Examples with PwmOperationalException password.pwm.error.PwmOperationalException used on opensource projects

Example 36 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class LoginServlet method handleLoginRequest.

private void handleLoginRequest(final PwmRequest pwmRequest, final Map<String, String> valueMap, final boolean passwordOnly) throws PwmOperationalException, ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final String username = valueMap.get(PwmConstants.PARAM_USERNAME);
    final String passwordStr = valueMap.get(PwmConstants.PARAM_PASSWORD);
    final PasswordData password = passwordStr != null && passwordStr.length() > 0 ? new PasswordData(passwordStr) : null;
    final String context = valueMap.get(PwmConstants.PARAM_CONTEXT);
    final String ldapProfile = valueMap.get(PwmConstants.PARAM_LDAP_PROFILE);
    final String recaptchaResponse = valueMap.get("g-recaptcha-response");
    if (!passwordOnly && (username == null || username.isEmpty())) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "missing username parameter"));
    }
    if (password == null) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "missing password parameter"));
    }
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest, recaptchaResponse)) {
            throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE, "captcha incorrect"));
        }
    }
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), PwmAuthenticationSource.LOGIN_FORM);
    if (passwordOnly) {
        final UserIdentity userIdentity = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
        sessionAuthenticator.authenticateUser(userIdentity, password);
    } else {
        sessionAuthenticator.searchAndAuthenticateUser(username, password, context, ldapProfile);
    }
    // if here then login was successful
    // recycle the session to prevent session fixation attack.
    pwmRequest.getPwmSession().getSessionStateBean().setSessionIdRecycleNeeded(true);
}

Example 37 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class SetupOtpServlet method handleClearOtpSecret.

@ActionHandler(action = "clearOtp")
private ProcessStatus handleClearOtpSecret(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException {
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final OtpService service = pwmApplication.getOtpService();
    final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
    try {
        service.clearOTPUserConfiguration(pwmSession, theUser);
    } catch (PwmOperationalException e) {
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.error(pwmRequest, e.getErrorInformation());
        return ProcessStatus.Halt;
    }
    otpBean.setHasPreExistingOtp(false);
    initializeBean(pwmRequest, otpBean);
    return ProcessStatus.Continue;
}

Example 38 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class RestClientHelper method makeOutboundRestWSCall.

public static String makeOutboundRestWSCall(final PwmApplication pwmApplication, final Locale locale, final String url, final String jsonRequestBody) throws PwmOperationalException, PwmUnrecoverableException {
    final HttpPost httpPost = new HttpPost(url);
    httpPost.setHeader("Accept", PwmConstants.AcceptValue.json.getHeaderValue());
    if (locale != null) {
        httpPost.setHeader("Accept-Locale", locale.toString());
    }
    httpPost.setHeader("Content-Type", HttpContentType.json.getHeaderValue());
    final HttpResponse httpResponse;
    try {
        final StringEntity stringEntity = new StringEntity(jsonRequestBody);
        stringEntity.setContentType(PwmConstants.AcceptValue.json.getHeaderValue());
        httpPost.setEntity(stringEntity);
        LOGGER.debug("beginning external rest call to: " + httpPost.toString() + ", body: " + jsonRequestBody);
        httpResponse = PwmHttpClient.getHttpClient(pwmApplication.getConfig()).execute(httpPost);
        final String responseBody = EntityUtils.toString(httpResponse.getEntity());
        LOGGER.trace("external rest call returned: " + httpResponse.getStatusLine().toString() + ", body: " + responseBody);
        if (httpResponse.getStatusLine().getStatusCode() != 200) {
            final String errorMsg = "received non-200 response code (" + httpResponse.getStatusLine().getStatusCode() + ") when executing web-service";
            LOGGER.error(errorMsg);
            throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
        }
        return responseBody;
    } catch (IOException e) {
        final String errorMsg = "http response error while executing external rest call, error: " + e.getMessage();
        LOGGER.error(errorMsg);
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg), e);
    }
}

Example 39 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class RestAuthenticationProcessor method readLdapUserIdentity.

private UserIdentity readLdapUserIdentity() throws PwmUnrecoverableException {
    final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
    if (basicAuthInfo == null) {
        return null;
    }
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    try {
        return userSearchEngine.resolveUsername(basicAuthInfo.getUsername(), null, null, sessionLabel);
    } catch (PwmOperationalException e) {
        throw new PwmUnrecoverableException(e.getErrorInformation().wrapWithNewErrorCode(PwmError.ERROR_WRONGPASSWORD));
    }
}

Example 40 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class RestUtility method resolveRequestedUsername.

public static RestServlet.TargetUserIdentity resolveRequestedUsername(final RestRequest restRequest, final String username) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = restRequest.getPwmApplication();
    if (StringUtil.isEmpty(username)) {
        if (restRequest.getRestAuthentication().getType() == RestAuthenticationType.NAMED_SECRET) {
            throw PwmUnrecoverableException.newException(PwmError.ERROR_REST_INVOCATION_ERROR, "username field required when using external web services secrets for authentication ");
        }
    } else {
        if (!restRequest.getRestAuthentication().isThirdPartyEnabled()) {
            throw PwmUnrecoverableException.newException(PwmError.ERROR_UNAUTHORIZED, "username specified in request, however third party permission is not granted to the authenticated login.");
        }
    }
    if (StringUtil.isEmpty(username)) {
        if (restRequest.getRestAuthentication().getType() == RestAuthenticationType.LDAP) {
            return new RestServlet.TargetUserIdentity(restRequest, restRequest.getRestAuthentication().getLdapIdentity(), true);
        }
    }
    final String ldapProfileID;
    final String effectiveUsername;
    if (username.contains("|")) {
        final int pipeIndex = username.indexOf("|");
        ldapProfileID = username.substring(0, pipeIndex);
        effectiveUsername = username.substring(pipeIndex + 1, username.length());
    } else {
        ldapProfileID = null;
        effectiveUsername = username;
    }
    try {
        final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
        final UserIdentity userIdentity = userSearchEngine.resolveUsername(effectiveUsername, null, ldapProfileID, restRequest.getSessionLabel());
        final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
        if (ldapProfile != null) {
            {
                final UserIdentity testUser = ldapProfile.getTestUser(pwmApplication);
                if (testUser != null && testUser.canonicalEquals(userIdentity, pwmApplication)) {
                    final String msg = "rest services can not be invoked against the configured LDAP profile test user";
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_REST_INVOCATION_ERROR, msg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            {
                final UserIdentity proxyUser = ldapProfile.getProxyUser(pwmApplication);
                if (proxyUser != null && proxyUser.canonicalEquals(userIdentity, pwmApplication)) {
                    final String msg = "rest services can not be invoked against the configured LDAP profile proxy user";
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_REST_INVOCATION_ERROR, msg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
        }
        return new RestServlet.TargetUserIdentity(restRequest, userIdentity, false);
    } catch (PwmOperationalException e) {
        throw new PwmUnrecoverableException(e.getErrorInformation());
    }
}