Example 11 with ForgottenPasswordBean
use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.
the class ForgottenPasswordServlet method processSearch.
@ActionHandler(action = "search")
private ProcessStatus processSearch(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Locale userLocale = pwmRequest.getLocale();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
final boolean bogusUserModeEnabled = pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.RECOVERY_BOGUS_USER_ENABLE);
// clear the bean
clearForgottenPasswordBean(pwmRequest);
if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
LOGGER.debug(pwmRequest, errorInfo);
setLastError(pwmRequest, errorInfo);
return ProcessStatus.Continue;
}
}
final List<FormConfiguration> forgottenPasswordForm = pwmApplication.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
Map<FormConfiguration, String> formValues = new LinkedHashMap<>();
try {
// read the values from the request
formValues = FormUtility.readFormValuesFromRequest(pwmRequest, forgottenPasswordForm, userLocale);
// check for intruder search values
pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
// see if the values meet the configured form requirements.
FormUtility.validateFormValues(pwmRequest.getConfig(), formValues, userLocale);
final String searchFilter;
{
final String configuredSearchFilter = pwmApplication.getConfig().readSettingAsString(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FILTER);
if (configuredSearchFilter == null || configuredSearchFilter.isEmpty()) {
searchFilter = FormUtility.ldapSearchFilterForForm(pwmApplication, forgottenPasswordForm);
LOGGER.trace(pwmSession, "auto generated ldap search filter: " + searchFilter);
} else {
searchFilter = configuredSearchFilter;
}
}
// convert the username field to an identity
final UserIdentity userIdentity;
{
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(searchFilter).formValues(formValues).contexts(Collections.singletonList(contextParam)).ldapProfile(ldapProfile).build();
userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
}
if (userIdentity == null) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
}
AuthenticationUtility.checkIfUserEligibleToAuthentication(pwmApplication, userIdentity);
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
ForgottenPasswordUtil.initForgottenPasswordBean(pwmRequest, userIdentity, forgottenPasswordBean);
// clear intruder search values
pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
return ProcessStatus.Continue;
} catch (PwmOperationalException e) {
if (e.getError() != PwmError.ERROR_CANT_MATCH_USER || !bogusUserModeEnabled) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, e.getErrorInformation().getDetailedErrorMsg(), e.getErrorInformation().getFieldValues());
pwmApplication.getStatisticsManager().incrementValue(Statistic.RECOVERY_FAILURES);
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
LOGGER.debug(pwmSession, errorInfo.toDebugStr());
setLastError(pwmRequest, errorInfo);
return ProcessStatus.Continue;
}
}
if (bogusUserModeEnabled) {
ForgottenPasswordUtil.initBogusForgottenPasswordBean(pwmRequest);
forgottenPasswordBean(pwmRequest).setUserSearchValues(FormUtility.asStringMap(formValues));
}
return ProcessStatus.Continue;
}
Also used :
Locale(java.util.Locale)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
SearchConfiguration(password.pwm.ldap.search.SearchConfiguration)
LinkedHashMap(java.util.LinkedHashMap)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
PwmSession(password.pwm.http.PwmSession)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 12 with ForgottenPasswordBean
use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.
the class ForgottenPasswordServlet method executeUnlock.
private void executeUnlock(final PwmRequest pwmRequest) throws IOException, ServletException, ChaiUnavailableException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
theUser.unlockPassword();
// mark the event log
final UserInfo userInfoBean = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
pwmApplication.getAuditManager().submit(AuditEvent.UNLOCK_PASSWORD, userInfoBean, pwmSession);
ForgottenPasswordUtil.sendUnlockNoticeEmail(pwmRequest, forgottenPasswordBean);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UnlockAccount);
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + userIdentity + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmSession, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation, true);
} finally {
clearForgottenPasswordBean(pwmRequest);
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwmSession(password.pwm.http.PwmSession)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 13 with ForgottenPasswordBean
use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.
the class ForgottenPasswordServlet method processActionChoice.
@ActionHandler(action = "actionChoice")
private ProcessStatus processActionChoice(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ServletException, IOException, ChaiUnavailableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
if (resendEnabled) {
// clear token dest info in case we got here from a user 'go-back' request
forgottenPasswordBean.getProgress().clearTokenSentStatus();
}
final boolean disallowAllButUnlock;
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final RecoveryMinLifetimeOption minLifetimeOption = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY && userInfo.isPasswordLocked();
}
if (forgottenPasswordBean.getProgress().isAllPassed()) {
final String choice = pwmRequest.readParameterAsString("choice");
final ActionChoice actionChoice = JavaHelper.readEnumFromString(ActionChoice.class, null, choice);
if (actionChoice != null) {
switch(actionChoice) {
case unlock:
this.executeUnlock(pwmRequest);
break;
case resetPassword:
if (disallowAllButUnlock) {
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
}
this.executeResetPassword(pwmRequest);
break;
default:
JavaHelper.unhandledSwitchStatement(actionChoice);
}
}
}
return ProcessStatus.Continue;
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
UserInfo(password.pwm.ldap.UserInfo)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
RecoveryMinLifetimeOption(password.pwm.config.option.RecoveryMinLifetimeOption)
Example 14 with ForgottenPasswordBean
use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.
the class ForgottenPasswordServlet method processVerificationChoice.
@ActionHandler(action = "verificationChoice")
private ProcessStatus processVerificationChoice(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ServletException, IOException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final String requestedChoiceStr = pwmRequest.readParameterAsString("choice");
final LinkedHashSet<IdentityVerificationMethod> remainingAvailableOptionalMethods = new LinkedHashSet<>(ForgottenPasswordUtil.figureRemainingAvailableOptionalAuthMethods(pwmRequest, forgottenPasswordBean));
pwmRequest.setAttribute(PwmRequestAttribute.AvailableAuthMethods, remainingAvailableOptionalMethods);
IdentityVerificationMethod requestedChoice = null;
if (requestedChoiceStr != null && !requestedChoiceStr.isEmpty()) {
try {
requestedChoice = IdentityVerificationMethod.valueOf(requestedChoiceStr);
} catch (IllegalArgumentException e) {
final String errorMsg = "unknown verification method requested";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMsg);
setLastError(pwmRequest, errorInformation);
pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_METHOD_CHOICE);
return ProcessStatus.Halt;
}
}
if (remainingAvailableOptionalMethods.contains(requestedChoice)) {
forgottenPasswordBean.getProgress().setInProgressVerificationMethod(requestedChoice);
pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOptionalPageView, "true");
forwardUserBasedOnRecoveryMethod(pwmRequest, requestedChoice);
return ProcessStatus.Continue;
} else if (requestedChoice != null) {
final String errorMsg = "requested verification method is not available at this time";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, errorMsg);
setLastError(pwmRequest, errorInformation);
}
pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_METHOD_CHOICE);
return ProcessStatus.Halt;
}
Also used :
IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod)
LinkedHashSet(java.util.LinkedHashSet)
ErrorInformation(password.pwm.error.ErrorInformation)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 15 with ForgottenPasswordBean
use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.
the class ForgottenPasswordServlet method forwardToTokenChoiceJsp.
private static void forwardToTokenChoiceJsp(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final List<TokenDestinationItem> destItems = ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
pwmRequest.setAttribute(PwmRequestAttribute.TokenDestItems, new ArrayList<>(destItems));
if (ForgottenPasswordUtil.hasOtherMethodChoices(forgottenPasswordBean, IdentityVerificationMethod.TOKEN)) {
pwmRequest.setAttribute(PwmRequestAttribute.GoBackAction, ResetAction.clearActionChoice.name());
}
pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_TOKEN_CHOICE);
}
Also used :
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
Aggregations
ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)22
ErrorInformation (password.pwm.error.ErrorInformation)15
UserIdentity (password.pwm.bean.UserIdentity)9
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)9
UserInfo (password.pwm.ldap.UserInfo)8
PwmApplication (password.pwm.PwmApplication)7
ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)6
ChaiUser (com.novell.ldapchai.ChaiUser)5
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)5
TokenDestinationItem (password.pwm.bean.TokenDestinationItem)5
LinkedHashMap (java.util.LinkedHashMap)4
IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)4
PwmOperationalException (password.pwm.error.PwmOperationalException)4
PwmSession (password.pwm.http.PwmSession)4
Locale (java.util.Locale)3
Map (java.util.Map)3
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)3
Challenge (com.novell.ldapchai.cr.Challenge)2
ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2
