Search in sources :

Example 66 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class HelpdeskServlet method processCheckPasswordAction.

@ActionHandler(action = "checkPassword")
private ProcessStatus processCheckPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final RestCheckPasswordServer.JsonInput jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestCheckPasswordServer.JsonInput.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    final ChaiUser chaiUser = getChaiUser(pwmRequest, getHelpdeskProfile(pwmRequest), userIdentity);
    final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
    {
        final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
        if (mode == HelpdeskUIMode.none) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
        }
    }
    final PasswordUtility.PasswordCheckInfo passwordCheckInfo = PasswordUtility.checkEnteredPassword(pwmRequest.getPwmApplication(), pwmRequest.getLocale(), chaiUser, userInfo, null, PasswordData.forStringValue(jsonInput.getPassword1()), PasswordData.forStringValue(jsonInput.getPassword2()));
    final RestCheckPasswordServer.JsonOutput jsonResponse = RestCheckPasswordServer.JsonOutput.fromPasswordCheckInfo(passwordCheckInfo);
    final RestResultBean restResultBean = RestResultBean.withData(jsonResponse);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskUIMode(password.pwm.config.option.HelpdeskUIMode) PasswordUtility(password.pwm.util.operations.PasswordUtility) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) RestCheckPasswordServer(password.pwm.ws.server.rest.RestCheckPasswordServer) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 67 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class HelpdeskServlet method processSetPasswordAction.

@ActionHandler(action = "setPassword")
private ProcessStatus processSetPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final HelpdeskProfile helpdeskProfile = pwmRequest.getPwmSession().getSessionManager().getHelpdeskProfile(pwmRequest.getPwmApplication());
    final RestSetPasswordServer.JsonInputData jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestSetPasswordServer.JsonInputData.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
    final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
    final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
    if (mode == HelpdeskUIMode.none) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
    }
    final PasswordData newPassword;
    if (jsonInput.getPassword() == null) {
        if (mode != HelpdeskUIMode.random) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to " + mode + " and no password is included in request"));
        }
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, chaiUser, pwmRequest.getLocale());
        newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), passwordPolicy, pwmRequest.getPwmApplication());
    } else {
        if (mode == HelpdeskUIMode.random) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to autogen yet a password is included in request"));
        }
        newPassword = new PasswordData(jsonInput.getPassword());
    }
    try {
        PasswordUtility.helpdeskSetUserPassword(pwmRequest.getPwmSession(), chaiUser, userInfo, pwmRequest.getPwmApplication(), newPassword);
    } catch (PwmException e) {
        LOGGER.error("error during set password REST operation: " + e.getMessage());
        pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
        return ProcessStatus.Halt;
    }
    pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_ChangedHelpdeskPassword, userInfo.getUsername()));
    return ProcessStatus.Halt;
}
Also used : PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskUIMode(password.pwm.config.option.HelpdeskUIMode) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) RestSetPasswordServer(password.pwm.ws.server.rest.RestSetPasswordServer)

Example 68 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class HelpdeskServlet method restValidateAttributes.

@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Instant startTime = Instant.now();
    final String bodyString = pwmRequest.readRequestBodyAsString();
    final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
    boolean passed = false;
    {
        final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
        if (verificationForms == null || verificationForms.isEmpty()) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
            throw new PwmUnrecoverableException(errorInformation);
        }
        final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
        final ChaiUser chaiUser;
        try {
            chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
        int successCount = 0;
        for (final FormConfiguration formConfiguration : verificationForms) {
            final String name = formConfiguration.getName();
            final String suppliedValue = bodyMap.get(name);
            try {
                if (chaiUser.compareStringAttribute(name, suppliedValue)) {
                    successCount++;
                }
            } catch (ChaiException e) {
                LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
            }
        }
        if (successCount == verificationForms.size()) {
            passed = true;
        }
    }
    final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
    if (passed) {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
    } else {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
    }
    // add a delay to prevent continuous checks
    final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
    while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
        JavaHelper.pause(100);
    }
    final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
    final RestResultBean restResultBean = RestResultBean.withData(responseBean);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) List(java.util.List) ArrayList(java.util.ArrayList) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmSession(password.pwm.http.PwmSession) Map(java.util.Map) HashMap(java.util.HashMap) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 69 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class ConfigGuideServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    if (pwmApplication.getSessionStateService().getBean(pwmRequest, ConfigGuideBean.class).getStep() == GuideStep.START) {
        pwmApplication.getSessionStateService().clearBean(pwmRequest, ConfigGuideBean.class);
    }
    final ConfigGuideBean configGuideBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ConfigGuideBean.class);
    if (pwmApplication.getApplicationMode() != PwmApplicationMode.NEW) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "ConfigGuide unavailable unless in NEW mode");
        LOGGER.error(pwmRequest, errorInformation.toDebugStr());
        throw new PwmUnrecoverableException(errorInformation);
    }
    if (!configGuideBean.getFormData().containsKey(ConfigGuideFormField.PARAM_APP_SITEURL)) {
        final URI uri = URI.create(pwmRequest.getHttpServletRequest().getRequestURL().toString());
        final int port = PwmURL.portForUriSchema(uri);
        final String newUri = uri.getScheme() + "://" + uri.getHost() + ":" + port + pwmRequest.getContextPath();
        configGuideBean.getFormData().put(ConfigGuideFormField.PARAM_APP_SITEURL, newUri);
    }
    if (configGuideBean.getStep() == GuideStep.LDAP_CERT) {
        final String ldapServerString = ConfigGuideForm.figureLdapUrlFromFormConfig(configGuideBean.getFormData());
        try {
            final URI ldapServerUri = new URI(ldapServerString);
            if ("ldaps".equalsIgnoreCase(ldapServerUri.getScheme())) {
                configGuideBean.setLdapCertificates(X509Utils.readRemoteCertificates(ldapServerUri));
                configGuideBean.setCertsTrustedbyKeystore(X509Utils.testIfLdapServerCertsInDefaultKeystore(ldapServerUri));
            } else {
                configGuideBean.setLdapCertificates(null);
                configGuideBean.setCertsTrustedbyKeystore(false);
            }
        } catch (Exception e) {
            LOGGER.error("error reading/testing ldap server certificates: " + e.getMessage());
        }
    }
    return ProcessStatus.Continue;
}
Also used : ConfigGuideBean(password.pwm.http.bean.ConfigGuideBean) ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) URI(java.net.URI) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) PwmException(password.pwm.error.PwmException) IOException(java.io.IOException)

Example 70 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class ConfigGuideServlet method restExtendSchema.

@ActionHandler(action = "extendSchema")
private ProcessStatus restExtendSchema(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
    final ConfigGuideBean configGuideBean = getBean(pwmRequest);
    try {
        final SchemaOperationResult schemaOperationResult = ConfigGuideUtils.extendSchema(pwmRequest.getPwmApplication(), configGuideBean, true);
        pwmRequest.outputJsonResult(RestResultBean.withData(schemaOperationResult.getOperationLog()));
    } catch (Exception e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
        LOGGER.error(pwmRequest, e.getMessage(), e);
    }
    return ProcessStatus.Halt;
}
Also used : ConfigGuideBean(password.pwm.http.bean.ConfigGuideBean) ErrorInformation(password.pwm.error.ErrorInformation) SchemaOperationResult(password.pwm.ldap.schema.SchemaOperationResult) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) PwmException(password.pwm.error.PwmException) IOException(java.io.IOException)

Aggregations

PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)282 ErrorInformation (password.pwm.error.ErrorInformation)201 PwmOperationalException (password.pwm.error.PwmOperationalException)85 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)75 IOException (java.io.IOException)72 PwmException (password.pwm.error.PwmException)69 PwmApplication (password.pwm.PwmApplication)48 UserIdentity (password.pwm.bean.UserIdentity)48 Configuration (password.pwm.config.Configuration)43 ServletException (javax.servlet.ServletException)38 LinkedHashMap (java.util.LinkedHashMap)37 Instant (java.time.Instant)35 ArrayList (java.util.ArrayList)31 PwmSession (password.pwm.http.PwmSession)30 Map (java.util.Map)28 ChaiUser (com.novell.ldapchai.ChaiUser)26 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25 FormConfiguration (password.pwm.config.value.data.FormConfiguration)24 HashMap (java.util.HashMap)23 ChaiException (com.novell.ldapchai.exception.ChaiException)22