use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class PasswordUtility method helpdeskSetUserPassword.
public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final SessionLabel sessionLabel = pwmSession.getLabel();
final UserIdentity userIdentity = userInfo.getUserIdentity();
if (!pwmSession.isAuthenticated()) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
if (helpdeskProfile == null) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
// create a proxy user object for pwm to update/read the user.
final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// update statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
{
// execute configured actions
LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
final List<ActionConfiguration> actions = new ArrayList<>();
actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
if (!actions.isEmpty()) {
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
if (settingClearResponses == HelpdeskClearResponseMode.yes) {
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// send email notification
sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
// expire if so configured
if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
try {
proxiedUser.expirePassword();
} catch (ChaiOperationException e) {
LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
}
}
// send password
final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
if (sendPassword) {
final MessageSendMethod messageSendMethod;
{
final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
}
PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
}
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class LocalDbOtpOperator method writeOtpUserConfiguration.
@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
LOGGER.trace(pwmSession, String.format("Enter: writeOtpUserConfiguration(%s, %s, %s)", theUser, userGUID, otpConfig));
if (userGUID == null || userGUID.length() < 1) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to localDB, user does not have a pwmGUID"));
}
if (localDB == null || localDB.status() != LocalDB.Status.OPEN) {
final String errorMsg = "LocalDB is not available, unable to write user otp";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_LOCALDB_UNAVAILABLE, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final Configuration config = this.getPwmApplication().getConfig();
String value = composeOtpAttribute(otpConfig);
if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
LOGGER.debug(pwmSession, "Encrypting OTP secret for storage");
value = encryptAttributeValue(value);
}
localDB.put(LocalDB.DB.OTP_SECRET, userGUID, value);
LOGGER.info(pwmSession, "saved OTP secret for user in LocalDB");
} catch (LocalDBException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected LocalDB error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
} catch (PwmOperationalException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
}
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class LocalDBUtility method exportLocalDB.
public void exportLocalDB(final OutputStream outputStream, final Appendable debugOutput, final boolean showLineCount) throws PwmOperationalException, IOException {
if (outputStream == null) {
throw new PwmOperationalException(PwmError.ERROR_UNKNOWN, "outputFileStream for exportLocalDB cannot be null");
}
final int totalLines;
if (showLineCount) {
writeStringToOut(debugOutput, "counting records in LocalDB...");
exportLineCounter = 0;
for (final LocalDB.DB loopDB : LocalDB.DB.values()) {
if (loopDB.isBackup()) {
exportLineCounter += localDB.size(loopDB);
}
}
totalLines = exportLineCounter;
writeStringToOut(debugOutput, " total lines: " + totalLines);
} else {
totalLines = 0;
}
exportLineCounter = 0;
writeStringToOut(debugOutput, "export beginning");
final long startTime = System.currentTimeMillis();
final Timer statTimer = new Timer(true);
statTimer.schedule(new TimerTask() {
@Override
public void run() {
if (showLineCount) {
final float percentComplete = (float) exportLineCounter / (float) totalLines;
final String percentStr = DecimalFormat.getPercentInstance().format(percentComplete);
writeStringToOut(debugOutput, "exported " + exportLineCounter + " records, " + percentStr + " complete");
} else {
writeStringToOut(debugOutput, "exported " + exportLineCounter + " records");
}
}
}, 30 * 1000, 30 * 1000);
try (CSVPrinter csvPrinter = JavaHelper.makeCsvPrinter(new GZIPOutputStream(outputStream, GZIP_BUFFER_SIZE))) {
csvPrinter.printComment(PwmConstants.PWM_APP_NAME + " " + PwmConstants.SERVLET_VERSION + " LocalDB export on " + JavaHelper.toIsoDate(new Date()));
for (final LocalDB.DB loopDB : LocalDB.DB.values()) {
if (loopDB.isBackup()) {
csvPrinter.printComment("Export of " + loopDB.toString());
final LocalDB.LocalDBIterator<String> localDBIterator = localDB.iterator(loopDB);
try {
while (localDBIterator.hasNext()) {
final String key = localDBIterator.next();
final String value = localDB.get(loopDB, key);
csvPrinter.printRecord(loopDB.toString(), key, value);
exportLineCounter++;
}
} finally {
localDBIterator.close();
}
csvPrinter.flush();
}
}
csvPrinter.printComment("export completed at " + JavaHelper.toIsoDate(new Date()));
} catch (IOException e) {
writeStringToOut(debugOutput, "IO error during localDB export: " + e.getMessage());
} finally {
statTimer.cancel();
}
writeStringToOut(debugOutput, "export complete, exported " + exportLineCounter + " records in " + TimeDuration.fromCurrent(startTime).asLongString());
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class ForgottenPasswordUtil method figureAttributeForm.
static List<FormConfiguration> figureAttributeForm(final ForgottenPasswordProfile forgottenPasswordProfile, final ForgottenPasswordBean forgottenPasswordBean, final PwmRequest pwmRequest, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmOperationalException, PwmUnrecoverableException {
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordProfile.readSettingAsForm(PwmSetting.RECOVERY_ATTRIBUTE_FORM);
if (requiredAttributesForm.isEmpty()) {
return requiredAttributesForm;
}
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final List<FormConfiguration> returnList = new ArrayList<>();
for (final FormConfiguration formItem : requiredAttributesForm) {
if (formItem.isRequired()) {
returnList.add(formItem);
} else {
try {
final String currentValue = userInfo.readStringAttribute(formItem.getName());
if (currentValue != null && currentValue.length() > 0) {
returnList.add(formItem);
} else {
LOGGER.trace(pwmRequest, "excluding optional required attribute(" + formItem.getName() + "), user has no value");
}
} catch (PwmUnrecoverableException e) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "unexpected error reading value for attribute " + formItem.getName()));
}
}
}
if (returnList.isEmpty()) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "user has no values for any optional attribute"));
}
return returnList;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class HelpdeskCardInfoBean method figurePhotoURL.
private static String figurePhotoURL(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final ChaiUser chaiUser, final MacroMachine macroMachine, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final boolean enabled = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_PHOTOS);
if (!enabled) {
LOGGER.debug(pwmRequest, "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view");
return null;
}
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String overrideURL = ldapProfile.readSettingAsString(PwmSetting.PEOPLE_SEARCH_PHOTO_URL_OVERRIDE);
try {
if (!StringUtil.isEmpty(overrideURL)) {
return macroMachine.expandMacros(overrideURL);
}
try {
LdapOperationsHelper.readPhotoDataFromLdap(pwmApplication.getConfig(), chaiUser, userIdentity);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmRequest, "determined " + userIdentity + " does not have photo data available while generating detail data");
return null;
}
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
String returnUrl = pwmRequest.getContextPath() + PwmServletDefinition.Helpdesk.servletUrl();
returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_ACTION_REQUEST, HelpdeskServlet.HelpdeskAction.photo.name());
returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_USERKEY, userIdentity.toObfuscatedKey(pwmApplication));
return returnUrl;
}
Aggregations