Search in sources :

Example 21 with ForgottenPasswordBean

use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.

the class ForgottenPasswordUtil method figureRemainingAvailableOptionalAuthMethods.

static Set<IdentityVerificationMethod> figureRemainingAvailableOptionalAuthMethods(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) {
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
    final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
    final Set<IdentityVerificationMethod> result = new LinkedHashSet<>();
    result.addAll(recoveryFlags.getOptionalAuthMethods());
    result.removeAll(progress.getSatisfiedMethods());
    for (final IdentityVerificationMethod recoveryVerificationMethods : new LinkedHashSet<>(result)) {
        try {
            verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
        } catch (PwmUnrecoverableException e) {
            result.remove(recoveryVerificationMethods);
        }
    }
    return Collections.unmodifiableSet(result);
}
Also used : IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) LinkedHashSet(java.util.LinkedHashSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 22 with ForgottenPasswordBean

use of password.pwm.http.bean.ForgottenPasswordBean in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}
Also used : Locale(java.util.Locale) ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)22 ErrorInformation (password.pwm.error.ErrorInformation)15 UserIdentity (password.pwm.bean.UserIdentity)9 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)9 UserInfo (password.pwm.ldap.UserInfo)8 PwmApplication (password.pwm.PwmApplication)7 ForgottenPasswordProfile (password.pwm.config.profile.ForgottenPasswordProfile)7 FormConfiguration (password.pwm.config.value.data.FormConfiguration)6 ChaiUser (com.novell.ldapchai.ChaiUser)5 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)5 TokenDestinationItem (password.pwm.bean.TokenDestinationItem)5 LinkedHashMap (java.util.LinkedHashMap)4 IdentityVerificationMethod (password.pwm.config.option.IdentityVerificationMethod)4 PwmOperationalException (password.pwm.error.PwmOperationalException)4 PwmSession (password.pwm.http.PwmSession)4 Locale (java.util.Locale)3 Map (java.util.Map)3 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)3 Challenge (com.novell.ldapchai.cr.Challenge)2 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2