Examples with PwmSession password.pwm.http.PwmSession used on opensource projects

Search in sources :

Example 16 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class ActivateUserServlet method handleActivateRequest.

@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            throw new PwmUnrecoverableException(errorInfo);
        }
    }
    pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
    final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        // read the values from the request
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
        // check for intruders
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // read the context attr
        final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
        // read the profile attr
        final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
        // read an ldap user object based on the params
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
        }
        ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
        final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
        if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
            final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
            pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            throw new PwmUnrecoverableException(errorInformation);
        }
        final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
        activateUserBean.setUserIdentity(userIdentity);
        activateUserBean.setFormValidated(true);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
    } catch (PwmOperationalException e) {
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
    }
    return ProcessStatus.Continue;
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) Configuration(password.pwm.config.Configuration) HashMap(java.util.HashMap) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActivateUserBean(password.pwm.http.bean.ActivateUserBean) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) UserPermission(password.pwm.config.value.data.UserPermission)

Example 17 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class ConfigEditorServlet method restFinishEditing.

@ActionHandler(action = "finishEditing")
private ProcessStatus restFinishEditing(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException {
    final ConfigManagerBean configManagerBean = getBean(pwmRequest);
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final List<String> validationErrors = configManagerBean.getStoredConfiguration().validateValues();
    if (!validationErrors.isEmpty()) {
        final String errorString = validationErrors.get(0);
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorString, new String[] { errorString });
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInfo, pwmRequest));
        LOGGER.error(pwmSession, errorInfo);
        return ProcessStatus.Halt;
    } else {
        try {
            ConfigManagerServlet.saveConfiguration(pwmRequest, configManagerBean.getStoredConfiguration());
            configManagerBean.setConfiguration(null);
            configManagerBean.setConfiguration(null);
            LOGGER.debug(pwmSession, "save configuration operation completed");
            pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown));
        } catch (PwmUnrecoverableException e) {
            final ErrorInformation errorInfo = e.getErrorInformation();
            pwmRequest.outputJsonResult(RestResultBean.fromError(errorInfo, pwmRequest));
            LOGGER.error(pwmSession, errorInfo);
        }
    }
    return ProcessStatus.Halt;
}
Also used : ConfigManagerBean(password.pwm.http.bean.ConfigManagerBean) ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmSession(password.pwm.http.PwmSession)

Example 18 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class ConfigGuideUtils method restUploadConfig.

public static void restUploadConfig(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final HttpServletRequest req = pwmRequest.getHttpServletRequest();
    if (pwmApplication.getApplicationMode() == PwmApplicationMode.RUNNING) {
        final String errorMsg = "config upload is not permitted when in running mode";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, errorMsg, new String[] { errorMsg });
        pwmRequest.respondWithError(errorInformation, true);
    }
    if (ServletFileUpload.isMultipartContent(req)) {
        final InputStream uploadedFile = pwmRequest.readFileUploadStream(PwmConstants.PARAM_FILE_UPLOAD);
        if (uploadedFile != null) {
            try {
                final StoredConfigurationImpl storedConfig = StoredConfigurationImpl.fromXml(uploadedFile);
                final List<String> configErrors = storedConfig.validateValues();
                if (configErrors != null && !configErrors.isEmpty()) {
                    throw new PwmOperationalException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, configErrors.get(0)));
                }
                ConfigGuideUtils.writeConfig(ContextManager.getContextManager(req.getSession()), storedConfig);
                LOGGER.trace(pwmSession, "read config from file: " + storedConfig.toString());
                final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
                pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
                req.getSession().invalidate();
            } catch (PwmException e) {
                final RestResultBean restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
                pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
                LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
            }
        } else {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, "error reading config file: no file present in upload");
            final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
            pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
            LOGGER.error(pwmSession, errorInformation.toDebugStr());
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl) InputStream(java.io.InputStream) PwmSession(password.pwm.http.PwmSession) PwmOperationalException(password.pwm.error.PwmOperationalException) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 19 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class GuestRegistrationServlet method sendGuestUserEmailConfirmation.

private void sendGuestUserEmailConfirmation(final PwmRequest pwmRequest, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final Locale locale = pwmSession.getSessionStateBean().getLocale();
    final EmailItemBean configuredEmailSetting = config.readSettingAsEmail(PwmSetting.EMAIL_GUEST, locale);
    if (configuredEmailSetting == null) {
        LOGGER.debug(pwmSession, "unable to send guest registration email for '" + userIdentity + "' no email configured");
        return;
    }
    final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
    pwmApplication.getEmailQueue().submitEmail(configuredEmailSetting, null, macroMachine);
}
Also used : Locale(java.util.Locale) PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) EmailItemBean(password.pwm.bean.EmailItemBean) MacroMachine(password.pwm.util.macro.MacroMachine) PwmSession(password.pwm.http.PwmSession)

Example 20 with PwmSession

use of password.pwm.http.PwmSession in project pwm by pwm-project.

the class GuestRegistrationServlet method handleUpdateRequest.

protected void handleUpdateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    // Fetch the session state bean.
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final List<FormConfiguration> formItems = pwmApplication.getConfig().readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
    final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItems, pwmRequest.getLocale());
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        // read current values from user.
        final ChaiUser theGuest = pwmSession.getSessionManager().getActor(pwmApplication, guestRegistrationBean.getUpdateUserIdentity());
        // check unique fields against ldap
        FormUtility.validateFormValueUniqueness(pwmApplication, formValues, ssBean.getLocale(), Collections.singletonList(guestRegistrationBean.getUpdateUserIdentity()));
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // Update user attributes
        LdapOperationsHelper.writeFormValuesToLdap(pwmApplication, pwmSession.getSessionManager().getMacroMachine(pwmApplication), theGuest, formValues, false);
        // Write expirationDate
        if (expirationDate != null) {
            theGuest.writeDateAttribute(expirationAttribute, expirationDate);
        }
        // send email.
        final UserInfo guestUserInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmRequest.getSessionLabel(), pwmRequest.getLocale(), guestRegistrationBean.getUpdateUserIdentity(), theGuest.getChaiProvider());
        this.sendUpdateGuestEmailConfirmation(pwmRequest, guestUserInfoBean);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.UPDATED_GUESTS);
        // everything good so forward to confirmation page.
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateGuest);
        return;
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error writing to ldap: " + e.getMessage());
        LOGGER.error(pwmSession, info);
        setLastError(pwmRequest, info);
    }
    this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) Instant(java.time.Instant) UserInfo(password.pwm.ldap.UserInfo) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmSession(password.pwm.http.PwmSession)

Aggregations

PwmSession (password.pwm.http.PwmSession)74 PwmApplication (password.pwm.PwmApplication)55 ErrorInformation (password.pwm.error.ErrorInformation)38 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)30 PwmOperationalException (password.pwm.error.PwmOperationalException)29 Configuration (password.pwm.config.Configuration)21 UserIdentity (password.pwm.bean.UserIdentity)20 FormConfiguration (password.pwm.config.value.data.FormConfiguration)19 PwmException (password.pwm.error.PwmException)14 ChaiUser (com.novell.ldapchai.ChaiUser)12 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)12 UserInfo (password.pwm.ldap.UserInfo)12 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)11 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)9 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 IOException (java.io.IOException)9 Instant (java.time.Instant)9 RestResultBean (password.pwm.ws.server.RestResultBean)9 ServletException (javax.servlet.ServletException)8 MacroMachine (password.pwm.util.macro.MacroMachine)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial