Examples with PwmOperationalException password.pwm.error.PwmOperationalException used on opensource projects

Example 91 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PasswordUtility method sendNewPassword.

public static String sendNewPassword(final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword, final Locale userLocale, final MessageSendMethod messageSendMethod) throws PwmOperationalException, PwmUnrecoverableException {
    final String emailAddress = userInfo.getUserEmailAddress();
    final String smsNumber = userInfo.getUserSmsNumber();
    String returnToAddress = emailAddress;
    final MacroMachine macroMachine;
    {
        final LoginInfoBean loginInfoBean = new LoginInfoBean();
        loginInfoBean.setUserCurrentPassword(newPassword);
        loginInfoBean.setUserIdentity(userInfo.getUserIdentity());
        macroMachine = MacroMachine.forUser(pwmApplication, null, userInfo, loginInfoBean);
    }
    final ErrorInformation error;
    switch(messageSendMethod) {
        case SMSONLY:
            // Only try SMS
            error = sendNewPasswordSms(userInfo, pwmApplication, macroMachine, newPassword, smsNumber, userLocale);
            returnToAddress = smsNumber;
            break;
        case EMAILONLY:
        default:
            // Only try email
            error = sendNewPasswordEmail(userInfo, pwmApplication, macroMachine, newPassword, emailAddress, userLocale);
            break;
    }
    if (error != null) {
        throw new PwmOperationalException(error);
    }
    return returnToAddress;
}

Example 92 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PasswordUtility method setActorPassword.

/**
 * This is the entry point under which all password changes are managed.
 * The following is the general procedure when this method is invoked.
 * <ul>
 * <li> password is checked against PWM password requirement </li>
 * <li> ldap password set is attempted<br/>
 * <br/>if successful:
 * <ul>
 * <li> uiBean is updated with old and new passwords </li>
 * <li> uiBean's password expire flag is set to false </li>
 * <li> any configured external methods are invoked </li>
 * <li> user email notification is sent </li>
 * <li> return true </li>
 * </ul>
 * <br/>if unsuccessful
 * <ul>
 * <li> ssBean is updated with appropriate error </li>
 * <li> return false </li>
 * </ul>
 * </li>
 * </ul>
 *
 * @param newPassword the new password that is being set.
 * @param pwmSession  beanmanager for config and user info lookup
 * @throws com.novell.ldapchai.exception.ChaiUnavailableException if the ldap directory is not unavailable
 * @throws password.pwm.error.PwmUnrecoverableException           if user is not authenticated
 */
public static void setActorPassword(final PwmSession pwmSession, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final UserInfo userInfo = pwmSession.getUserInfo();
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.CHANGE_PASSWORD)) {
        final String errorMsg = "attempt to setActorPassword, but user does not have password change permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // but we do it just in case.
    try {
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, userInfo.getPasswordPolicy());
        pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, pwmSession.getSessionManager().getActor(pwmApplication));
    } catch (PwmDataValidationException e) {
        final String errorMsg = "attempt to setActorPassword, but password does not pass local policy validator";
        final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // retrieve the user's old password from the userInfoBean in the session
    final PasswordData oldPassword = pwmSession.getLoginInfoBean().getUserCurrentPassword();
    boolean setPasswordWithoutOld = false;
    if (oldPassword == null) {
        if (pwmSession.getSessionManager().getActor(pwmApplication).getChaiProvider().getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY) {
            setPasswordWithoutOld = true;
        }
    }
    if (!setPasswordWithoutOld) {
        // Check to make sure we actually have an old password
        if (oldPassword == null) {
            final String errorMsg = "cannot set password for user, old password is not available";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
    final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
    setPassword(pwmApplication, pwmSession.getLabel(), provider, userInfo, setPasswordWithoutOld ? null : oldPassword, newPassword);
    // update the session state bean's password modified flag
    pwmSession.getSessionStateBean().setPasswordModified(true);
    // update the login info bean with the user's new password
    pwmSession.getLoginInfoBean().setUserCurrentPassword(newPassword);
    // close any outstanding ldap connections (since they cache the old password)
    pwmSession.getSessionManager().updateUserPassword(pwmApplication, userInfo.getUserIdentity(), newPassword);
    // clear the "requires new password flag"
    pwmSession.getLoginInfoBean().getLoginFlags().remove(LoginInfoBean.LoginFlag.forcePwChange);
    // mark the auth type as authenticatePd now that we have the user's natural password.
    pwmSession.getLoginInfoBean().setType(AuthenticationType.AUTHENTICATED);
    // update the uibean's "password expired flag".
    pwmSession.reloadUserInfoBean(pwmApplication);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmSession.getSessionManager().getActor(pwmApplication);
    // update statistics
    {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.PASSWORD_CHANGES);
    }
    // invoke post password change actions
    invokePostChangePasswordActions(pwmSession, newPassword.getStringValue());
    {
        // execute configured actions
        LOGGER.debug(pwmSession, "executing configured actions to user " + proxiedUser.getEntryDN());
        final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES);
        if (configValues != null && !configValues.isEmpty()) {
            final LoginInfoBean clonedLoginInfoBean = JsonUtil.cloneUsingJson(pwmSession.getLoginInfoBean(), LoginInfoBean.class);
            clonedLoginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, pwmSession.getLabel(), pwmSession.getUserInfo(), clonedLoginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userInfo.getUserIdentity()).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(configValues, pwmSession.getLabel());
        }
    }
    // update the current last password update field in ldap
    LdapOperationsHelper.updateLastPasswordUpdateAttribute(pwmApplication, pwmSession.getLabel(), userInfo.getUserIdentity());
}

Example 93 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class DbCrOperator method readResponseSet.

public ResponseSet readResponseSet(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
    if (userGUID == null || userGUID.length() < 1) {
        final String errorMsg = "user " + theUser.getEntryDN() + " does not have a guid, unable to search for responses in remote database";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_GUID, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseService().getAccessor();
        final String responseStringBlob = databaseAccessor.get(DatabaseTable.PWM_RESPONSES, userGUID);
        if (responseStringBlob != null && responseStringBlob.length() > 0) {
            final ResponseSet userResponseSet = ChaiResponseSet.parseChaiResponseSetXML(responseStringBlob, theUser);
            LOGGER.debug("found responses for " + theUser.getEntryDN() + " in remote database: " + userResponseSet.toString());
            return userResponseSet;
        } else {
            LOGGER.trace("user guid for " + theUser.getEntryDN() + " not found in remote database (key=" + userGUID + ")");
        }
    } catch (ChaiValidationException e) {
        final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    } catch (PwmOperationalException e) {
        final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return null;
}

Example 94 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class DbOtpOperator method readOtpUserConfiguration.

@Override
public OTPUserRecord readOtpUserConfiguration(final UserIdentity theUser, final String userGUID) throws PwmUnrecoverableException {
    LOGGER.trace(String.format("Enter: readOtpUserConfiguration(%s, %s)", theUser, userGUID));
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to db, user does not have a GUID"));
    }
    OTPUserRecord otpConfig = null;
    try {
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseAccessor();
        String value = databaseAccessor.get(DatabaseTable.OTP, userGUID);
        if (value != null && value.length() > 0) {
            if (getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
                value = decryptAttributeValue(value);
            }
            if (value != null) {
                otpConfig = decomposeOtpAttribute(value);
            }
            if (otpConfig != null) {
                LOGGER.debug("found user OTP secret in db: " + otpConfig.toString());
            }
        }
    } catch (LocalDBException e) {
        final String errorMsg = "unexpected LocalDB error reading responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    } catch (PwmOperationalException e) {
        final String errorMsg = "unexpected error reading responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return otpConfig;
}

Example 95 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class DbOtpOperator method writeOtpUserConfiguration.

@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save OTP secret to remote database, user " + theUser + " does not have a guid"));
    }
    LOGGER.trace("attempting to save OTP secret for " + theUser + " in remote database (key=" + userGUID + ")");
    try {
        String value = composeOtpAttribute(otpConfig);
        if (getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            LOGGER.debug("Encrypting OTP secret for storage");
            value = encryptAttributeValue(value);
        }
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseAccessor();
        databaseAccessor.put(DatabaseTable.OTP, userGUID, value);
        LOGGER.info("saved OTP secret for " + theUser + " in remote database (key=" + userGUID + ")");
    } catch (PwmOperationalException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to db: " + ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    }
}