use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class SessionFilter method handleStandardRequestOperations.
private ProcessStatus handleStandardRequestOperations(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmRequest.getConfig();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
final PwmResponse resp = pwmRequest.getPwmResponse();
// debug the http session headers
if (!pwmSession.getSessionStateBean().isDebugInitialized()) {
LOGGER.trace(pwmSession, pwmRequest.debugHttpHeaders());
pwmSession.getSessionStateBean().setDebugInitialized(true);
}
try {
pwmApplication.getSessionStateService().readLoginSessionState(pwmRequest);
} catch (PwmUnrecoverableException e) {
LOGGER.warn(pwmRequest, "error while reading login session state: " + e.getMessage());
}
// mark last url
if (!new PwmURL(pwmRequest.getHttpServletRequest()).isCommandServletURL()) {
ssBean.setLastRequestURL(pwmRequest.getHttpServletRequest().getRequestURI());
}
// mark last request time.
ssBean.setSessionLastAccessedTime(Instant.now());
// check the page leave notice
if (checkPageLeaveNotice(pwmSession, config)) {
LOGGER.warn("invalidating session due to dirty page leave time greater then configured timeout");
pwmRequest.invalidateSession();
resp.sendRedirect(pwmRequest.getHttpServletRequest().getRequestURI());
return ProcessStatus.Halt;
}
// override session locale due to parameter
handleLocaleParam(pwmRequest);
// set the session's theme
handleThemeParam(pwmRequest);
// check the sso override flag
handleSsoOverrideParam(pwmRequest);
// check for session verification failure
if (!ssBean.isSessionVerified()) {
// ignore resource requests
final SessionVerificationMode mode = config.readSettingAsEnum(PwmSetting.ENABLE_SESSION_VERIFICATION, SessionVerificationMode.class);
if (mode == SessionVerificationMode.OFF) {
ssBean.setSessionVerified(true);
} else {
if (verifySession(pwmRequest, mode) == ProcessStatus.Halt) {
return ProcessStatus.Halt;
}
}
}
{
final String forwardURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_FORWARD_URL);
final String forwardURL = pwmRequest.readParameterAsString(forwardURLParamName);
if (forwardURL != null && forwardURL.length() > 0) {
try {
checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), forwardURL);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation());
return ProcessStatus.Halt;
}
ssBean.setForwardURL(forwardURL);
LOGGER.debug(pwmRequest, "forwardURL parameter detected in request, setting session forward url to " + forwardURL);
}
}
{
final String logoutURLParamName = config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOGOUT_URL);
final String logoutURL = pwmRequest.readParameterAsString(logoutURLParamName);
if (logoutURL != null && logoutURL.length() > 0) {
try {
checkUrlAgainstWhitelist(pwmApplication, pwmRequest.getSessionLabel(), logoutURL);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation());
return ProcessStatus.Halt;
}
ssBean.setLogoutURL(logoutURL);
LOGGER.debug(pwmRequest, "logoutURL parameter detected in request, setting session logout url to " + logoutURL);
}
}
{
final String expireParamName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED);
if ("true".equalsIgnoreCase(pwmRequest.readParameterAsString(expireParamName))) {
LOGGER.debug(pwmSession, "detected param '" + expireParamName + "'=true in request, will force pw change");
pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
}
}
// update last request time.
ssBean.setSessionLastAccessedTime(Instant.now());
if (pwmApplication.getStatisticsManager() != null) {
pwmApplication.getStatisticsManager().incrementValue(Statistic.HTTP_REQUESTS);
}
return ProcessStatus.Continue;
}
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class ClientApiServlet method makeClientData.
private static Map<String, Object> makeClientData(final PwmApplication pwmApplication, final PwmSession pwmSession, final HttpServletRequest request, final HttpServletResponse response, final String pageUrl) throws ChaiUnavailableException, PwmUnrecoverableException {
final Locale userLocale = pwmSession.getSessionStateBean().getLocale();
final Configuration config = pwmApplication.getConfig();
final TreeMap<String, Object> settingMap = new TreeMap<>();
settingMap.put("client.ajaxTypingTimeout", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_AJAX_TYPING_TIMEOUT)));
settingMap.put("client.ajaxTypingWait", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_AJAX_TYPING_WAIT)));
settingMap.put("client.activityMaxEpsRate", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_ACTIVITY_MAX_EPS_RATE)));
settingMap.put("client.js.enableHtml5Dialog", Boolean.parseBoolean(config.readAppProperty(AppProperty.CLIENT_JS_ENABLE_HTML5DIALOG)));
settingMap.put("client.locale", LocaleHelper.getBrowserLocaleString(pwmSession.getSessionStateBean().getLocale()));
settingMap.put("client.pwShowRevertTimeout", Integer.parseInt(config.readAppProperty(AppProperty.CLIENT_PW_SHOW_REVERT_TIMEOUT)));
settingMap.put("enableIdleTimeout", config.readSettingAsBoolean(PwmSetting.DISPLAY_IDLE_TIMEOUT));
settingMap.put("pageLeaveNotice", config.readSettingAsLong(PwmSetting.SECURITY_PAGE_LEAVE_NOTICE_TIMEOUT));
settingMap.put("setting-showHidePasswordFields", pwmApplication.getConfig().readSettingAsBoolean(password.pwm.config.PwmSetting.DISPLAY_SHOW_HIDE_PASSWORD_FIELDS));
settingMap.put("setting-displayEula", PwmConstants.ENABLE_EULA_DISPLAY);
settingMap.put("setting-showStrengthMeter", config.readSettingAsBoolean(PwmSetting.PASSWORD_SHOW_STRENGTH_METER));
{
long idleSeconds = config.readSettingAsLong(PwmSetting.IDLE_TIMEOUT_SECONDS);
if (pageUrl == null || pageUrl.isEmpty()) {
LOGGER.warn(pwmSession, "request to /client data did not include pageUrl");
} else {
try {
final PwmURL pwmURL = new PwmURL(new URI(pageUrl), request.getContextPath());
final TimeDuration maxIdleTime = IdleTimeoutCalculator.idleTimeoutForRequest(pwmURL, pwmApplication, pwmSession);
idleSeconds = maxIdleTime.getTotalSeconds();
} catch (Exception e) {
LOGGER.error(pwmSession, "error determining idle timeout time for request: " + e.getMessage());
}
}
settingMap.put("MaxInactiveInterval", idleSeconds);
}
settingMap.put("paramName.locale", config.readAppProperty(AppProperty.HTTP_PARAM_NAME_LOCALE));
settingMap.put("runtimeNonce", pwmApplication.getRuntimeNonce());
settingMap.put("applicationMode", pwmApplication.getApplicationMode());
final String contextPath = request.getContextPath();
settingMap.put("url-context", contextPath);
settingMap.put("url-logout", contextPath + PwmServletDefinition.Logout.servletUrl());
settingMap.put("url-command", contextPath + PwmServletDefinition.PublicCommand.servletUrl());
settingMap.put("url-resources", contextPath + "/public/resources" + pwmApplication.getResourceServletService().getResourceNonce());
settingMap.put("url-restservice", contextPath + "/public/rest");
{
String passwordGuideText = pwmApplication.getConfig().readSettingAsLocalizedString(PwmSetting.DISPLAY_PASSWORD_GUIDE_TEXT, pwmSession.getSessionStateBean().getLocale());
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
passwordGuideText = macroMachine.expandMacros(passwordGuideText);
settingMap.put("passwordGuideText", passwordGuideText);
}
{
final List<String> formTypeOptions = new ArrayList<>();
for (final FormConfiguration.Type type : FormConfiguration.Type.values()) {
formTypeOptions.add(type.toString());
}
settingMap.put("formTypeOptions", formTypeOptions);
}
{
final List<String> actionTypeOptions = new ArrayList<>();
for (final ActionConfiguration.Type type : ActionConfiguration.Type.values()) {
actionTypeOptions.add(type.toString());
}
settingMap.put("actionTypeOptions", actionTypeOptions);
}
{
final List<String> epsTypes = new ArrayList<>();
for (final EpsStatistic loopEpsType : EpsStatistic.values()) {
epsTypes.add(loopEpsType.toString());
}
settingMap.put("epsTypes", epsTypes);
}
{
final List<String> epsDurations = new ArrayList<>();
for (final Statistic.EpsDuration loopEpsDuration : Statistic.EpsDuration.values()) {
epsDurations.add(loopEpsDuration.toString());
}
settingMap.put("epsDurations", epsDurations);
}
{
final Map<String, String> localeInfo = new LinkedHashMap<>();
final Map<String, String> localeDisplayNames = new LinkedHashMap<>();
final Map<String, String> localeFlags = new LinkedHashMap<>();
final List<Locale> knownLocales = new ArrayList<>(pwmApplication.getConfig().getKnownLocales());
knownLocales.sort(LocaleHelper.localeComparator(PwmConstants.DEFAULT_LOCALE));
for (final Locale locale : knownLocales) {
final String flagCode = pwmApplication.getConfig().getKnownLocaleFlagMap().get(locale);
localeFlags.put(locale.toString(), flagCode);
localeInfo.put(locale.toString(), locale.getDisplayName(PwmConstants.DEFAULT_LOCALE) + " - " + locale.getDisplayLanguage(userLocale));
localeDisplayNames.put(locale.toString(), locale.getDisplayLanguage());
}
settingMap.put("localeInfo", localeInfo);
settingMap.put("localeDisplayNames", localeDisplayNames);
settingMap.put("localeFlags", localeFlags);
settingMap.put("defaultLocale", PwmConstants.DEFAULT_LOCALE.toString());
}
if (pwmApplication.getConfig().readSettingAsEnum(PwmSetting.LDAP_SELECTABLE_CONTEXT_MODE, SelectableContextMode.class) != SelectableContextMode.NONE) {
final Map<String, Map<String, String>> ldapProfiles = new LinkedHashMap<>();
for (final String ldapProfile : pwmApplication.getConfig().getLdapProfiles().keySet()) {
final Map<String, String> contexts = pwmApplication.getConfig().getLdapProfiles().get(ldapProfile).getSelectableContexts(pwmApplication);
ldapProfiles.put(ldapProfile, contexts);
}
settingMap.put("ldapProfiles", ldapProfiles);
}
return settingMap;
}
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class LoginServlet method determinePostLoginUrl.
private static String determinePostLoginUrl(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
final LoginServletBean loginServletBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, LoginServletBean.class);
final String decryptedValue = loginServletBean.getNextUrl();
if (decryptedValue != null && !decryptedValue.isEmpty()) {
final PwmURL originalPwmURL = new PwmURL(URI.create(decryptedValue), pwmRequest.getContextPath());
if (!originalPwmURL.isLoginServlet()) {
loginServletBean.setNextUrl(null);
return decryptedValue;
}
}
return pwmRequest.getContextPath();
}
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class AbstractPwmFilter method doFilter.
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) servletRequest;
final HttpServletResponse resp = (HttpServletResponse) servletResponse;
final PwmApplicationMode mode = PwmApplicationMode.determineMode(req);
final boolean interested;
try {
final PwmURL pwmURL = new PwmURL(req);
interested = isInterested(mode, pwmURL);
} catch (Exception e) {
LOGGER.error("unexpected error processing filter chain during isInterested(): " + e.getMessage(), e);
resp.sendError(500, "unexpected error processing filter chain during isInterested");
return;
}
if (interested) {
PwmRequest pwmRequest = null;
try {
pwmRequest = PwmRequest.forRequest(req, resp);
} catch (PwmException e) {
final PwmURL pwmURL = new PwmURL(req);
if (pwmURL.isResourceURL()) {
filterChain.doFilter(req, resp);
return;
}
LOGGER.error(pwmRequest, "unexpected error processing filter chain: " + e.getMessage(), e);
}
try {
final PwmFilterChain pwmFilterChain = new PwmFilterChain(servletRequest, servletResponse, filterChain);
processFilter(mode, pwmRequest, pwmFilterChain);
} catch (PwmException e) {
LOGGER.error(pwmRequest, "unexpected error processing filter chain: " + e.getMessage(), e);
} catch (IOException e) {
LOGGER.debug(pwmRequest, "i/o error processing request: " + e.getMessage());
}
} else {
filterChain.doFilter(req, resp);
}
}
use of password.pwm.http.PwmURL in project pwm by pwm-project.
the class AuthenticationFilter method forceRequiredRedirects.
public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmURL pwmURL = pwmRequest.getURL();
final UserInfo userInfo = pwmSession.getUserInfo();
final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
return ProcessStatus.Continue;
}
if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
return ProcessStatus.Continue;
}
// high priority pw change
if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
if (!pwmURL.isChangePasswordURL()) {
LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
// if change password in progress and req is for ChangePassword servlet, then allow request as is
if (pwmURL.isChangePasswordURL()) {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
if (progressTracker != null && progressTracker.getBeginTime() != null) {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresResponseConfig()) {
if (!pwmURL.isSetupResponsesURL()) {
LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
if (!pwmURL.isSetupOtpSecretURL()) {
LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresUpdateProfile()) {
if (!pwmURL.isProfileUpdateURL()) {
LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (!pwmURL.isChangePasswordURL()) {
if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
return ProcessStatus.Continue;
}
Aggregations