Search in sources :

Example 11 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PasswordUtility method helpdeskSetUserPassword.

public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final SessionLabel sessionLabel = pwmSession.getLabel();
    final UserIdentity userIdentity = userInfo.getUserIdentity();
    if (!pwmSession.isAuthenticated()) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
    if (helpdeskProfile == null) {
        final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // mark the event log
    {
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // update statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
    {
        // execute configured actions
        LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
        final List<ActionConfiguration> actions = new ArrayList<>();
        actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
        actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
        if (!actions.isEmpty()) {
            final LoginInfoBean loginInfoBean = new LoginInfoBean();
            loginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
    if (settingClearResponses == HelpdeskClearResponseMode.yes) {
        final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
        // mark the event log
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    // send email notification
    sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
    // expire if so configured
    if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
        LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
        try {
            proxiedUser.expirePassword();
        } catch (ChaiOperationException e) {
            LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
        }
    }
    // send password
    final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
    if (sendPassword) {
        final MessageSendMethod messageSendMethod;
        {
            final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
            final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
            messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        }
        PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) LoginInfoBean(password.pwm.bean.LoginInfoBean) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmOperationalException(password.pwm.error.PwmOperationalException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 12 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class LocalDbOtpOperator method writeOtpUserConfiguration.

@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
    LOGGER.trace(pwmSession, String.format("Enter: writeOtpUserConfiguration(%s, %s, %s)", theUser, userGUID, otpConfig));
    if (userGUID == null || userGUID.length() < 1) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to localDB, user does not have a pwmGUID"));
    }
    if (localDB == null || localDB.status() != LocalDB.Status.OPEN) {
        final String errorMsg = "LocalDB is not available, unable to write user otp";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_LOCALDB_UNAVAILABLE, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final Configuration config = this.getPwmApplication().getConfig();
        String value = composeOtpAttribute(otpConfig);
        if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            LOGGER.debug(pwmSession, "Encrypting OTP secret for storage");
            value = encryptAttributeValue(value);
        }
        localDB.put(LocalDB.DB.OTP_SECRET, userGUID, value);
        LOGGER.info(pwmSession, "saved OTP secret for user in LocalDB");
    } catch (LocalDBException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected LocalDB error saving otp to localDB: " + ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    } catch (PwmOperationalException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LocalDBException(password.pwm.util.localdb.LocalDBException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 13 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class LocalDBUtility method exportLocalDB.

public void exportLocalDB(final OutputStream outputStream, final Appendable debugOutput, final boolean showLineCount) throws PwmOperationalException, IOException {
    if (outputStream == null) {
        throw new PwmOperationalException(PwmError.ERROR_UNKNOWN, "outputFileStream for exportLocalDB cannot be null");
    }
    final int totalLines;
    if (showLineCount) {
        writeStringToOut(debugOutput, "counting records in LocalDB...");
        exportLineCounter = 0;
        for (final LocalDB.DB loopDB : LocalDB.DB.values()) {
            if (loopDB.isBackup()) {
                exportLineCounter += localDB.size(loopDB);
            }
        }
        totalLines = exportLineCounter;
        writeStringToOut(debugOutput, " total lines: " + totalLines);
    } else {
        totalLines = 0;
    }
    exportLineCounter = 0;
    writeStringToOut(debugOutput, "export beginning");
    final long startTime = System.currentTimeMillis();
    final Timer statTimer = new Timer(true);
    statTimer.schedule(new TimerTask() {

        @Override
        public void run() {
            if (showLineCount) {
                final float percentComplete = (float) exportLineCounter / (float) totalLines;
                final String percentStr = DecimalFormat.getPercentInstance().format(percentComplete);
                writeStringToOut(debugOutput, "exported " + exportLineCounter + " records, " + percentStr + " complete");
            } else {
                writeStringToOut(debugOutput, "exported " + exportLineCounter + " records");
            }
        }
    }, 30 * 1000, 30 * 1000);
    try (CSVPrinter csvPrinter = JavaHelper.makeCsvPrinter(new GZIPOutputStream(outputStream, GZIP_BUFFER_SIZE))) {
        csvPrinter.printComment(PwmConstants.PWM_APP_NAME + " " + PwmConstants.SERVLET_VERSION + " LocalDB export on " + JavaHelper.toIsoDate(new Date()));
        for (final LocalDB.DB loopDB : LocalDB.DB.values()) {
            if (loopDB.isBackup()) {
                csvPrinter.printComment("Export of " + loopDB.toString());
                final LocalDB.LocalDBIterator<String> localDBIterator = localDB.iterator(loopDB);
                try {
                    while (localDBIterator.hasNext()) {
                        final String key = localDBIterator.next();
                        final String value = localDB.get(loopDB, key);
                        csvPrinter.printRecord(loopDB.toString(), key, value);
                        exportLineCounter++;
                    }
                } finally {
                    localDBIterator.close();
                }
                csvPrinter.flush();
            }
        }
        csvPrinter.printComment("export completed at " + JavaHelper.toIsoDate(new Date()));
    } catch (IOException e) {
        writeStringToOut(debugOutput, "IO error during localDB export: " + e.getMessage());
    } finally {
        statTimer.cancel();
    }
    writeStringToOut(debugOutput, "export complete, exported " + exportLineCounter + " records in " + TimeDuration.fromCurrent(startTime).asLongString());
}
Also used : IOException(java.io.IOException) Date(java.util.Date) PwmOperationalException(password.pwm.error.PwmOperationalException) CSVPrinter(org.apache.commons.csv.CSVPrinter) Timer(java.util.Timer) TimerTask(java.util.TimerTask) GZIPOutputStream(java.util.zip.GZIPOutputStream)

Example 14 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class ForgottenPasswordUtil method figureAttributeForm.

static List<FormConfiguration> figureAttributeForm(final ForgottenPasswordProfile forgottenPasswordProfile, final ForgottenPasswordBean forgottenPasswordBean, final PwmRequest pwmRequest, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmOperationalException, PwmUnrecoverableException {
    final List<FormConfiguration> requiredAttributesForm = forgottenPasswordProfile.readSettingAsForm(PwmSetting.RECOVERY_ATTRIBUTE_FORM);
    if (requiredAttributesForm.isEmpty()) {
        return requiredAttributesForm;
    }
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final List<FormConfiguration> returnList = new ArrayList<>();
    for (final FormConfiguration formItem : requiredAttributesForm) {
        if (formItem.isRequired()) {
            returnList.add(formItem);
        } else {
            try {
                final String currentValue = userInfo.readStringAttribute(formItem.getName());
                if (currentValue != null && currentValue.length() > 0) {
                    returnList.add(formItem);
                } else {
                    LOGGER.trace(pwmRequest, "excluding optional required attribute(" + formItem.getName() + "), user has no value");
                }
            } catch (PwmUnrecoverableException e) {
                throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "unexpected error reading value for attribute " + formItem.getName()));
            }
        }
    }
    if (returnList.isEmpty()) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "user has no values for any optional attribute"));
    }
    return returnList;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ArrayList(java.util.ArrayList) FormConfiguration(password.pwm.config.value.data.FormConfiguration) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 15 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class HelpdeskCardInfoBean method figurePhotoURL.

private static String figurePhotoURL(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final ChaiUser chaiUser, final MacroMachine macroMachine, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final boolean enabled = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_PHOTOS);
    if (!enabled) {
        LOGGER.debug(pwmRequest, "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view");
        return null;
    }
    final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
    final String overrideURL = ldapProfile.readSettingAsString(PwmSetting.PEOPLE_SEARCH_PHOTO_URL_OVERRIDE);
    try {
        if (!StringUtil.isEmpty(overrideURL)) {
            return macroMachine.expandMacros(overrideURL);
        }
        try {
            LdapOperationsHelper.readPhotoDataFromLdap(pwmApplication.getConfig(), chaiUser, userIdentity);
        } catch (PwmOperationalException e) {
            LOGGER.debug(pwmRequest, "determined " + userIdentity + " does not have photo data available while generating detail data");
            return null;
        }
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    String returnUrl = pwmRequest.getContextPath() + PwmServletDefinition.Helpdesk.servletUrl();
    returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_ACTION_REQUEST, HelpdeskServlet.HelpdeskAction.photo.name());
    returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_USERKEY, userIdentity.toObfuscatedKey(pwmApplication));
    return returnUrl;
}
Also used : PwmApplication(password.pwm.PwmApplication) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) LdapProfile(password.pwm.config.profile.LdapProfile) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

PwmOperationalException (password.pwm.error.PwmOperationalException)134 ErrorInformation (password.pwm.error.ErrorInformation)104 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)57 UserIdentity (password.pwm.bean.UserIdentity)39 PwmApplication (password.pwm.PwmApplication)27 PwmSession (password.pwm.http.PwmSession)26 ChaiUser (com.novell.ldapchai.ChaiUser)20 Configuration (password.pwm.config.Configuration)19 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)17 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 PwmException (password.pwm.error.PwmException)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)14 Instant (java.time.Instant)13 LinkedHashMap (java.util.LinkedHashMap)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 UserInfo (password.pwm.ldap.UserInfo)11