Example 21 with AuditRecordFactory
use of password.pwm.svc.event.AuditRecordFactory in project pwm by pwm-project.
the class HelpdeskServlet method restUnlockIntruder.
@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
if (userKey.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation);
return ProcessStatus.Halt;
}
// clear pwm intruder setting.
{
final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
intruderManager.convenience().clearUserIdentity(userIdentity);
}
try {
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
// send notice email
HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
chaiUser.unlockPassword();
{
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
} catch (ChaiPasswordPolicyException e) {
final ChaiError passwordError = e.getErrorCode();
final PwmError pwmError = PwmError.forChaiError(passwordError);
pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
return ProcessStatus.Halt;
} catch (ChaiOperationException e) {
final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
pwmRequest.respondWithError(error);
LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
return ProcessStatus.Halt;
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
ChaiError(com.novell.ldapchai.exception.ChaiError)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
IntruderManager(password.pwm.svc.intruder.IntruderManager)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 22 with AuditRecordFactory
use of password.pwm.svc.event.AuditRecordFactory in project pwm by pwm-project.
the class HelpdeskServlet method restDeleteUserRequest.
@ActionHandler(action = "deleteUser")
private ProcessStatus restDeleteUserRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
if (userKey.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PwmConstants.PARAM_USERKEY + " parameter is missing");
setLastError(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmApplication);
LOGGER.info(pwmSession, "received deleteUser request by " + pwmSession.getUserInfo().getUserIdentity().toString() + " for user " + userIdentity.toString());
// check if user should be seen by actor
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
// read the userID for later logging.
String userID = null;
try {
userID = pwmSession.getUserInfo().getUsername();
} catch (PwmUnrecoverableException e) {
LOGGER.warn(pwmSession, "unable to read username of deleted user while creating audit record");
}
// execute user delete operation
final ChaiProvider provider = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY) ? pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()) : pwmSession.getSessionManager().getChaiProvider();
try {
provider.deleteEntry(userIdentity.getUserDN());
} catch (ChaiOperationException e) {
final String errorMsg = "error while attempting to delete user " + userIdentity.toString() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.debug(pwmRequest, errorMsg);
pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
return ProcessStatus.Halt;
}
// mark the event log
{
// normally the audit record builder reads the userID while constructing the record, but because the target user is already deleted,
// it will be included here explicitly.
final AuditRecordFactory.AuditUserDefinition auditUserDefinition = new AuditRecordFactory.AuditUserDefinition(userID, userIdentity.getUserDN(), userIdentity.getLdapProfileID());
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_DELETE_USER, pwmSession.getUserInfo().getUserIdentity(), null, auditUserDefinition, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
LOGGER.info(pwmSession, "user " + userIdentity + " has been deleted");
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwmSession(password.pwm.http.PwmSession)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 23 with AuditRecordFactory
use of password.pwm.svc.event.AuditRecordFactory in project pwm by pwm-project.
the class HelpdeskServletUtil method processDetailRequestImpl.
static HelpdeskDetailInfoBean processDetailRequestImpl(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
final UserIdentity actorUserIdentity = pwmRequest.getUserInfoIfLoggedIn().canonicalized(pwmRequest.getPwmApplication());
if (actorUserIdentity.canonicalEquals(userIdentity, pwmRequest.getPwmApplication())) {
final String errorMsg = "cannot select self";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
LOGGER.trace(pwmRequest, "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity.toString());
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, pwmRequest.readParameterAsString(HelpdeskVerificationStateBean.PARAMETER_VERIFICATION_STATE_KEY, PwmHttpRequestWrapper.Flag.BypassValidation));
if (!HelpdeskServletUtil.checkIfRequiredVerificationPassed(userIdentity, verificationStateBean, helpdeskProfile)) {
final String errorMsg = "selected user has not been verified";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
final HelpdeskDetailInfoBean helpdeskDetailInfoBean = HelpdeskDetailInfoBean.makeHelpdeskDetailInfo(pwmRequest, helpdeskProfile, userIdentity);
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VIEW_DETAIL, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
StatisticsManager.incrementStat(pwmRequest, Statistic.HELPDESK_USER_LOOKUP);
return helpdeskDetailInfoBean;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
Example 24 with AuditRecordFactory
use of password.pwm.svc.event.AuditRecordFactory in project pwm by pwm-project.
the class SetupResponsesServlet method handleClearExisting.
@ActionHandler(action = "clearExisting")
private ProcessStatus handleClearExisting(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException {
LOGGER.trace(pwmRequest, "request for response clear received");
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
try {
final String userGUID = pwmSession.getUserInfo().getUserGuid();
final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), pwmRequest.getUserInfoIfLoggedIn(), theUser, userGUID);
pwmSession.reloadUserInfoBean(pwmApplication);
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, SetupResponsesBean.class);
// mark the event log
final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.CLEAR_RESPONSES, pwmSession.getUserInfo(), pwmSession);
pwmApplication.getAuditManager().submit(auditRecord);
pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmSession, e.getErrorInformation());
setLastError(pwmRequest, e.getErrorInformation());
}
return ProcessStatus.Continue;
}
Also used :
UserAuditRecord(password.pwm.svc.event.UserAuditRecord)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
PwmApplication(password.pwm.PwmApplication)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmSession(password.pwm.http.PwmSession)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Aggregations
AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)24
ErrorInformation (password.pwm.error.ErrorInformation)14
UserIdentity (password.pwm.bean.UserIdentity)13
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)10
AuditRecord (password.pwm.svc.event.AuditRecord)10
HelpdeskAuditRecord (password.pwm.svc.event.HelpdeskAuditRecord)10
PwmOperationalException (password.pwm.error.PwmOperationalException)9
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)8
RestResultBean (password.pwm.ws.server.RestResultBean)8
ChaiUser (com.novell.ldapchai.ChaiUser)7
PwmSession (password.pwm.http.PwmSession)7
PwmException (password.pwm.error.PwmException)6
PwmApplication (password.pwm.PwmApplication)5
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)4
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4
IOException (java.io.IOException)4
Instant (java.time.Instant)4
HashMap (java.util.HashMap)3
List (java.util.List)3
Map (java.util.Map)3
