use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class UserSearchEngine method resolveUserDN.
private UserIdentity resolveUserDN(final String userDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final Collection<LdapProfile> ldapProfiles = pwmApplication.getConfig().getLdapProfiles().values();
for (final LdapProfile ldapProfile : ldapProfiles) {
final ChaiProvider provider = pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier());
final ChaiUser user = provider.getEntryFactory().newChaiUser(userDN);
if (user.exists()) {
try {
return new UserIdentity(user.readCanonicalDN(), ldapProfile.getIdentifier());
} catch (ChaiOperationException e) {
LOGGER.error("unexpected error reading canonical userDN for '" + userDN + "', error: " + e.getMessage());
}
}
}
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class UserSearchEngine method executeSearch.
private Map<UserIdentity, Map<String, String>> executeSearch(final UserSearchJob userSearchJob, final SessionLabel sessionLabel, final int searchID, final int jobID) throws PwmOperationalException, PwmUnrecoverableException {
debugOutputTask.conditionallyExecuteTask();
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setMaxResults(userSearchJob.getMaxResults());
searchHelper.setFilter(userSearchJob.getSearchFilter());
searchHelper.setAttributes(userSearchJob.getReturnAttributes());
searchHelper.setTimeLimit((int) userSearchJob.getTimeoutMs());
final String debugInfo;
{
final Map<String, String> props = new LinkedHashMap<>();
props.put("profile", userSearchJob.getLdapProfile().getIdentifier());
props.put("base", userSearchJob.getContext());
props.put("maxCount", String.valueOf(searchHelper.getMaxResults()));
debugInfo = "[" + StringUtil.mapToString(props) + "]";
}
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "performing ldap search for user; " + debugInfo);
final Instant startTime = Instant.now();
final Map<String, Map<String, String>> results;
try {
results = userSearchJob.getChaiProvider().search(userSearchJob.getContext(), searchHelper);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
} catch (ChaiOperationException e) {
throw new PwmOperationalException(PwmError.forChaiError(e.getErrorCode()), "ldap error during searchID=" + searchID + ", error=" + e.getMessage());
}
final TimeDuration searchDuration = TimeDuration.fromCurrent(startTime);
if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_LDAP_SEARCH_TIME, searchDuration.getTotalMilliseconds());
}
if (results.isEmpty()) {
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "no matches from search (" + searchDuration.asCompactString() + "); " + debugInfo);
return Collections.emptyMap();
}
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "found " + results.size() + " results in " + searchDuration.asCompactString() + "; " + debugInfo);
final Map<UserIdentity, Map<String, String>> returnMap = new LinkedHashMap<>();
for (final Map.Entry<String, Map<String, String>> entry : results.entrySet()) {
final String userDN = entry.getKey();
final Map<String, String> attributeMap = entry.getValue();
final UserIdentity userIdentity = new UserIdentity(userDN, userSearchJob.getLdapProfile().getIdentifier());
returnMap.put(userIdentity, attributeMap);
}
return returnMap;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class LdapPermissionTester method discoverMatchingUsers.
public static Map<UserIdentity, Map<String, String>> discoverMatchingUsers(final PwmApplication pwmApplication, final int maxResultSize, final List<UserPermission> userPermissions, final SessionLabel sessionLabel) throws Exception {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new TreeMap<>();
for (final UserPermission userPermission : userPermissions) {
if ((maxResultSize) - results.size() > 0) {
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
switch(userPermission.getType()) {
case ldapQuery:
{
builder.filter(userPermission.getLdapQuery());
if (userPermission.getLdapBase() != null && !userPermission.getLdapBase().isEmpty()) {
builder.enableContextValidation(false);
builder.contexts(Collections.singletonList(userPermission.getLdapBase()));
}
}
break;
case ldapGroup:
{
builder.groupDN(userPermission.getLdapBase());
}
break;
default:
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unknown permission type: " + userPermission.getType()));
}
if (userPermission.getLdapProfileID() != null && !userPermission.getLdapProfileID().isEmpty() && !userPermission.getLdapProfileID().equals(PwmConstants.PROFILE_ID_ALL)) {
builder.ldapProfile(userPermission.getLdapProfileID());
}
final SearchConfiguration searchConfiguration = builder.build();
try {
results.putAll(userSearchEngine.performMultiUserSearch(searchConfiguration, (maxResultSize) - results.size(), Collections.emptyList(), sessionLabel));
} catch (PwmUnrecoverableException e) {
LOGGER.error("error reading matching users: " + e.getMessage());
throw new PwmOperationalException(e.getErrorInformation());
}
}
}
return results;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class FormUtility method validateFormValueUniqueness.
@SuppressWarnings("checkstyle:MethodLength")
public static void validateFormValueUniqueness(final PwmApplication pwmApplication, final Map<FormConfiguration, String> formValues, final Locale locale, final Collection<UserIdentity> excludeDN, final ValidationFlag... validationFlags) throws PwmDataValidationException, PwmUnrecoverableException {
final boolean allowResultCaching = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.allowResultCaching);
final boolean checkReadOnlyAndHidden = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.checkReadOnlyAndHidden);
final Map<String, String> filterClauses = new HashMap<>();
final Map<String, String> labelMap = new HashMap<>();
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
if (formItem.isUnique()) {
if (checkReadOnlyAndHidden || formItem.isReadonly()) {
if (checkReadOnlyAndHidden || (formItem.getType() != FormConfiguration.Type.hidden)) {
final String value = entry.getValue();
if (value != null && value.length() > 0) {
filterClauses.put(formItem.getName(), value);
labelMap.put(formItem.getName(), formItem.getLabel(locale));
}
}
}
}
}
if (filterClauses.isEmpty()) {
// nothing to search
return;
}
final StringBuilder filter = new StringBuilder();
{
// outer;
filter.append("(&");
// object classes;
filter.append("(|");
for (final String objectClass : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filter.append("(objectClass=").append(objectClass).append(")");
}
filter.append(")");
// attributes
filter.append("(|");
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
filter.append("(").append(name).append("=").append(StringUtil.escapeLdapFilter(value)).append(")");
}
filter.append(")");
filter.append(")");
}
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = CacheKey.makeCacheKey(Validator.class, null, "attr_unique_check_" + filter.toString());
if (allowResultCaching && cacheService != null) {
final String cacheValue = cacheService.get(cacheKey);
if (cacheValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cacheValue)) {
return;
} else {
final ErrorInformation errorInformation = JsonUtil.deserialize(cacheValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilterAnd(filterClauses);
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(filter.toString()).build();
final int resultSearchSizeLimit = 1 + (excludeDN == null ? 0 : excludeDN.size());
final long cacheLifetimeMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CACHE_FORM_UNIQUE_VALUE_LIFETIME_MS));
final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new LinkedHashMap<>(userSearchEngine.performMultiUserSearch(searchConfiguration, resultSearchSizeLimit, Collections.emptyList(), SessionLabel.SYSTEM_LABEL));
if (excludeDN != null && !excludeDN.isEmpty()) {
for (final UserIdentity loopIgnoreIdentity : excludeDN) {
results.keySet().removeIf(loopIgnoreIdentity::equals);
}
}
if (!results.isEmpty()) {
final UserIdentity userIdentity = results.keySet().iterator().next();
if (labelMap.size() == 1) {
// since only one value searched, it must be that one value
final String attributeName = labelMap.values().iterator().next();
LOGGER.trace("found duplicate value for attribute '" + attributeName + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { attributeName });
throw new PwmDataValidationException(error);
}
// do a compare on a user values to find one that matches.
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
final boolean compareResult;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
compareResult = theUser.compareStringAttribute(name, value);
} catch (ChaiOperationException | ChaiUnavailableException e) {
final PwmError error = PwmError.forChaiError(e.getErrorCode());
throw new PwmUnrecoverableException(error.toInfo());
}
if (compareResult) {
final String label = labelMap.get(name);
LOGGER.trace("found duplicate value for attribute '" + label + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { label });
throw new PwmDataValidationException(error);
}
}
// user didn't match on the compare.. shouldn't read here but just in case
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null);
throw new PwmDataValidationException(error);
}
} catch (PwmOperationalException e) {
if (cacheService != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
throw new PwmDataValidationException(e.getErrorInformation());
}
if (allowResultCaching && cacheService != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class LdapTokenMachine method retrieveToken.
public TokenPayload retrieveToken(final TokenKey tokenKey) throws PwmOperationalException, PwmUnrecoverableException {
final String searchFilter;
{
final String storedHash = tokenKey.getStoredHash();
final SearchHelper tempSearchHelper = new SearchHelper();
final Map<String, String> filterAttributes = new HashMap<>();
for (final String loopStr : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filterAttributes.put("objectClass", loopStr);
}
filterAttributes.put(tokenAttribute, storedHash + "*");
tempSearchHelper.setFilterAnd(filterAttributes);
searchFilter = tempSearchHelper.getFilter();
}
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).build();
final UserIdentity user = userSearchEngine.performSingleUserSearch(searchConfiguration, null);
if (user == null) {
return null;
}
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, null, user, null);
final String tokenAttributeValue = userInfo.readStringAttribute(tokenAttribute);
if (tokenAttribute != null && tokenAttributeValue.length() > 0) {
final String[] splitString = tokenAttributeValue.split(KEY_VALUE_DELIMITER);
if (splitString.length != 2) {
final String errorMsg = "error parsing ldap stored token, not enough delimited values";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
throw new PwmOperationalException(errorInformation);
}
return tokenService.fromEncryptedString(splitString[1]);
}
} catch (PwmOperationalException e) {
if (e.getError() == PwmError.ERROR_CANT_MATCH_USER) {
return null;
}
throw e;
} catch (PwmUnrecoverableException e) {
final String errorMsg = "unexpected ldap error searching for token: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
throw new PwmOperationalException(errorInformation);
}
return null;
}
Aggregations