newUserTokenData.getCompletedTokenFields());
                    newUserBean.setCurrentTokenField(newUserTokenData.getCurrentTokenField());
                } catch (PwmUnrecoverableException | PwmOperationalException e) {
                    LOGGER.error(pwmRequest, "while reading stored form data in token payload, form validation error occurred: " + e.getMessage());
                    errorInformation = e.getErrorInformation();
                }
            } else if (tokenType == TokenDestinationItem.Type.sms) {
                if (newUserBean.getNewUserForm() == null || !newUserBean.getNewUserForm().isConsistentWith(newUserFormFromToken)) {
                    LOGGER.debug(pwmRequest, "token value is valid, but form data does not match current session form data");
                    final String errorMsg = "sms token does not match current session";
                    errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
                }
            }
        } catch (PwmOperationalException e) {
            errorInformation = e.getErrorInformation();
        }
    }
    if (errorInformation != null) {
        LOGGER.debug(pwmSession, errorInformation.toDebugStr());
        setLastError(pwmRequest, errorInformation);
        return ProcessStatus.Continue;
    }
    LOGGER.debug(pwmRequest, "marking token as passed " + JsonUtil.serialize(tokenDestinationItem));
    newUserBean.getCompletedTokenFields().add(newUserBean.getCurrentTokenField());
    newUserBean.setTokenSent(false);
    newUserBean.setCurrentTokenField(null);
    if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON)) {
        pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination());
        pwmRequest.forwardToJsp(JspUrl.NEW_USER_TOKEN_SUCCESS);
        return ProcessStatus.Halt;
    }
    return ProcessStatus.Continue;
}
Also used : PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) NewUserProfile(password.pwm.config.profile.NewUserProfile) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) TokenPayload(password.pwm.svc.token.TokenPayload) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PwmSession(password.pwm.http.PwmSession) NewUserBean(password.pwm.http.bean.NewUserBean)

Example 52 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class NewUserServlet method handleProcessFormRequest.

@ActionHandler(action = "processForm")
private ProcessStatus handleProcessFormRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final NewUserBean newUserBean = getNewUserBean(pwmRequest);
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            LOGGER.debug(pwmRequest, errorInfo);
            setLastError(pwmRequest, errorInfo);
            forwardToFormPage(pwmRequest, newUserBean);
            return ProcessStatus.Halt;
        }
    }
    newUserBean.setFormPassed(false);
    newUserBean.setNewUserForm(null);
    try {
        final NewUserForm newUserForm = NewUserFormUtils.readFromRequest(pwmRequest, newUserBean);
        final PasswordUtility.PasswordCheckInfo passwordCheckInfo = verifyForm(pwmRequest, newUserForm, true);
        NewUserUtils.passwordCheckInfoToException(passwordCheckInfo);
        newUserBean.setNewUserForm(newUserForm);
        newUserBean.setFormPassed(true);
    } catch (PwmOperationalException e) {
        setLastError(pwmRequest, e.getErrorInformation());
        forwardToFormPage(pwmRequest, newUserBean);
        return ProcessStatus.Halt;
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PasswordUtility(password.pwm.util.operations.PasswordUtility) NewUserBean(password.pwm.http.bean.NewUserBean) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 53 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class NewUserUtils method createUser.

@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final long startTime = System.currentTimeMillis();
    // re-perform verification before proceeding
    {
        final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
        passwordCheckInfoToException(passwordCheckInfo);
    }
    NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
    final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
    final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
    final PasswordData userPassword;
    if (promptForPassword) {
        userPassword = newUserForm.getNewUserPassword();
    } else {
        final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
        userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
    }
    // set up the user creation attributes
    final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
    // read the creation object classes from configuration
    final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
    // add the auto-add object classes
    {
        final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
        createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
    }
    final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
    try {
        // create the ldap entry
        chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
        NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
    } catch (ChaiOperationException e) {
        final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
        throw new PwmOperationalException(errorInformation);
    }
    final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
    final boolean useTempPw;
    {
        final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
        if ("auto".equalsIgnoreCase(settingValue)) {
            useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
        } else {
            useTempPw = Boolean.parseBoolean(settingValue);
        }
    }
    if (useTempPw) {
        NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
        final PasswordData temporaryPassword;
        {
            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
            temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
        }
        final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
        try {
            // set password as admin
            proxiedUser.setPassword(temporaryPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
        try {
            // bind as user
            NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
            final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
            final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
            final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
            bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
            bindAsProvider.close();
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
    } else {
        try {
            // set password
            theUser.setPassword(userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
    }
    NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
    // write data to remote web service
    remoteWriteFormData(pwmRequest, newUserForm);
    // authenticate the user to pwm
    final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
    sessionAuthenticator.authenticateUser(userIdentity, userPassword);
    {
        // execute configured actions
        final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
        if (actions != null && !actions.isEmpty()) {
            NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    // send user email
    sendNewUserEmailConfirmation(pwmRequest);
    // add audit record
    pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
    // increment the new user creation statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
    NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used : LinkedHashSet(java.util.LinkedHashSet) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) NewUserProfile(password.pwm.config.profile.NewUserProfile) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) PwmSession(password.pwm.http.PwmSession)

Example 54 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PeopleSearchDataReader method checkIfUserIdentityViewable.

void checkIfUserIdentityViewable(final UserIdentity userIdentity) throws PwmUnrecoverableException, PwmOperationalException {
    final String filterSetting = getSearchFilter(pwmRequest.getConfig());
    String filterString = filterSetting.replace(PwmConstants.VALUE_REPLACEMENT_USERNAME, "*");
    while (filterString.contains("**")) {
        filterString = filterString.replace("**", "*");
    }
    final boolean match = LdapPermissionTester.testQueryMatch(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, filterString);
    if (!match) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "requested userDN is not available within configured search filter"));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 55 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PeopleSearchDataReader method makeSearchResultsImpl.

private SearchResultBean makeSearchResultsImpl(final PwmRequest pwmRequest, final String username, final boolean includeDisplayName) throws ChaiUnavailableException, PwmUnrecoverableException {
    final Instant startTime = Instant.now();
    if (username == null || username.length() < 1) {
        return new SearchResultBean();
    }
    final boolean useProxy = useProxy();
    final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
    final SearchConfiguration searchConfiguration;
    {
        final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
        builder.contexts(pwmRequest.getConfig().readSettingAsStringArray(PwmSetting.PEOPLE_SEARCH_SEARCH_BASE));
        builder.enableContextValidation(false);
        builder.username(username);
        builder.enableValueEscaping(false);
        builder.filter(getSearchFilter(pwmRequest.getConfig()));
        builder.enableSplitWhitespace(true);
        if (!useProxy) {
            builder.ldapProfile(pwmRequest.getPwmSession().getUserInfo().getUserIdentity().getLdapProfileID());
            builder.chaiProvider(pwmRequest.getPwmSession().getSessionManager().getChaiProvider());
        }
        searchConfiguration = builder.build();
    }
    final UserSearchResults results;
    final boolean sizeExceeded;
    try {
        final List<FormConfiguration> searchForm = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PEOPLE_SEARCH_RESULT_FORM);
        final int maxResults = (int) pwmRequest.getConfig().readSettingAsLong(PwmSetting.PEOPLE_SEARCH_RESULT_LIMIT);
        final Locale locale = pwmRequest.getLocale();
        results = userSearchEngine.performMultiUserSearchFromForm(locale, searchConfiguration, maxResults, searchForm, pwmRequest.getSessionLabel());
        sizeExceeded = results.isSizeExceeded();
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInformation = e.getErrorInformation();
        LOGGER.error(pwmRequest.getSessionLabel(), errorInformation.toDebugStr());
        throw new PwmUnrecoverableException(errorInformation);
    }
    final List<Map<String, Object>> resultOutput = new ArrayList<>(results.resultsAsJsonOutput(pwmRequest.getPwmApplication(), null));
    if (includeDisplayName) {
        for (final Map<String, Object> map : resultOutput) {
            final String userKey = (String) map.get("userKey");
            if (userKey != null) {
                final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
                final String displayValue = figureDisplaynameValue(pwmRequest, userIdentity);
                map.put("_displayName", displayValue);
            }
        }
    }
    final TimeDuration searchDuration = TimeDuration.fromCurrent(startTime);
    LOGGER.trace(pwmRequest.getPwmSession(), "finished rest peoplesearch search in " + searchDuration.asCompactString() + " not using cache, size=" + results.getResults().size());
    final SearchResultBean searchResultBean = new SearchResultBean();
    searchResultBean.setSearchResults(resultOutput);
    searchResultBean.setSizeExceeded(sizeExceeded);
    final String aboutMessage = LocaleHelper.getLocalizedMessage(pwmRequest.getLocale(), Display.Display_SearchResultsInfo.getKey(), pwmRequest.getConfig(), Display.class, new String[] { String.valueOf(results.getResults().size()), searchDuration.asLongString(pwmRequest.getLocale()) });
    searchResultBean.setAboutResultMessage(aboutMessage);
    return searchResultBean;
}
Also used : Locale(java.util.Locale) Instant(java.time.Instant) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserSearchResults(password.pwm.ldap.search.UserSearchResults) UserIdentity(password.pwm.bean.UserIdentity) ArrayList(java.util.ArrayList) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) FormConfiguration(password.pwm.config.value.data.FormConfiguration) TimeDuration(password.pwm.util.java.TimeDuration) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) TreeMap(java.util.TreeMap)

Aggregations

PwmOperationalException (password.pwm.error.PwmOperationalException)134 ErrorInformation (password.pwm.error.ErrorInformation)104 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)57 UserIdentity (password.pwm.bean.UserIdentity)39 PwmApplication (password.pwm.PwmApplication)27 PwmSession (password.pwm.http.PwmSession)26 ChaiUser (com.novell.ldapchai.ChaiUser)20 Configuration (password.pwm.config.Configuration)19 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)17 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 PwmException (password.pwm.error.PwmException)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)14 Instant (java.time.Instant)13 LinkedHashMap (java.util.LinkedHashMap)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 UserInfo (password.pwm.ldap.UserInfo)11