Examples with PwmOperationalException password.pwm.error.PwmOperationalException used on opensource projects

Example 86 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class LdapTokenMachine method removeToken.

public void removeToken(final TokenKey tokenKey) throws PwmOperationalException, PwmUnrecoverableException {
    final TokenPayload payload = retrieveToken(tokenKey);
    if (payload != null) {
        final UserIdentity userIdentity = payload.getUserIdentity();
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userIdentity);
            chaiUser.deleteAttribute(tokenAttribute, null);
        } catch (ChaiException e) {
            final String errorMsg = "unexpected ldap error removing token: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
}

Example 87 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class ImportLocalDBCommand method doCommand.

@Override
void doCommand() throws Exception {
    final LocalDB localDB = cliEnvironment.getLocalDB();
    final String msg = "Proceeding with this operation will clear ALL data from the LocalDB." + "\n" + "Please consider backing up the LocalDB before proceeding. " + "\n" + "\n" + "The application must be stopped for this operation to succeed.";
    if (!promptForContinue(msg)) {
        out("exiting...");
        return;
    }
    final LocalDBUtility pwmDBUtility = new LocalDBUtility(localDB);
    final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
    try {
        pwmDBUtility.importLocalDB(inputFile, System.out);
    } catch (PwmOperationalException e) {
        out("error during import: " + e.getMessage());
    }
}

Example 88 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method processUserEnteredCode.

public TokenPayload processUserEnteredCode(final PwmSession pwmSession, final UserIdentity sessionUserIdentity, final TokenType tokenType, final String userEnteredCode, final TokenEntryType tokenEntryType) throws PwmOperationalException, PwmUnrecoverableException {
    try {
        final TokenPayload tokenPayload = processUserEnteredCodeImpl(pwmSession, sessionUserIdentity, tokenType, userEnteredCode);
        if (tokenPayload.getDestination() != null && !StringUtil.isEmpty(tokenPayload.getDestination().getValue())) {
            pwmApplication.getIntruderManager().clear(RecordType.TOKEN_DEST, tokenPayload.getDestination().getValue());
        }
        markTokenAsClaimed(tokenMachine.keyFromKey(userEnteredCode), pwmSession, tokenPayload);
        return tokenPayload;
    } catch (Exception e) {
        final ErrorInformation errorInformation;
        if (e instanceof PwmException) {
            errorInformation = ((PwmException) e).getErrorInformation();
        } else {
            errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, e.getMessage());
        }
        LOGGER.debug(pwmSession, errorInformation.toDebugStr());
        if (sessionUserIdentity != null && tokenEntryType == TokenEntryType.unauthenticated) {
            final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, null);
            sessionAuthenticator.simulateBadPassword(sessionUserIdentity);
            pwmApplication.getIntruderManager().convenience().markUserIdentity(sessionUserIdentity, pwmSession);
        }
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.RECOVERY_FAILURES);
        throw new PwmOperationalException(errorInformation);
    }
}

Example 89 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenUtil method checkEnteredCode.

public static TokenPayload checkEnteredCode(final PwmRequest pwmRequest, final String userEnteredCode, final TokenDestinationItem tokenDestinationItem, final UserIdentity userIdentity, final TokenType tokenType, final TokenService.TokenEntryType tokenEntryType) throws PwmUnrecoverableException {
    try {
        final TokenPayload tokenPayload = pwmRequest.getPwmApplication().getTokenService().processUserEnteredCode(pwmRequest.getPwmSession(), pwmRequest.getUserInfoIfLoggedIn(), tokenType, userEnteredCode, tokenEntryType);
        if (tokenPayload != null) {
            if (!tokenType.matchesName(tokenPayload.getName())) {
                final String errorMsg = "expecting email token type but received : " + tokenPayload.getName();
                throw PwmUnrecoverableException.newException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
            }
            if (tokenEntryType == TokenService.TokenEntryType.authenticated) {
                if (tokenPayload.getUserIdentity() == null) {
                    final String errorMsg = "missing userID for received token";
                    throw PwmUnrecoverableException.newException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
                }
                if (!userIdentity.canonicalEquals(pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getPwmApplication())) {
                    final String errorMsg = "received token is not for currently authenticated user, received token is for: " + tokenPayload.getUserIdentity().toDisplayString();
                    throw PwmUnrecoverableException.newException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
                }
            }
            if (tokenDestinationItem != null) {
                final String currentTokenDest = tokenDestinationItem.getValue();
                final TokenDestinationItem payloadTokenDest = tokenPayload.getDestination();
                if (payloadTokenDest != null && !StringUtil.nullSafeEquals(currentTokenDest, payloadTokenDest.getValue())) {
                    final String errorMsg = "token is for destination '" + currentTokenDest + "', but the current expected destination is '" + payloadTokenDest + "'";
                    throw PwmUnrecoverableException.newException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
                }
            }
        }
        return tokenPayload;
    } catch (PwmOperationalException e) {
        final String errorMsg = "token incorrect: " + e.getMessage();
        throw PwmUnrecoverableException.newException(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
    }
}

Example 90 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PasswordUtility method setPassword.

public static void setPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final ChaiProvider chaiProvider, final UserInfo userInfo, final PasswordData oldPassword, final PasswordData newPassword) throws PwmUnrecoverableException, PwmOperationalException {
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    final Instant startTime = Instant.now();
    final boolean bindIsSelf;
    final String bindDN;
    try {
        final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
        final Locale locale = PwmConstants.DEFAULT_LOCALE;
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, theUser, locale);
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
        pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, theUser);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    } catch (PwmException e) {
        throw new PwmUnrecoverableException(e.getErrorInformation());
    }
    try {
        final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
        bindDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
        bindIsSelf = userIdentity.canonicalEquals(new UserIdentity(bindDN, userIdentity.getLdapProfileID()), pwmApplication);
        LOGGER.trace(sessionLabel, "preparing to setActorPassword for '" + theUser.getEntryDN() + "', using bind DN: " + bindDN);
        final boolean settingEnableChange = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE));
        if (settingEnableChange) {
            if (oldPassword == null) {
                theUser.setPassword(newPassword.getStringValue(), true);
            } else {
                theUser.changePassword(oldPassword.getStringValue(), newPassword.getStringValue());
            }
        } else {
            LOGGER.debug(sessionLabel, "skipping actual ldap password change operation due to app property " + AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE.getKey() + "=false");
        }
    } catch (ChaiPasswordPolicyException e) {
        final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
        final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError, errorMsg);
        throw new PwmOperationalException(error);
    } catch (ChaiOperationException e) {
        final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.getMessage();
        final PwmError pwmError = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(pwmError, errorMsg);
        throw new PwmOperationalException(error);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    // add the old password to the global history list (if the old password is known)
    if (oldPassword != null && pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PASSWORD_SHAREDHISTORY_ENABLE)) {
        pwmApplication.getSharedHistoryManager().addWord(sessionLabel, oldPassword.getStringValue());
    }
    // update stats
    pwmApplication.getStatisticsManager().updateEps(EpsStatistic.PASSWORD_CHANGES, 1);
    final int passwordStrength = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), newPassword.getStringValue());
    pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_STRENGTH, passwordStrength);
    // at this point the password has been changed, so log it.
    final String msg = (bindIsSelf ? "user " + userIdentity.toDisplayString() + " has changed own password" : "password for user '" + userIdentity.toDisplayString() + "' has been changed by " + bindDN) + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
    LOGGER.info(sessionLabel, msg);
}