use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class CryptoCookieLoginImpl method checkIfRemoteLoginCookieIsValid.
private static void checkIfRemoteLoginCookieIsValid(final PwmRequest pwmRequest, final LoginInfoBean loginInfoBean) throws PwmOperationalException, PwmUnrecoverableException {
if (loginInfoBean.isAuthenticated() && loginInfoBean.getAuthTime() == null) {
final String errorMsg = "decrypted login cookie does not specify a local auth time";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
throw new PwmOperationalException(errorInformation);
}
if (loginInfoBean.getAuthTime() != null) {
final long sessionMaxSeconds = pwmRequest.getConfig().readSettingAsLong(PwmSetting.SESSION_MAX_SECONDS);
final TimeDuration sessionTotalAge = TimeDuration.fromCurrent(loginInfoBean.getAuthTime());
final TimeDuration sessionMaxAge = new TimeDuration(sessionMaxSeconds, TimeUnit.SECONDS);
if (sessionTotalAge.isLongerThan(sessionMaxAge)) {
final String errorMsg = "decrypted login cookie age (" + sessionTotalAge.asCompactString() + ") is older than max session seconds (" + sessionMaxAge.asCompactString() + ")";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
if (loginInfoBean.getReqTime() == null) {
final String errorMsg = "decrypted login cookie does not specify a issue time";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
throw new PwmOperationalException(errorInformation);
}
{
final TimeDuration loginCookieIssueAge = TimeDuration.fromCurrent(loginInfoBean.getReqTime());
final TimeDuration maxIdleDuration = IdleTimeoutCalculator.idleTimeoutForRequest(pwmRequest);
if (loginCookieIssueAge.isLongerThan(maxIdleDuration)) {
final String errorMsg = "decrypted login cookie issue time (" + loginCookieIssueAge.asCompactString() + ") is older than max idle seconds (" + maxIdleDuration.asCompactString() + ")";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class UpdateProfileServlet method handleUpdateProfileRequest.
@ActionHandler(action = "updateProfile")
ProcessStatus handleUpdateProfileRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException {
final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
try {
readFormParametersFromRequest(pwmRequest, updateProfileProfile, updateProfileBean);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getMessage());
setLastError(pwmRequest, e.getErrorInformation());
}
updateProfileBean.setFormSubmitted(true);
return ProcessStatus.Continue;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class UpdateProfileServlet method restValidateForm.
@ActionHandler(action = "validate")
ProcessStatus restValidateForm(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
boolean success = true;
String userMessage = Message.getLocalizedMessage(pwmRequest.getLocale(), Message.Success_UpdateForm, pwmRequest.getConfig());
try {
// read in the responses from the request
final Map<FormConfiguration, String> formValues = UpdateProfileUtil.readFromJsonRequest(pwmRequest, updateProfileProfile, updateProfileBean);
// verify form meets the form requirements
UpdateProfileUtil.verifyFormAttributes(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getLocale(), formValues, true);
updateProfileBean.getFormData().putAll(FormUtility.asStringMap(formValues));
} catch (PwmOperationalException e) {
success = false;
userMessage = e.getErrorInformation().toUserStr(pwmRequest.getPwmSession(), pwmRequest.getPwmApplication());
}
final ValidateResponse response = new ValidateResponse();
response.setMessage(userMessage);
response.setSuccess(success);
pwmRequest.outputJsonResult(RestResultBean.withData(response));
return ProcessStatus.Halt;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class PeopleSearchDataReader method readUserDNAttributeValues.
private List<UserIdentity> readUserDNAttributeValues(final UserIdentity userIdentity, final String attributeName) throws PwmUnrecoverableException {
final List<UserIdentity> returnObj = new ArrayList<>();
final int maxValues = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT));
final ChaiUser chaiUser = getChaiUser(userIdentity);
final Set<String> ldapValues;
try {
ldapValues = chaiUser.readMultiStringAttribute(attributeName);
} catch (ChaiOperationException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, "error reading attribute value '" + attributeName + "', error:" + e.getMessage()));
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
final boolean checkUserDNValues = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN));
for (final String userDN : ldapValues) {
final UserIdentity loopIdentity = new UserIdentity(userDN, userIdentity.getLdapProfileID());
if (returnObj.size() < maxValues) {
try {
if (checkUserDNValues) {
checkIfUserIdentityViewable(loopIdentity);
}
returnObj.add(loopIdentity);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because it does not match search filter");
}
} else {
LOGGER.trace(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because maximum value count has been reached");
}
}
return returnObj;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenService method processUserEnteredCodeImpl.
private TokenPayload processUserEnteredCodeImpl(final PwmSession pwmSession, final UserIdentity sessionUserIdentity, final TokenType tokenType, final String userEnteredCode) throws PwmOperationalException, PwmUnrecoverableException {
final TokenPayload tokenPayload;
try {
tokenPayload = pwmApplication.getTokenService().retrieveTokenData(pwmSession.getLabel(), userEnteredCode);
} catch (PwmOperationalException e) {
final String errorMsg = "unexpected error attempting to read token from storage: " + e.getErrorInformation().toDebugStr();
throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
}
if (tokenPayload == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "token not found");
throw new PwmOperationalException(errorInformation);
}
LOGGER.trace(pwmSession, "retrieved tokenPayload: " + tokenPayload.toDebugString());
if (tokenType != null && pwmApplication.getTokenService().supportsName()) {
if (!tokenType.matchesName(tokenPayload.getName())) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "incorrect token/name format");
throw new PwmOperationalException(errorInformation);
}
}
// check current session identity
if (tokenPayload.getUserIdentity() != null && sessionUserIdentity != null) {
if (!tokenPayload.getUserIdentity().canonicalEquals(sessionUserIdentity, pwmApplication)) {
final String errorMsg = "user in session '" + sessionUserIdentity + "' entered code for user '" + tokenPayload.getUserIdentity() + "', counting as invalid attempt";
throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
}
}
// check if password-last-modified is same as when tried to read it before.
if (verifyPwModifyTime && tokenPayload.getUserIdentity() != null && tokenPayload.getData() != null && tokenPayload.getData().containsKey(PwmConstants.TOKEN_KEY_PWD_CHG_DATE)) {
try {
final Instant userLastPasswordChange = PasswordUtility.determinePwdLastModified(pwmApplication, pwmSession.getLabel(), tokenPayload.getUserIdentity());
final String dateStringInToken = tokenPayload.getData().get(PwmConstants.TOKEN_KEY_PWD_CHG_DATE);
LOGGER.trace(pwmSession, "tokenPayload=" + tokenPayload.toDebugString() + ", sessionUser=" + (sessionUserIdentity == null ? "null" : sessionUserIdentity.toDisplayString()) + ", payloadUserIdentity=" + tokenPayload.getUserIdentity().toDisplayString() + ", userLastPasswordChange=" + JavaHelper.toIsoDate(userLastPasswordChange) + ", dateStringInToken=" + dateStringInToken);
if (userLastPasswordChange != null && dateStringInToken != null) {
final String userChangeString = JavaHelper.toIsoDate(userLastPasswordChange);
if (!dateStringInToken.equalsIgnoreCase(userChangeString)) {
final String errorString = "user password has changed since token issued, token rejected;" + " currentValue=" + userChangeString + ", tokenValue=" + dateStringInToken;
LOGGER.trace(pwmSession, errorString + "; token=" + tokenPayload.toDebugString());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_EXPIRED, errorString);
throw new PwmOperationalException(errorInformation);
}
}
} catch (ChaiUnavailableException | PwmUnrecoverableException e) {
final String errorMsg = "unexpected error reading user's last password change time while validating token: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
LOGGER.debug(pwmSession, "token validation has been passed");
return tokenPayload;
}
Aggregations