Examples with HelpdeskAuditRecord password.pwm.svc.event.HelpdeskAuditRecord used on opensource projects

Search in sources :

Example 6 with HelpdeskAuditRecord

use of password.pwm.svc.event.HelpdeskAuditRecord in project pwm by pwm-project.

the class HelpdeskServlet method restValidateAttributes.

@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Instant startTime = Instant.now();
    final String bodyString = pwmRequest.readRequestBodyAsString();
    final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
    boolean passed = false;
    {
        final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
        if (verificationForms == null || verificationForms.isEmpty()) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
            throw new PwmUnrecoverableException(errorInformation);
        }
        final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
        final ChaiUser chaiUser;
        try {
            chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
        int successCount = 0;
        for (final FormConfiguration formConfiguration : verificationForms) {
            final String name = formConfiguration.getName();
            final String suppliedValue = bodyMap.get(name);
            try {
                if (chaiUser.compareStringAttribute(name, suppliedValue)) {
                    successCount++;
                }
            } catch (ChaiException e) {
                LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
            }
        }
        if (successCount == verificationForms.size()) {
            passed = true;
        }
    }
    final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
    if (passed) {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
    } else {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
    }
    // add a delay to prevent continuous checks
    final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
    while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
        JavaHelper.pause(100);
    }
    final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
    final RestResultBean restResultBean = RestResultBean.withData(responseBean);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) List(java.util.List) ArrayList(java.util.ArrayList) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmSession(password.pwm.http.PwmSession) Map(java.util.Map) HashMap(java.util.HashMap) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 7 with HelpdeskAuditRecord

use of password.pwm.svc.event.HelpdeskAuditRecord in project pwm by pwm-project.

the class HelpdeskServlet method restClearOtpSecret.

@ActionHandler(action = "clearOtpSecret")
private ProcessStatus restClearOtpSecret(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Map<String, String> bodyMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
    final UserIdentity userIdentity = HelpdeskServletUtil.userIdentityFromMap(pwmRequest, bodyMap);
    if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_CLEAR_OTP_BUTTON)) {
        final String errorMsg = "clear otp request, but helpdesk clear otp button is not enabled";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, errorMsg);
        LOGGER.error(pwmRequest, errorMsg);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    // clear pwm intruder setting.
    pwmRequest.getPwmApplication().getIntruderManager().convenience().clearUserIdentity(userIdentity);
    try {
        final OtpService service = pwmRequest.getPwmApplication().getOtpService();
        service.clearOTPUserConfiguration(pwmRequest.getPwmSession(), userIdentity);
        {
            // mark the event log
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_OTP_SECRET, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
    } catch (PwmOperationalException e) {
        final PwmError returnMsg = e.getError();
        final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
        pwmRequest.respondWithError(error);
        LOGGER.warn(pwmRequest, "error clearing OTP secret for user '" + userIdentity + "'' " + error.toDebugStr() + ", " + e.getMessage());
        return ProcessStatus.Halt;
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmError(password.pwm.error.PwmError) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) PwmOperationalException(password.pwm.error.PwmOperationalException) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 8 with HelpdeskAuditRecord

use of password.pwm.svc.event.HelpdeskAuditRecord in project pwm by pwm-project.

the class HelpdeskServlet method restUnlockIntruder.

@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    // clear pwm intruder setting.
    {
        final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
        intruderManager.convenience().clearUserIdentity(userIdentity);
    }
    try {
        final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        // send notice email
        HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
        chaiUser.unlockPassword();
        {
            // mark the event log
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
    } catch (ChaiPasswordPolicyException e) {
        final ChaiError passwordError = e.getErrorCode();
        final PwmError pwmError = PwmError.forChaiError(passwordError);
        pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
        LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
        return ProcessStatus.Halt;
    } catch (ChaiOperationException e) {
        final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
        pwmRequest.respondWithError(error);
        LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
        return ProcessStatus.Halt;
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : UserIdentity(password.pwm.bean.UserIdentity) PwmError(password.pwm.error.PwmError) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiError(com.novell.ldapchai.exception.ChaiError) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) IntruderManager(password.pwm.svc.intruder.IntruderManager) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 9 with HelpdeskAuditRecord

use of password.pwm.svc.event.HelpdeskAuditRecord in project pwm by pwm-project.

the class HelpdeskServlet method restDeleteUserRequest.

@ActionHandler(action = "deleteUser")
private ProcessStatus restDeleteUserRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PwmConstants.PARAM_USERKEY + " parameter is missing");
        setLastError(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmApplication);
    LOGGER.info(pwmSession, "received deleteUser request by " + pwmSession.getUserInfo().getUserIdentity().toString() + " for user " + userIdentity.toString());
    // check if user should be seen by actor
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    // read the userID for later logging.
    String userID = null;
    try {
        userID = pwmSession.getUserInfo().getUsername();
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmSession, "unable to read username of deleted user while creating audit record");
    }
    // execute user delete operation
    final ChaiProvider provider = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY) ? pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()) : pwmSession.getSessionManager().getChaiProvider();
    try {
        provider.deleteEntry(userIdentity.getUserDN());
    } catch (ChaiOperationException e) {
        final String errorMsg = "error while attempting to delete user " + userIdentity.toString() + ", error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.debug(pwmRequest, errorMsg);
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
        return ProcessStatus.Halt;
    }
    // mark the event log
    {
        // normally the audit record builder reads the userID while constructing the record, but because the target user is already deleted,
        // it will be included here explicitly.
        final AuditRecordFactory.AuditUserDefinition auditUserDefinition = new AuditRecordFactory.AuditUserDefinition(userID, userIdentity.getUserDN(), userIdentity.getLdapProfileID());
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_DELETE_USER, pwmSession.getUserInfo().getUserIdentity(), null, auditUserDefinition, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    LOGGER.info(pwmSession, "user " + userIdentity + " has been deleted");
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmSession(password.pwm.http.PwmSession) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 10 with HelpdeskAuditRecord

use of password.pwm.svc.event.HelpdeskAuditRecord in project pwm by pwm-project.

the class HelpdeskServletUtil method processDetailRequestImpl.

static HelpdeskDetailInfoBean processDetailRequestImpl(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
    final UserIdentity actorUserIdentity = pwmRequest.getUserInfoIfLoggedIn().canonicalized(pwmRequest.getPwmApplication());
    if (actorUserIdentity.canonicalEquals(userIdentity, pwmRequest.getPwmApplication())) {
        final String errorMsg = "cannot select self";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    LOGGER.trace(pwmRequest, "helpdesk detail view request for user details of " + userIdentity.toString() + " by actor " + actorUserIdentity.toString());
    final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, pwmRequest.readParameterAsString(HelpdeskVerificationStateBean.PARAMETER_VERIFICATION_STATE_KEY, PwmHttpRequestWrapper.Flag.BypassValidation));
    if (!HelpdeskServletUtil.checkIfRequiredVerificationPassed(userIdentity, verificationStateBean, helpdeskProfile)) {
        final String errorMsg = "selected user has not been verified";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    final HelpdeskDetailInfoBean helpdeskDetailInfoBean = HelpdeskDetailInfoBean.makeHelpdeskDetailInfo(pwmRequest, helpdeskProfile, userIdentity);
    final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VIEW_DETAIL, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
    pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
    StatisticsManager.incrementStat(pwmRequest, Statistic.HELPDESK_USER_LOOKUP);
    return helpdeskDetailInfoBean;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)

Aggregations

UserIdentity (password.pwm.bean.UserIdentity)10 ErrorInformation (password.pwm.error.ErrorInformation)10 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)10 HelpdeskAuditRecord (password.pwm.svc.event.HelpdeskAuditRecord)10 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)8 RestResultBean (password.pwm.ws.server.RestResultBean)8 ChaiUser (com.novell.ldapchai.ChaiUser)5 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 PwmSession (password.pwm.http.PwmSession)5 PwmOperationalException (password.pwm.error.PwmOperationalException)4 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3 Instant (java.time.Instant)3 ArrayList (java.util.ArrayList)2 List (java.util.List)2 HelpdeskClearResponseMode (password.pwm.config.option.HelpdeskClearResponseMode)2 PwmError (password.pwm.error.PwmError)2 MacroMachine (password.pwm.util.macro.MacroMachine)2 ChaiError (com.novell.ldapchai.exception.ChaiError)1 ChaiException (com.novell.ldapchai.exception.ChaiException)1 ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial