Examples with OAuthForgottenPasswordResults password.pwm.http.servlet.oauth.OAuthForgottenPasswordResults used on opensource projects

Example 1 with OAuthForgottenPasswordResults

use of password.pwm.http.servlet.oauth.OAuthForgottenPasswordResults in project pwm by pwm-project.

the class ForgottenPasswordServlet method processOAuthReturn.

@ActionHandler(action = "oauthReturn")
private ProcessStatus processOAuthReturn(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.getProgress().getInProgressVerificationMethod() != IdentityVerificationMethod.OAUTH) {
        LOGGER.debug(pwmRequest, "oauth return detected, however current session did not issue an oauth request; will restart forgotten password sequence");
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
        pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
        return ProcessStatus.Halt;
    }
    if (forgottenPasswordBean.getUserIdentity() == null) {
        LOGGER.debug(pwmRequest, "oauth return detected, however current session does not have a user identity stored; will restart forgotten password sequence");
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
        pwmRequest.sendRedirect(PwmServletDefinition.ForgottenPassword);
        return ProcessStatus.Halt;
    }
    final String encryptedResult = pwmRequest.readParameterAsString(PwmConstants.PARAM_RECOVERY_OAUTH_RESULT, PwmHttpRequestWrapper.Flag.BypassValidation);
    final OAuthForgottenPasswordResults results = pwmRequest.getPwmApplication().getSecureService().decryptObject(encryptedResult, OAuthForgottenPasswordResults.class);
    LOGGER.trace(pwmRequest, "received ");
    final String userDNfromOAuth = results.getUsername();
    if (userDNfromOAuth == null || userDNfromOAuth.isEmpty()) {
        final String errorMsg = "oauth server coderesolver endpoint did not return a username value";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    final UserIdentity oauthUserIdentity;
    {
        final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
        try {
            oauthUserIdentity = userSearchEngine.resolveUsername(userDNfromOAuth, null, null, pwmRequest.getSessionLabel());
        } catch (PwmOperationalException e) {
            final String errorMsg = "unexpected error searching for oauth supplied username in ldap; error: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    final boolean userMatch;
    {
        final UserIdentity userIdentityInBean = forgottenPasswordBean.getUserIdentity();
        userMatch = userIdentityInBean != null && userIdentityInBean.equals(oauthUserIdentity);
    }
    if (userMatch) {
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.OAUTH);
    } else {
        final String errorMsg = "oauth server username does not match previously identified user";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return ProcessStatus.Continue;
}