Examples with UserInfo password.pwm.ldap.UserInfo used on opensource projects

Search in sources :

Example 41 with UserInfo

use of password.pwm.ldap.UserInfo in project pwm by pwm-project.

the class AuthenticationFilter method forceRequiredRedirects.

public static ProcessStatus forceRequiredRedirects(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmURL pwmURL = pwmRequest.getURL();
    final UserInfo userInfo = pwmSession.getUserInfo();
    final LoginInfoBean loginInfoBean = pwmSession.getLoginInfoBean();
    if (pwmURL.isResourceURL() || pwmURL.isConfigManagerURL() || pwmURL.isLogoutURL() || pwmURL.isLoginServlet()) {
        return ProcessStatus.Continue;
    }
    if (pwmRequest.getPwmApplication().getApplicationMode() != PwmApplicationMode.RUNNING) {
        return ProcessStatus.Continue;
    }
    // high priority pw change
    if (loginInfoBean.getType() == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
        if (!pwmURL.isChangePasswordURL()) {
            LOGGER.debug(pwmRequest, "user is authenticated via forgotten password mechanism, redirecting to change password servlet");
            pwmRequest.sendRedirect(pwmRequest.getContextPath() + PwmConstants.URL_PREFIX_PUBLIC + "/" + PwmServletDefinition.PrivateChangePassword.servletUrlName());
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    // if change password in progress and req is for ChangePassword servlet, then allow request as is
    if (pwmURL.isChangePasswordURL()) {
        final ChangePasswordBean cpb = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
        final PasswordChangeProgressChecker.ProgressTracker progressTracker = cpb.getChangeProgressTracker();
        if (progressTracker != null && progressTracker.getBeginTime() != null) {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresResponseConfig()) {
        if (!pwmURL.isSetupResponsesURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup responses, redirecting to setup responses servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresOtpConfig() && !pwmSession.getLoginInfoBean().isLoginFlag(LoginInfoBean.LoginFlag.skipOtp)) {
        if (!pwmURL.isSetupOtpSecretURL()) {
            LOGGER.debug(pwmRequest, "user is required to setup OTP configuration, redirecting to OTP setup page");
            pwmRequest.sendRedirect(PwmServletDefinition.SetupOtp);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (userInfo.isRequiresUpdateProfile()) {
        if (!pwmURL.isProfileUpdateURL()) {
            LOGGER.debug(pwmRequest, "user is required to update profile, redirecting to profile update servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.UpdateProfile);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    if (!pwmURL.isChangePasswordURL()) {
        if (userInfo.isRequiresNewPassword() && !loginInfoBean.isLoginFlag(LoginInfoBean.LoginFlag.skipNewPw)) {
            LOGGER.debug(pwmRequest, "user password in ldap requires changing, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else if (loginInfoBean.getLoginFlags().contains(LoginInfoBean.LoginFlag.forcePwChange)) {
            LOGGER.debug(pwmRequest, "previous activity in application requires forcing pw change, redirecting to change password servlet");
            pwmRequest.sendRedirect(PwmServletDefinition.PrivateChangePassword);
            return ProcessStatus.Halt;
        } else {
            return ProcessStatus.Continue;
        }
    }
    return ProcessStatus.Continue;
}
Also used : ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean) LoginInfoBean(password.pwm.bean.LoginInfoBean) PwmURL(password.pwm.http.PwmURL) UserInfo(password.pwm.ldap.UserInfo) PwmSession(password.pwm.http.PwmSession) PasswordChangeProgressChecker(password.pwm.ldap.PasswordChangeProgressChecker)

Example 42 with UserInfo

use of password.pwm.ldap.UserInfo in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeUnlock.

private void executeUnlock(final PwmRequest pwmRequest) throws IOException, ServletException, ChaiUnavailableException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
        theUser.unlockPassword();
        // mark the event log
        final UserInfo userInfoBean = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        pwmApplication.getAuditManager().submit(AuditEvent.UNLOCK_PASSWORD, userInfoBean, pwmSession);
        ForgottenPasswordUtil.sendUnlockNoticeEmail(pwmRequest, forgottenPasswordBean);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UnlockAccount);
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + userIdentity + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation, true);
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) UserInfo(password.pwm.ldap.UserInfo) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmSession(password.pwm.http.PwmSession) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 43 with UserInfo

use of password.pwm.ldap.UserInfo in project pwm by pwm-project.

the class ForgottenPasswordServlet method processActionChoice.

@ActionHandler(action = "actionChoice")
private ProcessStatus processActionChoice(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ServletException, IOException, ChaiUnavailableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
    if (resendEnabled) {
        // clear token dest info in case we got here from a user 'go-back' request
        forgottenPasswordBean.getProgress().clearTokenSentStatus();
    }
    final boolean disallowAllButUnlock;
    {
        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        final RecoveryMinLifetimeOption minLifetimeOption = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_MINIMUM_PASSWORD_LIFETIME_OPTIONS, RecoveryMinLifetimeOption.class);
        disallowAllButUnlock = minLifetimeOption == RecoveryMinLifetimeOption.UNLOCKONLY && userInfo.isPasswordLocked();
    }
    if (forgottenPasswordBean.getProgress().isAllPassed()) {
        final String choice = pwmRequest.readParameterAsString("choice");
        final ActionChoice actionChoice = JavaHelper.readEnumFromString(ActionChoice.class, null, choice);
        if (actionChoice != null) {
            switch(actionChoice) {
                case unlock:
                    this.executeUnlock(pwmRequest);
                    break;
                case resetPassword:
                    if (disallowAllButUnlock) {
                        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                        PasswordUtility.throwPasswordTooSoonException(userInfo, pwmRequest.getSessionLabel());
                    }
                    this.executeResetPassword(pwmRequest);
                    break;
                default:
                    JavaHelper.unhandledSwitchStatement(actionChoice);
            }
        }
    }
    return ProcessStatus.Continue;
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) UserInfo(password.pwm.ldap.UserInfo) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) RecoveryMinLifetimeOption(password.pwm.config.option.RecoveryMinLifetimeOption)

Example 44 with UserInfo

use of password.pwm.ldap.UserInfo in project pwm by pwm-project.

the class ForgottenPasswordServlet method processResendToken.

@ActionHandler(action = "resendToken")
private ProcessStatus processResendToken(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    {
        final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
        final boolean resendEnabled = forgottenPasswordProfile.readSettingAsBoolean(PwmSetting.TOKEN_RESEND_ENABLE);
        if (!resendEnabled) {
            final String errorMsg = "token resend is not enabled";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        }
    }
    if (!forgottenPasswordBean.getProgress().isTokenSent()) {
        final String errorMsg = "attempt to resend token, but initial token has not yet been sent";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    {
        LOGGER.trace(pwmRequest, "preparing to send a new token to user");
        final long delayTime = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.TOKEN_RESEND_DELAY_MS));
        JavaHelper.pause(delayTime);
    }
    {
        final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        final TokenDestinationItem tokenDestinationItem = forgottenPasswordBean.getProgress().getTokenDestination();
        ForgottenPasswordUtil.initializeAndSendToken(pwmRequest, userInfo, tokenDestinationItem);
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_TokenResend);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 45 with UserInfo

use of password.pwm.ldap.UserInfo in project pwm by pwm-project.

the class ForgottenPasswordServlet method forwardUserBasedOnRecoveryMethod.

private void forwardUserBasedOnRecoveryMethod(final PwmRequest pwmRequest, final IdentityVerificationMethod method) throws ServletException, PwmUnrecoverableException, IOException {
    LOGGER.debug(pwmRequest, "attempting to forward request to handle verification method " + method.toString());
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    ForgottenPasswordUtil.verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, method);
    switch(method) {
        case PREVIOUS_AUTH:
            {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "previous authentication is required, but user has not previously authenticated"));
            }
        case ATTRIBUTES:
            {
                pwmRequest.addFormInfoToRequestAttr(forgottenPasswordBean.getAttributeForm(), Collections.emptyMap(), false, false);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ATTRIBUTES);
            }
            break;
        case CHALLENGE_RESPONSES:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordChallengeSet, forgottenPasswordBean.getPresentableChallengeSet());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_RESPONSES);
            }
            break;
        case OTP:
            {
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordOtpRecord, ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean).getOtpUserRecord());
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_ENTER_OTP);
            }
            break;
        case TOKEN:
            {
                final ForgottenPasswordBean.Progress progress = forgottenPasswordBean.getProgress();
                final List<TokenDestinationItem> tokenDestinations = ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
                if (progress.getTokenDestination() == null) {
                    final boolean autoSelect = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST));
                    if (autoSelect && tokenDestinations.size() == 1) {
                        final TokenDestinationItem singleItem = tokenDestinations.iterator().next();
                        progress.setTokenDestination(singleItem);
                    }
                }
                if (progress.getTokenDestination() == null) {
                    forwardToTokenChoiceJsp(pwmRequest);
                    return;
                }
                if (!progress.isTokenSent()) {
                    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                    ForgottenPasswordUtil.initializeAndSendToken(pwmRequest, userInfo, progress.getTokenDestination());
                    progress.setTokenSent(true);
                }
                if (!progress.getSatisfiedMethods().contains(IdentityVerificationMethod.TOKEN)) {
                    forwardToEnterTokenJsp(pwmRequest);
                    return;
                }
            }
            break;
        case REMOTE_RESPONSES:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                final VerificationMethodSystem remoteMethod;
                if (forgottenPasswordBean.getProgress().getRemoteRecoveryMethod() == null) {
                    remoteMethod = new RemoteVerificationMethod();
                    remoteMethod.init(pwmRequest.getPwmApplication(), userInfo, pwmRequest.getSessionLabel(), pwmRequest.getLocale());
                    forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(remoteMethod);
                } else {
                    remoteMethod = forgottenPasswordBean.getProgress().getRemoteRecoveryMethod();
                }
                final List<VerificationMethodSystem.UserPrompt> prompts = remoteMethod.getCurrentPrompts();
                final String displayInstructions = remoteMethod.getCurrentDisplayInstructions();
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordPrompts, new ArrayList<>(prompts));
                pwmRequest.setAttribute(PwmRequestAttribute.ForgottenPasswordInstructions, displayInstructions);
                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_REMOTE);
            }
            break;
        case OAUTH:
            forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.OAUTH);
            final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
            final OAuthSettings oAuthSettings = OAuthSettings.forForgottenPassword(forgottenPasswordProfile);
            final OAuthMachine oAuthMachine = new OAuthMachine(oAuthSettings);
            pwmRequest.getPwmApplication().getSessionStateService().saveSessionBeans(pwmRequest);
            final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
            oAuthMachine.redirectUserToOAuthServer(pwmRequest, null, userIdentity, forgottenPasswordProfile.getIdentifier());
            break;
        default:
            throw new UnsupportedOperationException("unexpected method during forward: " + method.toString());
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) UserIdentity(password.pwm.bean.UserIdentity) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) OAuthMachine(password.pwm.http.servlet.oauth.OAuthMachine) TokenDestinationItem(password.pwm.bean.TokenDestinationItem) VerificationMethodSystem(password.pwm.VerificationMethodSystem) ErrorInformation(password.pwm.error.ErrorInformation) List(java.util.List) ArrayList(java.util.ArrayList) OAuthSettings(password.pwm.http.servlet.oauth.OAuthSettings) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

UserInfo (password.pwm.ldap.UserInfo)60 ErrorInformation (password.pwm.error.ErrorInformation)23 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)23 FormConfiguration (password.pwm.config.value.data.FormConfiguration)20 PwmApplication (password.pwm.PwmApplication)18 UserIdentity (password.pwm.bean.UserIdentity)15 Configuration (password.pwm.config.Configuration)15 Locale (java.util.Locale)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 ChaiUser (com.novell.ldapchai.ChaiUser)12 PwmOperationalException (password.pwm.error.PwmOperationalException)12 PwmSession (password.pwm.http.PwmSession)12 PasswordData (password.pwm.util.PasswordData)10 Instant (java.time.Instant)9 ArrayList (java.util.ArrayList)8 ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)8 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)8 RestResultBean (password.pwm.ws.server.RestResultBean)8 List (java.util.List)7 EmailItemBean (password.pwm.bean.EmailItemBean)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial