use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class LDAPStatusChecker method checkLdapDNSyntaxValues.
private static List<HealthRecord> checkLdapDNSyntaxValues(final PwmApplication pwmApplication) {
final List<HealthRecord> returnList = new ArrayList<>();
final Configuration config = pwmApplication.getConfig();
try {
for (final PwmSetting pwmSetting : PwmSetting.values()) {
if (!pwmSetting.isHidden() && pwmSetting.getCategory() == PwmSettingCategory.LDAP_PROFILE && pwmSetting.getFlags().contains(PwmSettingFlag.ldapDNsyntax)) {
for (final String profile : config.getLdapProfiles().keySet()) {
if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING) {
final String value = config.getLdapProfiles().get(profile).readSettingAsString(pwmSetting);
if (value != null && !value.isEmpty()) {
final String errorMsg = validateDN(pwmApplication, value, profile);
if (errorMsg != null) {
returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
}
}
} else if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY) {
final List<String> values = config.getLdapProfiles().get(profile).readSettingAsStringArray(pwmSetting);
if (values != null) {
for (final String value : values) {
final String errorMsg = validateDN(pwmApplication, value, profile);
if (errorMsg != null) {
returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
}
}
}
}
}
}
}
} catch (PwmUnrecoverableException e) {
LOGGER.warn("error while checking DN ldap syntax values: " + e.getMessage());
}
return returnList;
}
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class LDAPStatusChecker method checkUserPermissionValues.
private static List<HealthRecord> checkUserPermissionValues(final PwmApplication pwmApplication) {
final List<HealthRecord> returnList = new ArrayList<>();
final Configuration config = pwmApplication.getConfig();
for (final PwmSetting pwmSetting : PwmSetting.values()) {
if (!pwmSetting.isHidden() && pwmSetting.getSyntax() == PwmSettingSyntax.USER_PERMISSION) {
if (!pwmSetting.getCategory().hasProfiles()) {
final List<UserPermission> userPermissions = config.readSettingAsUserPermission(pwmSetting);
for (final UserPermission userPermission : userPermissions) {
try {
returnList.addAll(checkUserPermission(pwmApplication, userPermission, pwmSetting));
} catch (PwmUnrecoverableException e) {
LOGGER.error("error checking configured permission settings:" + e.getMessage());
}
}
}
}
}
return returnList;
}
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class LDAPStatusChecker method doLdapTestUserCheck.
@SuppressWarnings("checkstyle:MethodLength")
public List<HealthRecord> doLdapTestUserCheck(final Configuration config, final LdapProfile ldapProfile, final PwmApplication pwmApplication) {
String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
final PasswordData proxyUserPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
final List<HealthRecord> returnRecords = new ArrayList<>();
if (testUserDN == null || testUserDN.length() < 1) {
return returnRecords;
}
try {
testUserDN = ldapProfile.readCanonicalDN(pwmApplication, testUserDN);
proxyUserDN = ldapProfile.readCanonicalDN(pwmApplication, proxyUserDN);
} catch (PwmUnrecoverableException e) {
final String msgString = e.getMessage();
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
return returnRecords;
}
if (proxyUserDN.equalsIgnoreCase(testUserDN)) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_ProxyTestSameUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_PROXY_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE)));
return returnRecords;
}
ChaiUser theUser = null;
ChaiProvider chaiProvider = null;
try {
try {
chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyUserDN, proxyUserPW);
theUser = chaiProvider.getEntryFactory().newChaiUser(testUserDN);
} catch (ChaiUnavailableException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnavailable, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
} catch (Throwable e) {
final String msgString = e.getMessage();
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
return returnRecords;
}
try {
theUser.readObjectClass();
} catch (ChaiException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
try {
final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD) && theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY;
if (readPwdEnabled) {
try {
theUser.readPassword();
} catch (Exception e) {
LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError, PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
} else {
final Locale locale = PwmConstants.DEFAULT_LOCALE;
final UserIdentity userIdentity = new UserIdentity(testUserDN, ldapProfile.getIdentifier());
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, theUser, locale);
boolean doPasswordChange = true;
final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
if (minLifetimeSeconds > 0) {
final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, userIdentity);
final PasswordStatus passwordStatus;
{
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, locale, userIdentity, chaiProvider);
passwordStatus = userInfo.getPasswordStatus();
}
{
final boolean withinMinLifetime = PasswordUtility.isPasswordWithinMinimumLifetimeImpl(theUser, SessionLabel.HEALTH_SESSION_LABEL, passwordPolicy, pwdLastModified, passwordStatus);
if (withinMinLifetime) {
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime");
doPasswordChange = false;
}
}
}
if (doPasswordChange) {
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
} catch (ChaiException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
}
}
} catch (Exception e) {
final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msg));
return returnRecords;
}
try {
final UserIdentity userIdentity = new UserIdentity(theUser.getEntryDN(), ldapProfile.getIdentifier());
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, PwmConstants.DEFAULT_LOCALE, userIdentity, chaiProvider);
userInfo.getPasswordStatus();
userInfo.getAccountExpirationTime();
userInfo.getResponseInfoBean();
userInfo.getPasswordPolicy();
userInfo.getChallengeProfile();
userInfo.getProfileIDs();
userInfo.getOtpUserRecord();
userInfo.getUserGuid();
userInfo.getUsername();
userInfo.getUserEmailAddress();
userInfo.getUserSmsNumber();
} catch (PwmUnrecoverableException e) {
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), "unable to read test user data: " + e.getMessage()));
return returnRecords;
}
} finally {
if (chaiProvider != null) {
try {
chaiProvider.close();
} catch (Exception e) {
// ignore
}
}
}
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserOK, ldapProfile.getDisplayName(PwmConstants.DEFAULT_LOCALE)));
return returnRecords;
}
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class ContextManager method getContextManager.
public static ContextManager getContextManager(final ServletContext theContext) throws PwmUnrecoverableException {
// context manager is initialized at servlet context startup.
final Object theManager = theContext.getAttribute(PwmConstants.CONTEXT_ATTR_CONTEXT_MANAGER);
if (theManager == null) {
final String errorMsg = "unable to load the context manager from servlet context";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_APP_UNAVAILABLE, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
return (ContextManager) theManager;
}
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class HttpEventManager method sessionDestroyed.
public void sessionDestroyed(final HttpSessionEvent httpSessionEvent) {
final HttpSession httpSession = httpSessionEvent.getSession();
try {
if (httpSession.getAttribute(PwmConstants.SESSION_ATTR_PWM_SESSION) != null) {
final PwmSession pwmSession = PwmSessionWrapper.readPwmSession(httpSession);
if (pwmSession != null) {
pwmSession.unauthenticateUser(null);
}
final PwmApplication pwmApplication = ContextManager.getPwmApplication(httpSession);
if (pwmApplication != null) {
pwmApplication.getSessionTrackService().removeSessionData(pwmSession);
}
LOGGER.trace(pwmSession, "destroyed session");
} else {
LOGGER.trace("invalidated uninitialized session");
}
} catch (PwmUnrecoverableException e) {
LOGGER.warn("error during httpSessionDestroyed: " + e.getMessage());
}
}
Aggregations