Example 6 with UserInfo
use of password.pwm.ldap.UserInfo in project pwm by pwm-project.
the class AuditRecordFactory method userIdentityToUserDefinition.
private AuditUserDefinition userIdentityToUserDefinition(final UserIdentity userIdentity) {
String userDN = null;
String userID = null;
String ldapProfile = null;
if (userIdentity != null) {
userDN = userIdentity.getUserDN();
ldapProfile = userIdentity.getLdapProfileID();
try {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, SessionLabel.SYSTEM_LABEL, userIdentity, PwmConstants.DEFAULT_LOCALE);
userID = userInfo.getUsername();
} catch (Exception e) {
LOGGER.warn("unable to read userID for " + userIdentity + ", error: " + e.getMessage());
}
}
return new AuditUserDefinition(userID, userDN, ldapProfile);
}
Also used :
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 7 with UserInfo
use of password.pwm.ldap.UserInfo in project pwm by pwm-project.
the class ForgottenPasswordUtil method doActionSendNewPassword.
static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
LOGGER.trace(pwmRequest, "beginning process to send new password to user");
if (!forgottenPasswordBean.getProgress().isAllPassed()) {
return;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
try {
// try unlocking user
theUser.unlockPassword();
LOGGER.trace(pwmRequest, "unlock account succeeded");
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
try {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
// add post change actions
ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
// create new password
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
// set the password
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
} catch (ChaiException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
theUser.expirePassword();
}
// mark the event log
{
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
pwmApplication.getAuditManager().submit(auditRecord);
}
final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
// send email or SMS
final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
} catch (PwmException e) {
LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
pwmRequest.respondWithError(e.getErrorInformation());
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
} finally {
ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
// the user should not be authenticated, this is a safety method
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
// the password set flag should not have been set, this is a safety method
pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
}
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
MessageSendMethod(password.pwm.config.option.MessageSendMethod)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
RecoveryAction(password.pwm.config.option.RecoveryAction)
PasswordData(password.pwm.util.PasswordData)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
AuditRecord(password.pwm.svc.event.AuditRecord)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
ChaiException(com.novell.ldapchai.exception.ChaiException)
Example 8 with UserInfo
use of password.pwm.ldap.UserInfo in project pwm by pwm-project.
the class ForgottenPasswordUtil method readUserInfo.
static UserInfo readUserInfo(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
if (forgottenPasswordBean.getUserIdentity() == null) {
return null;
}
final String cacheKey = PwmConstants.REQUEST_ATTR_FORGOTTEN_PW_USERINFO_CACHE;
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
{
final UserInfo userInfoFromSession = (UserInfo) pwmRequest.getHttpServletRequest().getAttribute(cacheKey);
if (userInfoFromSession != null) {
if (userIdentity.equals(userInfoFromSession.getUserIdentity())) {
LOGGER.trace(pwmRequest, "using request cached userInfo");
return userInfoFromSession;
} else {
LOGGER.trace(pwmRequest, "request cached userInfo is not for current user, clearing.");
pwmRequest.getHttpServletRequest().getSession().setAttribute(cacheKey, null);
}
}
}
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
pwmRequest.getHttpServletRequest().setAttribute(cacheKey, userInfo);
return userInfo;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
Example 9 with UserInfo
use of password.pwm.ldap.UserInfo in project pwm by pwm-project.
the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.
static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
switch(recoveryVerificationMethods) {
case TOKEN:
{
ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
}
break;
case ATTRIBUTES:
{
final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
if (formConfiguration == null || formConfiguration.isEmpty()) {
final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case OTP:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
if (userInfo.getOtpUserRecord() == null) {
final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case CHALLENGE_RESPONSES:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
throw new PwmUnrecoverableException(errorInformation);
}
final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
try {
if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
} catch (ChaiValidationException e) {
final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
default:
// continue, assume no data requirements for method.
break;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
List(java.util.List)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
UserInfo(password.pwm.ldap.UserInfo)
Example 10 with UserInfo
use of password.pwm.ldap.UserInfo in project pwm by pwm-project.
the class ForgottenPasswordUtil method figureAttributeForm.
static List<FormConfiguration> figureAttributeForm(final ForgottenPasswordProfile forgottenPasswordProfile, final ForgottenPasswordBean forgottenPasswordBean, final PwmRequest pwmRequest, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmOperationalException, PwmUnrecoverableException {
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordProfile.readSettingAsForm(PwmSetting.RECOVERY_ATTRIBUTE_FORM);
if (requiredAttributesForm.isEmpty()) {
return requiredAttributesForm;
}
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final List<FormConfiguration> returnList = new ArrayList<>();
for (final FormConfiguration formItem : requiredAttributesForm) {
if (formItem.isRequired()) {
returnList.add(formItem);
} else {
try {
final String currentValue = userInfo.readStringAttribute(formItem.getName());
if (currentValue != null && currentValue.length() > 0) {
returnList.add(formItem);
} else {
LOGGER.trace(pwmRequest, "excluding optional required attribute(" + formItem.getName() + "), user has no value");
}
} catch (PwmUnrecoverableException e) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "unexpected error reading value for attribute " + formItem.getName()));
}
}
}
if (returnList.isEmpty()) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, "user has no values for any optional attribute"));
}
return returnList;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ArrayList(java.util.ArrayList)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Aggregations
UserInfo (password.pwm.ldap.UserInfo)60
ErrorInformation (password.pwm.error.ErrorInformation)23
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)23
FormConfiguration (password.pwm.config.value.data.FormConfiguration)20
PwmApplication (password.pwm.PwmApplication)18
UserIdentity (password.pwm.bean.UserIdentity)15
Configuration (password.pwm.config.Configuration)15
Locale (java.util.Locale)13
MacroMachine (password.pwm.util.macro.MacroMachine)13
ChaiUser (com.novell.ldapchai.ChaiUser)12
PwmOperationalException (password.pwm.error.PwmOperationalException)12
PwmSession (password.pwm.http.PwmSession)12
PasswordData (password.pwm.util.PasswordData)10
Instant (java.time.Instant)9
ArrayList (java.util.ArrayList)8
ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)8
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)8
RestResultBean (password.pwm.ws.server.RestResultBean)8
List (java.util.List)7
EmailItemBean (password.pwm.bean.EmailItemBean)7
