use of password.pwm.svc.cache.CacheKey in project pwm by pwm-project.
the class PeopleSearchDataReader method makeSearchResultBean.
SearchResultBean makeSearchResultBean(final String searchData, final boolean includeDisplayName) throws PwmUnrecoverableException, ChaiUnavailableException {
final CacheKey cacheKey = makeCacheKey(SearchResultBean.class.getSimpleName(), searchData + "|" + includeDisplayName);
{
// try to serve from cache first
final String cachedOutput = pwmRequest.getPwmApplication().getCacheService().get(cacheKey);
if (cachedOutput != null) {
final SearchResultBean searchResultBean = JsonUtil.deserialize(cachedOutput, SearchResultBean.class);
searchResultBean.setFromCache(true);
StatisticsManager.incrementStat(pwmRequest, Statistic.PEOPLESEARCH_CACHE_HITS);
return searchResultBean;
} else {
StatisticsManager.incrementStat(pwmRequest, Statistic.PEOPLESEARCH_CACHE_MISSES);
}
}
// if not in cache, build results from ldap
final SearchResultBean searchResultBean = makeSearchResultsImpl(pwmRequest, searchData, includeDisplayName);
searchResultBean.setFromCache(false);
StatisticsManager.incrementStat(pwmRequest, Statistic.PEOPLESEARCH_SEARCHES);
storeDataInCache(pwmRequest.getPwmApplication(), cacheKey, searchResultBean);
LOGGER.trace(pwmRequest, "returning " + searchResultBean.getSearchResults().size() + " results for search request '" + searchData + "'");
return searchResultBean;
}
use of password.pwm.svc.cache.CacheKey in project pwm by pwm-project.
the class FormUtility method validateFormValueUniqueness.
@SuppressWarnings("checkstyle:MethodLength")
public static void validateFormValueUniqueness(final PwmApplication pwmApplication, final Map<FormConfiguration, String> formValues, final Locale locale, final Collection<UserIdentity> excludeDN, final ValidationFlag... validationFlags) throws PwmDataValidationException, PwmUnrecoverableException {
final boolean allowResultCaching = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.allowResultCaching);
final boolean checkReadOnlyAndHidden = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.checkReadOnlyAndHidden);
final Map<String, String> filterClauses = new HashMap<>();
final Map<String, String> labelMap = new HashMap<>();
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
if (formItem.isUnique()) {
if (checkReadOnlyAndHidden || formItem.isReadonly()) {
if (checkReadOnlyAndHidden || (formItem.getType() != FormConfiguration.Type.hidden)) {
final String value = entry.getValue();
if (value != null && value.length() > 0) {
filterClauses.put(formItem.getName(), value);
labelMap.put(formItem.getName(), formItem.getLabel(locale));
}
}
}
}
}
if (filterClauses.isEmpty()) {
// nothing to search
return;
}
final StringBuilder filter = new StringBuilder();
{
// outer;
filter.append("(&");
// object classes;
filter.append("(|");
for (final String objectClass : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filter.append("(objectClass=").append(objectClass).append(")");
}
filter.append(")");
// attributes
filter.append("(|");
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
filter.append("(").append(name).append("=").append(StringUtil.escapeLdapFilter(value)).append(")");
}
filter.append(")");
filter.append(")");
}
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = CacheKey.makeCacheKey(Validator.class, null, "attr_unique_check_" + filter.toString());
if (allowResultCaching && cacheService != null) {
final String cacheValue = cacheService.get(cacheKey);
if (cacheValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cacheValue)) {
return;
} else {
final ErrorInformation errorInformation = JsonUtil.deserialize(cacheValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilterAnd(filterClauses);
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(filter.toString()).build();
final int resultSearchSizeLimit = 1 + (excludeDN == null ? 0 : excludeDN.size());
final long cacheLifetimeMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CACHE_FORM_UNIQUE_VALUE_LIFETIME_MS));
final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new LinkedHashMap<>(userSearchEngine.performMultiUserSearch(searchConfiguration, resultSearchSizeLimit, Collections.emptyList(), SessionLabel.SYSTEM_LABEL));
if (excludeDN != null && !excludeDN.isEmpty()) {
for (final UserIdentity loopIgnoreIdentity : excludeDN) {
results.keySet().removeIf(loopIgnoreIdentity::equals);
}
}
if (!results.isEmpty()) {
final UserIdentity userIdentity = results.keySet().iterator().next();
if (labelMap.size() == 1) {
// since only one value searched, it must be that one value
final String attributeName = labelMap.values().iterator().next();
LOGGER.trace("found duplicate value for attribute '" + attributeName + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { attributeName });
throw new PwmDataValidationException(error);
}
// do a compare on a user values to find one that matches.
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
final boolean compareResult;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
compareResult = theUser.compareStringAttribute(name, value);
} catch (ChaiOperationException | ChaiUnavailableException e) {
final PwmError error = PwmError.forChaiError(e.getErrorCode());
throw new PwmUnrecoverableException(error.toInfo());
}
if (compareResult) {
final String label = labelMap.get(name);
LOGGER.trace("found duplicate value for attribute '" + label + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { label });
throw new PwmDataValidationException(error);
}
}
// user didn't match on the compare.. shouldn't read here but just in case
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null);
throw new PwmDataValidationException(error);
}
} catch (PwmOperationalException e) {
if (cacheService != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
throw new PwmDataValidationException(e.getErrorInformation());
}
if (allowResultCaching && cacheService != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
use of password.pwm.svc.cache.CacheKey in project pwm by pwm-project.
the class PasswordUtility method checkEnteredPassword.
public static PasswordCheckInfo checkEnteredPassword(final PwmApplication pwmApplication, final Locale locale, final ChaiUser user, final UserInfo userInfo, final LoginInfoBean loginInfoBean, final PasswordData password, final PasswordData confirmPassword) throws PwmUnrecoverableException, ChaiUnavailableException {
if (userInfo == null) {
throw new NullPointerException("userInfoBean cannot be null");
}
boolean pass = false;
String userMessage = "";
int errorCode = 0;
final boolean passwordIsCaseSensitive = userInfo.getPasswordPolicy() == null || userInfo.getPasswordPolicy().getRuleHelper().readBooleanValue(PwmPasswordRule.CaseSensitive);
final CachePolicy cachePolicy;
{
final long cacheLifetimeMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CACHE_PWRULECHECK_LIFETIME_MS));
cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
}
if (password == null) {
userMessage = new ErrorInformation(PwmError.PASSWORD_MISSING).toUserStr(locale, pwmApplication.getConfig());
} else {
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = user != null && userInfo.getUserIdentity() != null ? CacheKey.makeCacheKey(PasswordUtility.class, userInfo.getUserIdentity(), user.getEntryDN() + ":" + password.hash()) : null;
if (pwmApplication.getConfig().isDevDebugMode()) {
LOGGER.trace("generated cacheKey for password check request: " + cacheKey);
}
try {
if (cacheService != null && cacheKey != null) {
final String cachedValue = cacheService.get(cacheKey);
if (cachedValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cachedValue)) {
pass = true;
} else {
LOGGER.trace("cache hit!");
final ErrorInformation errorInformation = JsonUtil.deserialize(cachedValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
if (!pass) {
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, userInfo.getPasswordPolicy(), locale);
final PasswordData oldPassword = loginInfoBean == null ? null : loginInfoBean.getUserCurrentPassword();
pwmPasswordRuleValidator.testPassword(password, oldPassword, userInfo, user);
pass = true;
if (cacheService != null && cacheKey != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
} catch (PwmDataValidationException e) {
errorCode = e.getError().getErrorCode();
userMessage = e.getErrorInformation().toUserStr(locale, pwmApplication.getConfig());
pass = false;
if (cacheService != null && cacheKey != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
}
}
final PasswordCheckInfo.MatchStatus matchStatus = figureMatchStatus(passwordIsCaseSensitive, password, confirmPassword);
if (pass) {
switch(matchStatus) {
case EMPTY:
userMessage = new ErrorInformation(PwmError.PASSWORD_MISSING_CONFIRM).toUserStr(locale, pwmApplication.getConfig());
break;
case MATCH:
userMessage = new ErrorInformation(PwmError.PASSWORD_MEETS_RULES).toUserStr(locale, pwmApplication.getConfig());
break;
case NO_MATCH:
userMessage = new ErrorInformation(PwmError.PASSWORD_DOESNOTMATCH).toUserStr(locale, pwmApplication.getConfig());
break;
default:
userMessage = "";
}
}
final int strength = judgePasswordStrength(pwmApplication.getConfig(), password == null ? null : password.getStringValue());
return new PasswordCheckInfo(userMessage, pass, strength, matchStatus, errorCode);
}
Aggregations