use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.
the class ChangePasswordServlet method processCompleteAction.
@ActionHandler(action = "complete")
public ProcessStatus processCompleteAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
boolean isComplete = true;
if (progressTracker != null) {
final PasswordChangeProgressChecker checker = new PasswordChangeProgressChecker(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), pwmRequest.getSessionLabel(), pwmRequest.getLocale());
final PasswordChangeProgressChecker.PasswordChangeProgress passwordChangeProgress = checker.figureProgress(progressTracker);
isComplete = passwordChangeProgress.isComplete();
}
if (isComplete) {
if (progressTracker != null) {
final TimeDuration totalTime = TimeDuration.fromCurrent(progressTracker.getBeginTime());
try {
pwmRequest.getPwmApplication().getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_SYNC_TIME, totalTime.getTotalMilliseconds());
LOGGER.trace(pwmRequest, "password sync process marked completed (" + totalTime.asCompactString() + ")");
} catch (Exception e) {
LOGGER.error(pwmRequest, "unable to update average password sync time statistic: " + e.getMessage());
}
}
cpb.setChangeProgressTracker(null);
final Locale locale = pwmRequest.getLocale();
final String completeMessage = pwmRequest.getConfig().readSettingAsLocalizedString(PwmSetting.PASSWORD_COMPLETE_MESSAGE, locale);
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ChangePasswordBean.class);
if (completeMessage != null && !completeMessage.isEmpty()) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
final String expandedText = macroMachine.expandMacros(completeMessage);
pwmRequest.setAttribute(PwmRequestAttribute.CompleteText, expandedText);
pwmRequest.forwardToJsp(JspUrl.PASSWORD_COMPLETE);
} else {
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordChange);
}
} else {
forwardToWaitPage(pwmRequest);
}
return ProcessStatus.Halt;
}
use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.
the class AuthenticationFilter method forceRequiredRedirects.
public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmURL pwmURL = pwmRequest.getURL();
final UserInfo userInfo = pwmSession.getUserInfo();
final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
return ProcessStatus.Continue;
}
if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
return ProcessStatus.Continue;
}
// high priority pw change
if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
if (!pwmURL.isChangePasswordURL()) {
LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
// if change password in progress and req is for ChangePassword servlet, then allow request as is
if (pwmURL.isChangePasswordURL()) {
final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
if (progressTracker != null && progressTracker.getBeginTime() != null) {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresResponseConfig()) {
if (!pwmURL.isSetupResponsesURL()) {
LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
if (!pwmURL.isSetupOtpSecretURL()) {
LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (userInfo.isRequiresUpdateProfile()) {
if (!pwmURL.isProfileUpdateURL()) {
LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
if (!pwmURL.isChangePasswordURL()) {
if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
return ProcessStatus.Halt;
} else {
return ProcessStatus.Continue;
}
}
return ProcessStatus.Continue;
}
use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.
the class ChangePasswordServlet method preProcessCheck.
@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ChangePasswordBean changePasswordBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
if (pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_WITHOUT_PASSWORD) {
throw new PwmUnrecoverableException(PwmError.ERROR_PASSWORD_REQUIRED);
}
if (!pwmRequest.isAuthenticated()) {
pwmRequest.respondWithError(PwmError.ERROR_AUTHENTICATION_REQUIRED.toInfo());
LOGGER.debug(pwmRequest, "rejecting action request for unauthenticated session");
return ProcessStatus.Halt;
}
if (ChangePasswordServletUtil.determineIfCurrentPasswordRequired(pwmApplication, pwmSession)) {
changePasswordBean.setCurrentPasswordRequired(true);
}
if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.CHANGE_PASSWORD)) {
pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
return ProcessStatus.Halt;
}
ChangePasswordServletUtil.checkMinimumLifetime(pwmApplication, pwmSession, changePasswordBean, pwmSession.getUserInfo());
return ProcessStatus.Continue;
}
use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.
the class ChangePasswordServlet method processChangeAction.
@ActionHandler(action = "change")
ProcessStatus processChangeAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
final ChangePasswordBean changePasswordBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
if (!changePasswordBean.isAllChecksPassed()) {
return ProcessStatus.Continue;
}
final PasswordData password1 = pwmRequest.readParameterAsPassword("password1");
final PasswordData password2 = pwmRequest.readParameterAsPassword("password2");
// check the password meets the requirements
try {
final ChaiUser theUser = pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication());
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmRequest.getPwmApplication(), userInfo.getPasswordPolicy());
final PasswordData oldPassword = pwmRequest.getPwmSession().getLoginInfoBean().getUserCurrentPassword();
pwmPasswordRuleValidator.testPassword(password1, oldPassword, userInfo, theUser);
} catch (PwmDataValidationException e) {
setLastError(pwmRequest, e.getErrorInformation());
LOGGER.debug(pwmRequest, "failed password validation check: " + e.getErrorInformation().toDebugStr());
return ProcessStatus.Continue;
}
// make sure the two passwords match
final boolean caseSensitive = userInfo.getPasswordPolicy().getRuleHelper().readBooleanValue(PwmPasswordRule.CaseSensitive);
if (PasswordUtility.PasswordCheckInfo.MatchStatus.MATCH != PasswordUtility.figureMatchStatus(caseSensitive, password1, password2)) {
setLastError(pwmRequest, PwmError.PASSWORD_DOESNOTMATCH.toInfo());
forwardToChangePage(pwmRequest);
return ProcessStatus.Continue;
}
try {
ChangePasswordServletUtil.executeChangePassword(pwmRequest, password1);
} catch (PwmOperationalException e) {
LOGGER.debug(e.getErrorInformation().toDebugStr());
setLastError(pwmRequest, e.getErrorInformation());
}
return ProcessStatus.Continue;
}
use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.
the class ChangePasswordServletUtil method executeChangePassword.
static void executeChangePassword(final PwmRequest pwmRequest, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
// password accepted, setup change password
final ChangePasswordBean cpb = pwmApplication.getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
// change password
PasswordUtility.setActorPassword(pwmSession, pwmApplication, newPassword);
// init values for progress screen
{
final PasswordChangeProgressChecker.ProgressTracker tracker = new PasswordChangeProgressChecker.ProgressTracker();
final PasswordChangeProgressChecker checker = new PasswordChangeProgressChecker(pwmApplication, pwmSession.getUserInfo().getUserIdentity(), pwmSession.getLabel(), pwmSession.getSessionStateBean().getLocale());
cpb.setChangeProgressTracker(tracker);
cpb.setChangePasswordMaxCompletion(checker.maxCompletionTime(tracker));
}
// send user an email confirmation
ChangePasswordServletUtil.sendChangePasswordEmailNotice(pwmSession, pwmApplication);
// send audit event
pwmApplication.getAuditManager().submit(AuditEvent.CHANGE_PASSWORD, pwmSession.getUserInfo(), pwmSession);
}
Aggregations