Example 51 with PwmSession
use of password.pwm.http.PwmSession in project pwm by pwm-project.
the class SetupOtpServlet method nextStep.
@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
if (otpBean.isHasPreExistingOtp()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_EXISTING);
return;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
if (otpBean.isConfirmed()) {
final OtpService otpService = pwmApplication.getOtpService();
final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
try {
otpService.writeOTPUserConfiguration(pwmSession, theUser, otpBean.getOtpUserRecord());
otpBean.setWritten(true);
// Update the current user info bean, so the user can check the code right away
pwmSession.reloadUserInfoBean(pwmApplication);
// mark the event log
final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.SET_OTP_SECRET, pwmSession.getUserInfo(), pwmSession);
pwmApplication.getAuditManager().submit(auditRecord);
if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
pwmApplication.getStatisticsManager().incrementValue(Statistic.SETUP_OTP_SECRET);
}
} catch (Exception e) {
final ErrorInformation errorInformation;
if (e instanceof PwmException) {
errorInformation = ((PwmException) e).getErrorInformation();
} else {
errorInformation = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp secret: " + e.getMessage());
}
LOGGER.error(pwmSession, errorInformation.toDebugStr());
setLastError(pwmRequest, errorInformation);
}
}
if (otpBean.isCodeSeen()) {
if (otpBean.isWritten()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_SUCCESS);
} else {
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_TEST);
}
} else {
final String qrCodeValue = makeQrCodeDataImageUrl(pwmRequest, otpBean.getOtpUserRecord());
pwmRequest.setAttribute(PwmRequestAttribute.SetupOtp_QrCodeValue, qrCodeValue);
pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET);
}
}
Also used :
PwmException(password.pwm.error.PwmException)
UserAuditRecord(password.pwm.svc.event.UserAuditRecord)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
SetupOtpBean(password.pwm.http.bean.SetupOtpBean)
OtpService(password.pwm.util.operations.OtpService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmSession(password.pwm.http.PwmSession)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
IOException(java.io.IOException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Example 52 with PwmSession
use of password.pwm.http.PwmSession in project pwm by pwm-project.
the class AuthenticationFilter method forceRequiredRedirects.
public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmURL pwmURL = pwmRequest.getURL();
final UserInfo userInfo = pwmSession.getUserInfo();
final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
return ProcessStatus.Continue;
}
if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
return ProcessStatus.Continue;
}
// high priority pw change
if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
if (!pwmURL.isChangePasswordURL()) {
LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
// if change password in progress and req is for ChangePassword servlet, then allow request as is
if (pwmURL.isChangePasswordURL()) {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
if (progressTracker != null && progressTracker.getBeginTime() != null) {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresResponseConfig()) {
if (!pwmURL.isSetupResponsesURL()) {
LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
if (!pwmURL.isSetupOtpSecretURL()) {
LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresUpdateProfile()) {
if (!pwmURL.isProfileUpdateURL()) {
LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (!pwmURL.isChangePasswordURL()) {
if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
return ProcessStatus.Continue;
}
Also used :
ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean)
LoginInfoBean(password.pwm.bean.LoginInfoBean)
PwmURL(password.pwm.http.PwmURL)
UserInfo(password.pwm.ldap.UserInfo)
PwmSession(password.pwm.http.PwmSession)
PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker)
Example 53 with PwmSession
use of password.pwm.http.PwmSession in project pwm by pwm-project.
the class AuthenticationFilter method processUnAuthenticatedSession.
private void processUnAuthenticatedSession(final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
final boolean bypassSso = pwmRequest.getPwmSession().getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.noSso);
if (!bypassSso && pwmRequest.getPwmApplication().getApplicationMode() == PwmApplicationMode.RUNNING) {
final ProcessStatus authenticationProcessStatus = attemptAuthenticationMethods(pwmRequest);
if (authenticationProcessStatus == ProcessStatus.Halt) {
return;
}
}
final String originalRequestedUrl = pwmRequest.getURLwithQueryString();
if (pwmRequest.isAuthenticated()) {
// redirect back to self so request starts over as authenticated.
LOGGER.trace(pwmRequest, "inline authentication occurred during this request, redirecting to current url to restart request");
pwmRequest.getPwmResponse().sendRedirect(originalRequestedUrl);
return;
}
// handle if authenticated during filter process.
if (pwmSession.isAuthenticated()) {
pwmSession.getSessionStateBean().setSessionIdRecycleNeeded(true);
LOGGER.debug(pwmSession, "session authenticated during request, issuing redirect to originally requested url: " + originalRequestedUrl);
pwmRequest.sendRedirect(originalRequestedUrl);
return;
}
if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.BASIC_AUTH_FORCE)) {
final String displayMessage = LocaleHelper.getLocalizedMessage(Display.Title_Application, pwmRequest);
pwmRequest.getPwmResponse().setHeader(HttpHeader.WWW_Authenticate, "Basic realm=\"" + displayMessage + "\"");
pwmRequest.getPwmResponse().setStatus(401);
return;
}
if (pwmRequest.getURL().isLoginServlet()) {
chain.doFilter();
return;
}
// user is not authenticated so forward to LoginPage.
LOGGER.trace(pwmSession.getLabel(), "user requested resource requiring authentication (" + req.getRequestURI() + "), but is not authenticated; redirecting to LoginServlet");
LoginServlet.redirectToLoginServlet(pwmRequest);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PwmApplication(password.pwm.PwmApplication)
ProcessStatus(password.pwm.http.ProcessStatus)
PwmSession(password.pwm.http.PwmSession)
Example 54 with PwmSession
use of password.pwm.http.PwmSession in project pwm by pwm-project.
the class AuthorizationFilter method processFilter.
public void processFilter(final PwmApplicationMode mode, final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
// if the user is not authenticated as a PWM Admin, redirect to error page.
boolean hasPermission = false;
try {
hasPermission = pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.PWMADMIN);
} catch (Exception e) {
LOGGER.warn(pwmRequest, "error during authorization check: " + e.getMessage());
}
try {
if (hasPermission) {
chain.doFilter();
return;
}
} catch (Exception e) {
LOGGER.warn(pwmRequest, "unexpected error executing filter chain: " + e.getMessage());
return;
}
pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
}
Also used :
PwmApplication(password.pwm.PwmApplication)
PwmSession(password.pwm.http.PwmSession)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 55 with PwmSession
use of password.pwm.http.PwmSession in project pwm by pwm-project.
the class RequestInitializationFilter method addPwmResponseHeaders.
public static void addPwmResponseHeaders(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
if (pwmRequest == null) {
return;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Configuration config = pwmApplication.getConfig();
final PwmResponse resp = pwmRequest.getPwmResponse();
if (resp.isCommitted()) {
return;
}
final boolean includeXSessionID = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_XSESSIONID));
if (includeXSessionID && pwmSession != null) {
resp.setHeader(HttpHeader.XSessionID, pwmSession.getSessionStateBean().getSessionID());
}
final boolean includeContentLanguage = Boolean.parseBoolean(config.readAppProperty(AppProperty.HTTP_HEADER_SEND_CONTENT_LANGUAGE));
if (includeContentLanguage) {
resp.setHeader(HttpHeader.Content_Language, pwmRequest.getLocale().toLanguageTag());
}
addStaticResponseHeaders(pwmApplication, resp.getHttpServletResponse());
if (pwmSession != null) {
final String contentPolicy;
if (pwmRequest.getURL().isConfigGuideURL() || pwmRequest.getURL().isConfigManagerURL()) {
contentPolicy = config.readAppProperty(AppProperty.SECURITY_HTTP_CONFIG_CSP_HEADER);
} else {
contentPolicy = config.readSettingAsString(PwmSetting.SECURITY_CSP_HEADER);
}
if (contentPolicy != null && !contentPolicy.isEmpty()) {
final String nonce = pwmRequest.getCspNonce();
final String expandedPolicy = contentPolicy.replace("%NONCE%", nonce);
resp.setHeader(HttpHeader.ContentSecurityPolicy, expandedPolicy);
}
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
Configuration(password.pwm.config.Configuration)
PwmResponse(password.pwm.http.PwmResponse)
PwmSession(password.pwm.http.PwmSession)
Aggregations
PwmSession (password.pwm.http.PwmSession)74
PwmApplication (password.pwm.PwmApplication)55
ErrorInformation (password.pwm.error.ErrorInformation)38
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)30
PwmOperationalException (password.pwm.error.PwmOperationalException)29
Configuration (password.pwm.config.Configuration)21
UserIdentity (password.pwm.bean.UserIdentity)20
FormConfiguration (password.pwm.config.value.data.FormConfiguration)19
PwmException (password.pwm.error.PwmException)14
ChaiUser (com.novell.ldapchai.ChaiUser)12
ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)12
UserInfo (password.pwm.ldap.UserInfo)12
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)11
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)9
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9
IOException (java.io.IOException)9
Instant (java.time.Instant)9
RestResultBean (password.pwm.ws.server.RestResultBean)9
ServletException (javax.servlet.ServletException)8
MacroMachine (password.pwm.util.macro.MacroMachine)8
