Examples with PwmSession password.pwm.http.PwmSession used on opensource projects

Example 11 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class ConfigManagerServlet method restLockConfiguration.

private void restLockConfiguration(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    if (PwmConstants.TRIAL_MODE) {
        final String msg = LocaleHelper.getLocalizedMessage(Admin.Notice_TrialRestrictConfig, pwmRequest);
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_TRIAL_VIOLATION, msg);
        final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
        LOGGER.debug(pwmSession, errorInfo);
        pwmRequest.outputJsonResult(restResultBean);
        return;
    }
    if (!pwmSession.isAuthenticated()) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_AUTHENTICATION_REQUIRED, "You must be authenticated before restricting the configuration");
        final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
        LOGGER.debug(pwmSession, errorInfo);
        pwmRequest.outputJsonResult(restResultBean);
        return;
    }
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.PWMADMIN)) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "You must be authenticated with admin privileges before restricting the configuration");
        final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
        LOGGER.debug(pwmSession, errorInfo);
        pwmRequest.outputJsonResult(restResultBean);
        return;
    }
    try {
        final StoredConfigurationImpl storedConfiguration = readCurrentConfiguration(pwmRequest);
        if (!storedConfiguration.hasPassword()) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] { "Please set a configuration password before restricting the configuration" });
            final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
            LOGGER.debug(pwmSession, errorInfo);
            pwmRequest.outputJsonResult(restResultBean);
            return;
        }
        storedConfiguration.writeConfigProperty(ConfigurationProperty.CONFIG_IS_EDITABLE, "false");
        saveConfiguration(pwmRequest, storedConfiguration);
        final ConfigManagerBean configManagerBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ConfigManagerBean.class);
        configManagerBean.setConfiguration(null);
    } catch (PwmException e) {
        final ErrorInformation errorInfo = e.getErrorInformation();
        final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
        LOGGER.debug(pwmSession, errorInfo.toDebugStr());
        pwmRequest.outputJsonResult(restResultBean);
        return;
    } catch (Exception e) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
        final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
        LOGGER.debug(pwmSession, errorInfo.toDebugStr());
        pwmRequest.outputJsonResult(restResultBean);
        return;
    }
    final HashMap<String, String> resultData = new HashMap<>();
    LOGGER.info(pwmSession, "Configuration Locked");
    pwmRequest.outputJsonResult(RestResultBean.withData(resultData));
}

Example 12 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class GuestRegistrationServlet method handleSearchRequest.

protected void handleSearchRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    LOGGER.trace(pwmRequest, "Enter: handleSearchRequest(...)");
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ChaiProvider chaiProvider = pwmSession.getSessionManager().getChaiProvider();
    final Configuration config = pwmApplication.getConfig();
    final String adminDnAttribute = config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE);
    final Boolean origAdminOnly = config.readSettingAsBoolean(PwmSetting.GUEST_EDIT_ORIG_ADMIN_ONLY);
    final String usernameParam = pwmRequest.readParameterAsString("username");
    final GuestRegistrationBean guBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
    final SearchConfiguration searchConfiguration = SearchConfiguration.builder().chaiProvider(chaiProvider).contexts(Collections.singletonList(config.readSettingAsString(PwmSetting.GUEST_CONTEXT))).enableContextValidation(false).username(usernameParam).build();
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    try {
        final UserIdentity theGuest = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
        final FormMap formProps = guBean.getFormValues();
        try {
            final List<FormConfiguration> guestUpdateForm = config.readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
            final Set<String> involvedAttrs = new HashSet<>();
            for (final FormConfiguration formItem : guestUpdateForm) {
                if (!formItem.getName().equalsIgnoreCase(HTTP_PARAM_EXPIRATION_DATE)) {
                    involvedAttrs.add(formItem.getName());
                }
            }
            final UserInfo guestUserInfo = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), pwmRequest.getLocale(), theGuest, pwmSession.getSessionManager().getChaiProvider());
            final Map<String, String> userAttrValues = guestUserInfo.readStringAttributes(involvedAttrs);
            if (origAdminOnly && adminDnAttribute != null && adminDnAttribute.length() > 0) {
                final String origAdminDn = userAttrValues.get(adminDnAttribute);
                if (origAdminDn != null && origAdminDn.length() > 0) {
                    if (!pwmSession.getUserInfo().getUserIdentity().getUserDN().equalsIgnoreCase(origAdminDn)) {
                        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ORIG_ADMIN_ONLY);
                        setLastError(pwmRequest, info);
                        LOGGER.warn(pwmSession, info);
                        this.forwardToJSP(pwmRequest, guestRegistrationBean);
                    }
                }
            }
            final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            if (expirationAttribute != null && expirationAttribute.length() > 0) {
                final Instant expiration = guestUserInfo.readDateAttribute(expirationAttribute);
                if (expiration != null) {
                    guBean.setUpdateUserExpirationDate(expiration);
                }
            }
            for (final FormConfiguration formItem : guestUpdateForm) {
                final String key = formItem.getName();
                final String value = userAttrValues.get(key);
                if (value != null) {
                    formProps.put(key, value);
                }
            }
            guBean.setUpdateUserIdentity(theGuest);
            this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
            return;
        } catch (PwmUnrecoverableException e) {
            LOGGER.warn(pwmSession, "error reading current attributes for user: " + e.getMessage());
        }
    } catch (PwmOperationalException e) {
        final ErrorInformation error = e.getErrorInformation();
        setLastError(pwmRequest, error);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
        return;
    }
    this.forwardToJSP(pwmRequest, guestRegistrationBean);
}

Example 13 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class GuestRegistrationServlet method handleCreateRequest.

private void handleCreateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final Configuration config = pwmApplication.getConfig();
    final Locale locale = ssBean.getLocale();
    final List<FormConfiguration> guestUserForm = config.readSettingAsForm(PwmSetting.GUEST_FORM);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, guestUserForm, locale);
        // read the expiration date from the request.
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, locale);
        // read new user DN
        final String guestUserDN = determineUserDN(formValues, config);
        // read a chai provider to make the user
        final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
        // set up the user creation attributes
        final Map<String, String> createAttributes = new HashMap<>();
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formItem = entry.getKey();
            final String value = entry.getValue();
            LOGGER.debug(pwmSession, "Attribute from form: " + formItem.getName() + " = " + value);
            final String n = formItem.getName();
            final String v = formValues.get(formItem);
            if (n != null && n.length() > 0 && v != null && v.length() > 0) {
                createAttributes.put(n, v);
            }
        }
        // Write creator DN
        createAttributes.put(config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE), pwmSession.getUserInfo().getUserIdentity().getUserDN());
        // read the creation object classes.
        final Set<String> createObjectClasses = new HashSet<>(config.readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
        provider.createEntry(guestUserDN, createObjectClasses, createAttributes);
        LOGGER.info(pwmSession, "created user object: " + guestUserDN);
        final ChaiUser theUser = provider.getEntryFactory().newChaiUser(guestUserDN);
        final UserIdentity userIdentity = new UserIdentity(guestUserDN, pwmSession.getUserInfo().getUserIdentity().getLdapProfileID());
        // write the expiration date:
        if (expirationDate != null) {
            final String expirationAttr = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            theUser.writeDateAttribute(expirationAttr, expirationDate);
        }
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, pwmSession.getLabel(), userIdentity, theUser, locale);
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), passwordPolicy, pwmApplication);
        theUser.setPassword(newPassword.getStringValue());
        {
            // execute configured actions
            LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final List<ActionConfiguration> actions = pwmApplication.getConfig().readSettingAsAction(PwmSetting.GUEST_WRITE_ATTRIBUTES);
            if (actions != null && !actions.isEmpty()) {
                final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
                final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, theUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
                actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
            }
        }
        // everything good so forward to success page.
        this.sendGuestUserEmailConfirmation(pwmRequest, userIdentity);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateGuest);
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, "error creating user: " + e.getMessage());
        setLastError(pwmRequest, info);
        LOGGER.warn(pwmSession, info);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    }
}

Example 14 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class SetupResponsesServlet method restValidateResponses.

@ActionHandler(action = "validateResponses")
private ProcessStatus restValidateResponses(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final SetupResponsesBean setupResponsesBean = getSetupResponseBean(pwmRequest);
    final Instant startTime = Instant.now();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final String responseModeParam = pwmRequest.readParameterAsString("responseMode");
    final SetupResponsesBean.SetupData setupData = "helpdesk".equalsIgnoreCase(responseModeParam) ? setupResponsesBean.getHelpdeskResponseData() : setupResponsesBean.getResponseData();
    boolean success = true;
    String userMessage = Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_ResponsesMeetRules, pwmApplication.getConfig());
    try {
        // read in the responses from the request
        final Map<Challenge, String> responseMap = readResponsesFromJsonRequest(pwmRequest, setupData);
        final int minRandomRequiredSetup = setupData.getMinRandomSetup();
        pwmApplication.getCrService().validateResponses(setupData.getChallengeSet(), responseMap, minRandomRequiredSetup);
        generateResponseInfoBean(pwmRequest, setupData.getChallengeSet(), responseMap, Collections.emptyMap());
    } catch (PwmDataValidationException e) {
        success = false;
        userMessage = e.getErrorInformation().toUserStr(pwmSession, pwmApplication);
    }
    final ValidationResponseBean validationResponseBean = new ValidationResponseBean(userMessage, success);
    final RestResultBean restResultBean = RestResultBean.withData(validationResponseBean);
    LOGGER.trace(pwmRequest, "completed rest validate response in " + TimeDuration.fromCurrent(startTime).asCompactString() + ", result=" + JsonUtil.serialize(restResultBean));
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}

Example 15 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class SetupResponsesServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final SetupResponsesBean setupResponsesBean = getSetupResponseBean(pwmRequest);
    if (!pwmSession.isAuthenticated()) {
        pwmRequest.respondWithError(PwmError.ERROR_AUTHENTICATION_REQUIRED.toInfo());
        return ProcessStatus.Halt;
    }
    if (pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_WITHOUT_PASSWORD) {
        throw new PwmUnrecoverableException(PwmError.ERROR_PASSWORD_REQUIRED);
    }
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.CHALLENGE_ENABLE)) {
        throw new PwmUnrecoverableException(PwmError.ERROR_SERVICE_NOT_AVAILABLE);
    }
    // check to see if the user is permitted to setup responses
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.SETUP_RESPONSE)) {
        throw new PwmUnrecoverableException(PwmError.ERROR_UNAUTHORIZED);
    }
    // check if the locale has changed since first seen.
    if (pwmSession.getSessionStateBean().getLocale() != pwmApplication.getSessionStateService().getBean(pwmRequest, SetupResponsesBean.class).getUserLocale()) {
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, SetupResponsesBean.class);
        pwmApplication.getSessionStateService().getBean(pwmRequest, SetupResponsesBean.class).setUserLocale(pwmSession.getSessionStateBean().getLocale());
    }
    initializeBean(pwmRequest, setupResponsesBean);
    // check to see if the user has any challenges assigned
    final UserInfo uiBean = pwmSession.getUserInfo();
    if (setupResponsesBean.getResponseData().getChallengeSet() == null || setupResponsesBean.getResponseData().getChallengeSet().getChallenges().isEmpty()) {
        final String errorMsg = "no challenge sets configured for user " + uiBean.getUserIdentity();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
        LOGGER.debug(pwmSession, errorInformation);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return ProcessStatus.Continue;
}