Search in sources :

Example 56 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class CryptoCookieLoginImpl method checkIfRemoteLoginCookieIsValid.

private static void checkIfRemoteLoginCookieIsValid(final PwmRequest pwmRequest, final LoginInfoBean loginInfoBean) throws PwmOperationalException, PwmUnrecoverableException {
    if (loginInfoBean.isAuthenticated() && loginInfoBean.getAuthTime() == null) {
        final String errorMsg = "decrypted login cookie does not specify a local auth time";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    if (loginInfoBean.getAuthTime() != null) {
        final long sessionMaxSeconds = pwmRequest.getConfig().readSettingAsLong(PwmSetting.SESSION_MAX_SECONDS);
        final TimeDuration sessionTotalAge = TimeDuration.fromCurrent(loginInfoBean.getAuthTime());
        final TimeDuration sessionMaxAge = new TimeDuration(sessionMaxSeconds, TimeUnit.SECONDS);
        if (sessionTotalAge.isLongerThan(sessionMaxAge)) {
            final String errorMsg = "decrypted login cookie age (" + sessionTotalAge.asCompactString() + ") is older than max session seconds (" + sessionMaxAge.asCompactString() + ")";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
    if (loginInfoBean.getReqTime() == null) {
        final String errorMsg = "decrypted login cookie does not specify a issue time";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    {
        final TimeDuration loginCookieIssueAge = TimeDuration.fromCurrent(loginInfoBean.getReqTime());
        final TimeDuration maxIdleDuration = IdleTimeoutCalculator.idleTimeoutForRequest(pwmRequest);
        if (loginCookieIssueAge.isLongerThan(maxIdleDuration)) {
            final String errorMsg = "decrypted login cookie issue time (" + loginCookieIssueAge.asCompactString() + ") is older than max idle seconds (" + maxIdleDuration.asCompactString() + ")";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) TimeDuration(password.pwm.util.java.TimeDuration) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 57 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class UpdateProfileServlet method handleUpdateProfileRequest.

@ActionHandler(action = "updateProfile")
ProcessStatus handleUpdateProfileRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException {
    final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
    final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
    try {
        readFormParametersFromRequest(pwmRequest, updateProfileProfile, updateProfileBean);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmRequest, e.getMessage());
        setLastError(pwmRequest, e.getErrorInformation());
    }
    updateProfileBean.setFormSubmitted(true);
    return ProcessStatus.Continue;
}
Also used : UpdateProfileBean(password.pwm.http.bean.UpdateProfileBean) UpdateProfileProfile(password.pwm.config.profile.UpdateProfileProfile) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 58 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class UpdateProfileServlet method restValidateForm.

@ActionHandler(action = "validate")
ProcessStatus restValidateForm(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
    final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
    boolean success = true;
    String userMessage = Message.getLocalizedMessage(pwmRequest.getLocale(), Message.Success_UpdateForm, pwmRequest.getConfig());
    try {
        // read in the responses from the request
        final Map<FormConfiguration, String> formValues = UpdateProfileUtil.readFromJsonRequest(pwmRequest, updateProfileProfile, updateProfileBean);
        // verify form meets the form requirements
        UpdateProfileUtil.verifyFormAttributes(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getLocale(), formValues, true);
        updateProfileBean.getFormData().putAll(FormUtility.asStringMap(formValues));
    } catch (PwmOperationalException e) {
        success = false;
        userMessage = e.getErrorInformation().toUserStr(pwmRequest.getPwmSession(), pwmRequest.getPwmApplication());
    }
    final ValidateResponse response = new ValidateResponse();
    response.setMessage(userMessage);
    response.setSuccess(success);
    pwmRequest.outputJsonResult(RestResultBean.withData(response));
    return ProcessStatus.Halt;
}
Also used : UpdateProfileBean(password.pwm.http.bean.UpdateProfileBean) UpdateProfileProfile(password.pwm.config.profile.UpdateProfileProfile) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 59 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PeopleSearchDataReader method readUserDNAttributeValues.

private List<UserIdentity> readUserDNAttributeValues(final UserIdentity userIdentity, final String attributeName) throws PwmUnrecoverableException {
    final List<UserIdentity> returnObj = new ArrayList<>();
    final int maxValues = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT));
    final ChaiUser chaiUser = getChaiUser(userIdentity);
    final Set<String> ldapValues;
    try {
        ldapValues = chaiUser.readMultiStringAttribute(attributeName);
    } catch (ChaiOperationException e) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, "error reading attribute value '" + attributeName + "', error:" + e.getMessage()));
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
    }
    final boolean checkUserDNValues = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN));
    for (final String userDN : ldapValues) {
        final UserIdentity loopIdentity = new UserIdentity(userDN, userIdentity.getLdapProfileID());
        if (returnObj.size() < maxValues) {
            try {
                if (checkUserDNValues) {
                    checkIfUserIdentityViewable(loopIdentity);
                }
                returnObj.add(loopIdentity);
            } catch (PwmOperationalException e) {
                LOGGER.debug(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because it does not match search filter");
            }
        } else {
            LOGGER.trace(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because maximum value count has been reached");
        }
    }
    return returnObj;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 60 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method processUserEnteredCodeImpl.

private TokenPayload processUserEnteredCodeImpl(final PwmSession pwmSession, final UserIdentity sessionUserIdentity, final TokenType tokenType, final String userEnteredCode) throws PwmOperationalException, PwmUnrecoverableException {
    final TokenPayload tokenPayload;
    try {
        tokenPayload = pwmApplication.getTokenService().retrieveTokenData(pwmSession.getLabel(), userEnteredCode);
    } catch (PwmOperationalException e) {
        final String errorMsg = "unexpected error attempting to read token from storage: " + e.getErrorInformation().toDebugStr();
        throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
    }
    if (tokenPayload == null) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "token not found");
        throw new PwmOperationalException(errorInformation);
    }
    LOGGER.trace(pwmSession, "retrieved tokenPayload: " + tokenPayload.toDebugString());
    if (tokenType != null && pwmApplication.getTokenService().supportsName()) {
        if (!tokenType.matchesName(tokenPayload.getName())) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "incorrect token/name format");
            throw new PwmOperationalException(errorInformation);
        }
    }
    // check current session identity
    if (tokenPayload.getUserIdentity() != null && sessionUserIdentity != null) {
        if (!tokenPayload.getUserIdentity().canonicalEquals(sessionUserIdentity, pwmApplication)) {
            final String errorMsg = "user in session '" + sessionUserIdentity + "' entered code for user '" + tokenPayload.getUserIdentity() + "', counting as invalid attempt";
            throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
        }
    }
    // check if password-last-modified is same as when tried to read it before.
    if (verifyPwModifyTime && tokenPayload.getUserIdentity() != null && tokenPayload.getData() != null && tokenPayload.getData().containsKey(PwmConstants.TOKEN_KEY_PWD_CHG_DATE)) {
        try {
            final Instant userLastPasswordChange = PasswordUtility.determinePwdLastModified(pwmApplication, pwmSession.getLabel(), tokenPayload.getUserIdentity());
            final String dateStringInToken = tokenPayload.getData().get(PwmConstants.TOKEN_KEY_PWD_CHG_DATE);
            LOGGER.trace(pwmSession, "tokenPayload=" + tokenPayload.toDebugString() + ", sessionUser=" + (sessionUserIdentity == null ? "null" : sessionUserIdentity.toDisplayString()) + ", payloadUserIdentity=" + tokenPayload.getUserIdentity().toDisplayString() + ", userLastPasswordChange=" + JavaHelper.toIsoDate(userLastPasswordChange) + ", dateStringInToken=" + dateStringInToken);
            if (userLastPasswordChange != null && dateStringInToken != null) {
                final String userChangeString = JavaHelper.toIsoDate(userLastPasswordChange);
                if (!dateStringInToken.equalsIgnoreCase(userChangeString)) {
                    final String errorString = "user password has changed since token issued, token rejected;" + " currentValue=" + userChangeString + ", tokenValue=" + dateStringInToken;
                    LOGGER.trace(pwmSession, errorString + "; token=" + tokenPayload.toDebugString());
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_EXPIRED, errorString);
                    throw new PwmOperationalException(errorInformation);
                }
            }
        } catch (ChaiUnavailableException | PwmUnrecoverableException e) {
            final String errorMsg = "unexpected error reading user's last password change time while validating token: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
    LOGGER.debug(pwmSession, "token validation has been passed");
    return tokenPayload;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

PwmOperationalException (password.pwm.error.PwmOperationalException)134 ErrorInformation (password.pwm.error.ErrorInformation)104 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)57 UserIdentity (password.pwm.bean.UserIdentity)39 PwmApplication (password.pwm.PwmApplication)27 PwmSession (password.pwm.http.PwmSession)26 ChaiUser (com.novell.ldapchai.ChaiUser)20 Configuration (password.pwm.config.Configuration)19 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)17 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 PwmException (password.pwm.error.PwmException)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)14 Instant (java.time.Instant)13 LinkedHashMap (java.util.LinkedHashMap)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 UserInfo (password.pwm.ldap.UserInfo)11