Search in sources :

Example 41 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class CrService method writeResponses.

public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGUID, final ResponseInfoBean responseInfoBean) throws PwmOperationalException, ChaiUnavailableException, ChaiValidationException {
    int attempts = 0;
    int successes = 0;
    final Map<DataStorageMethod, String> errorMessages = new LinkedHashMap<>();
    final Configuration config = pwmApplication.getConfig();
    final List<DataStorageMethod> writeMethods = config.helper().getCrWritePreference();
    for (final DataStorageMethod loopWriteMethod : writeMethods) {
        try {
            attempts++;
            operatorMap.get(loopWriteMethod).writeResponses(userIdentity, theUser, userGUID, responseInfoBean);
            LOGGER.debug("saved responses using storage method " + loopWriteMethod + " for user " + theUser.getEntryDN());
            errorMessages.put(loopWriteMethod, "Success");
            successes++;
        } catch (PwmUnrecoverableException e) {
            final String errorMsg = "error saving responses via " + loopWriteMethod + ", error: " + e.getMessage();
            errorMessages.put(loopWriteMethod, errorMsg);
            LOGGER.error(errorMsg);
        }
    }
    if (attempts == 0) {
        final String errorMsg = "no response save methods are available or configured";
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        throw new PwmOperationalException(errorInfo);
    }
    if (attempts != successes) {
        final String errorMsg = "response storage only partially successful; attempts=" + attempts + ", successes=" + successes + ", detail=" + JsonUtil.serializeMap(errorMessages);
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        throw new PwmOperationalException(errorInfo);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) DataStorageMethod(password.pwm.config.option.DataStorageMethod) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LinkedHashMap(java.util.LinkedHashMap) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 42 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class CrService method applyPwmPolicyToNmasChallenges.

private static ChallengeSet applyPwmPolicyToNmasChallenges(final ChallengeSet challengeSet, final Configuration configuration) throws PwmUnrecoverableException {
    final List<Challenge> newChallenges = new ArrayList<>();
    final boolean applyWordlist = configuration.readSettingAsBoolean(PwmSetting.EDIRECTORY_CR_APPLY_WORDLIST);
    final int questionsInAnswer = (int) configuration.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MAX_QUESTION_CHARS_IN__ANSWER);
    for (final Challenge challenge : challengeSet.getChallenges()) {
        newChallenges.add(new ChaiChallenge(challenge.isRequired(), challenge.getChallengeText(), challenge.getMinLength(), challenge.getMaxLength(), challenge.isAdminDefined(), questionsInAnswer, applyWordlist));
    }
    try {
        return new ChaiChallengeSet(newChallenges, challengeSet.getMinRandomRequired(), challengeSet.getLocale(), challengeSet.getIdentifier());
    } catch (ChaiValidationException e) {
        final String errorMsg = "unexpected error applying policies to nmas challengeset: " + e.getMessage();
        LOGGER.error(errorMsg, e);
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ArrayList(java.util.ArrayList) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)

Example 43 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class PasswordUtility method determineConfiguredPolicyProfileForUser.

public static PwmPasswordPolicy determineConfiguredPolicyProfileForUser(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final Locale locale) throws PwmUnrecoverableException {
    final List<String> profiles = pwmApplication.getConfig().getPasswordProfileIDs();
    if (profiles.isEmpty()) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no password profiles are configured"));
    }
    for (final String profile : profiles) {
        final PwmPasswordPolicy loopPolicy = pwmApplication.getConfig().getPasswordPolicy(profile, locale);
        final List<UserPermission> userPermissions = loopPolicy.getUserPermissions();
        LOGGER.debug(pwmSession, "testing password policy profile '" + profile + "'");
        try {
            final boolean match = LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession, userIdentity, userPermissions);
            if (match) {
                return loopPolicy;
            }
        } catch (PwmUnrecoverableException e) {
            LOGGER.error(pwmSession, "unexpected error while testing password policy profile '" + profile + "', error: " + e.getMessage());
        }
    }
    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is configured"));
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserPermission(password.pwm.config.value.data.UserPermission)

Example 44 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class PasswordUtility method isPasswordWithinMinimumLifetimeImpl.

public static boolean isPasswordWithinMinimumLifetimeImpl(final ChaiUser chaiUser, final SessionLabel sessionLabel, final PwmPasswordPolicy passwordPolicy, final Instant lastModified, final PasswordStatus passwordStatus) throws PwmUnrecoverableException {
    // for oracle DS; this check is also handled in UserAuthenticator.
    try {
        if (DirectoryVendor.ORACLE_DS == chaiUser.getChaiProvider().getDirectoryVendor()) {
            final String oracleDSPrePasswordAllowChangeTime = chaiUser.readStringAttribute("passwordAllowChangeTime");
            if (oracleDSPrePasswordAllowChangeTime != null && !oracleDSPrePasswordAllowChangeTime.isEmpty()) {
                final Instant date = OracleDSEntries.convertZuluToDate(oracleDSPrePasswordAllowChangeTime);
                if (Instant.now().isBefore(date)) {
                    LOGGER.debug("discovered oracleds allowed change time is set to: " + JavaHelper.toIsoDate(date) + ", won't permit password change");
                    final String errorMsg = "change not permitted until " + JavaHelper.toIsoDate(date);
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.PASSWORD_TOO_SOON, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            return false;
        }
    } catch (ChaiException e) {
        LOGGER.debug(sessionLabel, "unexpected error reading OracleDS password allow modification time: " + e.getMessage());
    }
    final TimeDuration minimumLifetime;
    {
        final int minimumLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
        if (minimumLifetimeSeconds < 1) {
            return false;
        }
        if (lastModified == null) {
            LOGGER.debug(sessionLabel, "skipping minimum lifetime check, password last set time is unknown");
            return false;
        }
        minimumLifetime = new TimeDuration(minimumLifetimeSeconds, TimeUnit.SECONDS);
    }
    final TimeDuration passwordAge = TimeDuration.fromCurrent(lastModified);
    LOGGER.trace(sessionLabel, "beginning check for minimum lifetime, lastModified=" + JavaHelper.toIsoDate(lastModified) + ", minimumLifetimeSeconds=" + minimumLifetime.asCompactString() + ", passwordAge=" + passwordAge.asCompactString());
    if (lastModified.isAfter(Instant.now())) {
        LOGGER.debug(sessionLabel, "skipping minimum lifetime check, password lastModified time is in the future");
        return false;
    }
    final boolean passwordTooSoon = passwordAge.isShorterThan(minimumLifetime);
    if (!passwordTooSoon) {
        LOGGER.trace(sessionLabel, "minimum lifetime check passed, password age ");
        return false;
    }
    if (passwordStatus.isExpired() || passwordStatus.isPreExpired() || passwordStatus.isWarnPeriod()) {
        LOGGER.debug(sessionLabel, "current password is too young, but skipping enforcement of minimum lifetime check because current password is expired");
        return false;
    }
    return true;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Instant(java.time.Instant) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) TimeDuration(password.pwm.util.java.TimeDuration) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 45 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class PasswordUtility method readIndividualReplicaLastPasswordTimes.

public static Map<String, Instant> readIndividualReplicaLastPasswordTimes(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final Map<String, Instant> returnValue = new LinkedHashMap<>();
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final Collection<ChaiConfiguration> perReplicaConfigs = ChaiUtility.splitConfigurationPerReplica(chaiProvider.getChaiConfiguration(), Collections.singletonMap(ChaiSetting.FAILOVER_CONNECT_RETRIES, "1"));
    for (final ChaiConfiguration loopConfiguration : perReplicaConfigs) {
        final String loopReplicaUrl = loopConfiguration.getSetting(ChaiSetting.BIND_DN);
        ChaiProvider loopProvider = null;
        try {
            loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(loopConfiguration);
            final Instant lastModifiedDate = determinePwdLastModified(pwmApplication, sessionLabel, userIdentity);
            returnValue.put(loopReplicaUrl, lastModifiedDate);
        } catch (ChaiUnavailableException e) {
            LOGGER.error(sessionLabel, "unreachable server during replica password sync check");
            e.printStackTrace();
        } finally {
            if (loopProvider != null) {
                try {
                    loopProvider.close();
                } catch (Exception e) {
                    final String errorMsg = "error closing loopProvider to " + loopReplicaUrl + " while checking individual password sync status";
                    LOGGER.error(sessionLabel, errorMsg);
                }
            }
        }
    }
    return returnValue;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) Instant(java.time.Instant) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmException(password.pwm.error.PwmException) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)282 ErrorInformation (password.pwm.error.ErrorInformation)201 PwmOperationalException (password.pwm.error.PwmOperationalException)85 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)75 IOException (java.io.IOException)72 PwmException (password.pwm.error.PwmException)69 PwmApplication (password.pwm.PwmApplication)48 UserIdentity (password.pwm.bean.UserIdentity)48 Configuration (password.pwm.config.Configuration)43 ServletException (javax.servlet.ServletException)38 LinkedHashMap (java.util.LinkedHashMap)37 Instant (java.time.Instant)35 ArrayList (java.util.ArrayList)31 PwmSession (password.pwm.http.PwmSession)30 Map (java.util.Map)28 ChaiUser (com.novell.ldapchai.ChaiUser)26 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25 FormConfiguration (password.pwm.config.value.data.FormConfiguration)24 HashMap (java.util.HashMap)23 ChaiException (com.novell.ldapchai.exception.ChaiException)22