Search in sources :

Example 6 with ChangePasswordBean

use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.

the class ChangePasswordServlet method processCompleteAction.

@ActionHandler(action = "complete")
public ProcessStatus processCompleteAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException {
    final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
    boolean isComplete = true;
    if (progressTracker != null) {
        final PasswordChangeProgressChecker checker = new PasswordChangeProgressChecker(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), pwmRequest.getSessionLabel(), pwmRequest.getLocale());
        final PasswordChangeProgressChecker.PasswordChangeProgress passwordChangeProgress = checker.figureProgress(progressTracker);
        isComplete = passwordChangeProgress.isComplete();
    }
    if (isComplete) {
        if (progressTracker != null) {
            final TimeDuration totalTime = TimeDuration.fromCurrent(progressTracker.getBeginTime());
            try {
                pwmRequest.getPwmApplication().getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_SYNC_TIME, totalTime.getTotalMilliseconds());
                LOGGER.trace(pwmRequest, "password sync process marked completed (" + totalTime.asCompactString() + ")");
            } catch (Exception e) {
                LOGGER.error(pwmRequest, "unable to update average password sync time statistic: " + e.getMessage());
            }
        }
        cpb.setChangeProgressTracker(null);
        final Locale locale = pwmRequest.getLocale();
        final String completeMessage = pwmRequest.getConfig().readSettingAsLocalizedString(PwmSetting.PASSWORD_COMPLETE_MESSAGE, locale);
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ChangePasswordBean.class);
        if (completeMessage != null && !completeMessage.isEmpty()) {
            final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
            final String expandedText = macroMachine.expandMacros(completeMessage);
            pwmRequest.setAttribute(PwmRequestAttribute.CompleteText, expandedText);
            pwmRequest.forwardToJsp(JspUrl.PASSWORD_COMPLETE);
        } else {
            pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordChange);
        }
    } else {
        forwardToWaitPage(pwmRequest);
    }
    return ProcessStatus.Halt;
}
Also used : Locale(java.util.Locale) ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) MacroMachine(password.pwm.util.macro.MacroMachine) TimeDuration(password.pwm.util.java.TimeDuration) PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmDataValidationException(password.pwm.error.PwmDataValidationException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) IOException(java.io.IOException)

Example 7 with ChangePasswordBean

use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.

the class AuthenticationFilter method forceRequiredRedirects.

public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmURL pwmURL = pwmRequest.getURL();
    final UserInfo userInfo = pwmSession.getUserInfo();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
        return ProcessStatus.Continue;
    }
    if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
        return ProcessStatus.Continue;
    }
    // high priority pw change
    if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
        if (!pwmURL.isChangePasswordURL()) {
            LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
            pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    // if change password in progress and req is for ChangePassword servlet, then allow request as is
    if (pwmURL.isChangePasswordURL()) {
        final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
        final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
        if (progressTracker != null && progressTracker.getBeginTime() != null) {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresResponseConfig()) {
        if (!pwmURL.isSetupResponsesURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
        if (!pwmURL.isSetupOtpSecretURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresUpdateProfile()) {
        if (!pwmURL.isProfileUpdateURL()) {
            LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (!pwmURL.isChangePasswordURL()) {
        if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
            LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
            LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    return ProcessStatus.Continue;
}
Also used : ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) LoginInfoBean(password.pwm.bean.LoginInfoBean) PwmURL(password.pwm.http.PwmURL) UserInfo(password.pwm.ldap.UserInfo) PwmSession(password.pwm.http.PwmSession) PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker)

Example 8 with ChangePasswordBean

use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.

the class ChangePasswordServlet method preProcessCheck.

@Override
public ProcessStatus preProcessCheck(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ChangePasswordBean changePasswordBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    if (pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_WITHOUT_PASSWORD) {
        throw new PwmUnrecoverableException(PwmError.ERROR_PASSWORD_REQUIRED);
    }
    if (!pwmRequest.isAuthenticated()) {
        pwmRequest.respondWithError(PwmError.ERROR_AUTHENTICATION_REQUIRED.toInfo());
        LOGGER.debug(pwmRequest, "rejecting action request for unauthenticated session");
        return ProcessStatus.Halt;
    }
    if (ChangePasswordServletUtil.determineIfCurrentPasswordRequired(pwmApplication, pwmSession)) {
        changePasswordBean.setCurrentPasswordRequired(true);
    }
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.CHANGE_PASSWORD)) {
        pwmRequest.respondWithError(PwmError.ERROR_UNAUTHORIZED.toInfo());
        return ProcessStatus.Halt;
    }
    ChangePasswordServletUtil.checkMinimumLifetime(pwmApplication, pwmSession, changePasswordBean, pwmSession.getUserInfo());
    return ProcessStatus.Continue;
}
Also used : ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) PwmApplication(password.pwm.PwmApplication) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmSession(password.pwm.http.PwmSession)

Example 9 with ChangePasswordBean

use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.

the class ChangePasswordServlet method processChangeAction.

@ActionHandler(action = "change")
ProcessStatus processChangeAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
    final ChangePasswordBean changePasswordBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
    if (!changePasswordBean.isAllChecksPassed()) {
        return ProcessStatus.Continue;
    }
    final PasswordData password1 = pwmRequest.readParameterAsPassword("password1");
    final PasswordData password2 = pwmRequest.readParameterAsPassword("password2");
    // check the password meets the requirements
    try {
        final ChaiUser theUser = pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication());
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmRequest.getPwmApplication(), userInfo.getPasswordPolicy());
        final PasswordData oldPassword = pwmRequest.getPwmSession().getLoginInfoBean().getUserCurrentPassword();
        pwmPasswordRuleValidator.testPassword(password1, oldPassword, userInfo, theUser);
    } catch (PwmDataValidationException e) {
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.debug(pwmRequest, "failed password validation check: " + e.getErrorInformation().toDebugStr());
        return ProcessStatus.Continue;
    }
    // make sure the two passwords match
    final boolean caseSensitive = userInfo.getPasswordPolicy().getRuleHelper().readBooleanValue(PwmPasswordRule.CaseSensitive);
    if (PasswordUtility.PasswordCheckInfo.MatchStatus.MATCH != PasswordUtility.figureMatchStatus(caseSensitive, password1, password2)) {
        setLastError(pwmRequest, PwmError.PASSWORD_DOESNOTMATCH.toInfo());
        forwardToChangePage(pwmRequest);
        return ProcessStatus.Continue;
    }
    try {
        ChangePasswordServletUtil.executeChangePassword(pwmRequest, password1);
    } catch (PwmOperationalException e) {
        LOGGER.debug(e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
    }
    return ProcessStatus.Continue;
}
Also used : ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) PasswordData(password.pwm.util.PasswordData) UserInfo(password.pwm.ldap.UserInfo) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 10 with ChangePasswordBean

use of password.pwm.http.bean.ChangePasswordBean in project pwm by pwm-project.

the class ChangePasswordServletUtil method executeChangePassword.

static void executeChangePassword(final PwmRequest pwmRequest, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    // password accepted, setup change password
    final ChangePasswordBean cpb = pwmApplication.getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
    // change password
    PasswordUtility.setActorPassword(pwmSession, pwmApplication, newPassword);
    // init values for progress screen
    {
        final PasswordChangeProgressChecker.ProgressTracker tracker = new PasswordChangeProgressChecker.ProgressTracker();
        final PasswordChangeProgressChecker checker = new PasswordChangeProgressChecker(pwmApplication, pwmSession.getUserInfo().getUserIdentity(), pwmSession.getLabel(), pwmSession.getSessionStateBean().getLocale());
        cpb.setChangeProgressTracker(tracker);
        cpb.setChangePasswordMaxCompletion(checker.maxCompletionTime(tracker));
    }
    // send user an email confirmation
    ChangePasswordServletUtil.sendChangePasswordEmailNotice(pwmSession, pwmApplication);
    // send audit event
    pwmApplication.getAuditManager().submit(AuditEvent.CHANGE_PASSWORD, pwmSession.getUserInfo(), pwmSession);
}
Also used : ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) PwmApplication(password.pwm.PwmApplication) PwmSession(password.pwm.http.PwmSession) PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker)

Aggregations

ChangePasswordBean (password.pwm.http.bean.ChangePasswordBean)11 PwmApplication (password.pwm.PwmApplication)4 PwmSession (password.pwm.http.PwmSession)4 PasswordChangeProgressChecker (password.pwm.ldap.PasswordChangeProgressChecker)4 PwmOperationalException (password.pwm.error.PwmOperationalException)3 UserInfo (password.pwm.ldap.UserInfo)3 LoginInfoBean (password.pwm.bean.LoginInfoBean)2 FormConfiguration (password.pwm.config.value.data.FormConfiguration)2 PwmDataValidationException (password.pwm.error.PwmDataValidationException)2 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2 PasswordData (password.pwm.util.PasswordData)2 MacroMachine (password.pwm.util.macro.MacroMachine)2 ChaiUser (com.novell.ldapchai.ChaiUser)1 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 IOException (java.io.IOException)1 Instant (java.time.Instant)1 Locale (java.util.Locale)1 ServletException (javax.servlet.ServletException)1 LocalSessionStateBean (password.pwm.bean.LocalSessionStateBean)1 Configuration (password.pwm.config.Configuration)1