Examples with UserAuditRecord - password.pwm.svc.event.UserAuditRecord

Example 1 with UserAuditRecord

use of password.pwm.svc.event.UserAuditRecord in project pwm by pwm-project.

the class AccountInformationBean method makeAuditInfo.

public static List<ActivityRecord> makeAuditInfo(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserInfo userInfo, final Locale locale) {
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.ACCOUNT_INFORMATION_HISTORY)) {
        return Collections.emptyList();
    }
    final List<UserAuditRecord> auditRecords = new ArrayList<>();
    try {
        auditRecords.addAll(pwmApplication.getAuditManager().readUserHistory(userInfo));
    } catch (PwmUnrecoverableException e) {
        LOGGER.debug(sessionLabel, "error reading audit data for user: " + e.getMessage());
    }
    final List<ActivityRecord> returnData = new ArrayList<>();
    for (final UserAuditRecord userAuditRecord : auditRecords) {
        returnData.add(new ActivityRecord(userAuditRecord.getTimestamp(), userAuditRecord.getEventCode().getLocalizedString(pwmApplication.getConfig(), locale)));
    }
    return Collections.unmodifiableList(returnData);
}

Also used : UserAuditRecord(password.pwm.svc.event.UserAuditRecord) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 2 with UserAuditRecord

use of password.pwm.svc.event.UserAuditRecord in project pwm by pwm-project.

the class IntruderManager method mark.

public void mark(final RecordType recordType, final String subject, final SessionLabel sessionLabel) throws PwmUnrecoverableException {
    if (recordType == null) {
        throw new IllegalArgumentException("recordType is required");
    }
    if (subject == null || subject.length() < 1) {
        return;
    }
    if (recordType == RecordType.ADDRESS) {
        try {
            final InetAddress inetAddress = InetAddress.getByName(subject);
            if (inetAddress.isAnyLocalAddress() || inetAddress.isLoopbackAddress() || inetAddress.isLinkLocalAddress()) {
                LOGGER.debug("disregarding local address intruder attempt from: " + subject);
                return;
            }
        } catch (Exception e) {
            LOGGER.error("error examining address: " + subject);
        }
    }
    final RecordManager manager = recordManagers.get(recordType);
    manager.markSubject(subject);
    if (recordType == RecordType.USER_ID) {
        final UserIdentity userIdentity = UserIdentity.fromKey(subject, pwmApplication);
        final UserAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.INTRUDER_USER_ATTEMPT, userIdentity, sessionLabel);
        pwmApplication.getAuditManager().submit(auditRecord);
    } else {
        // send intruder attempt audit event
        final Map<String, Object> messageObj = new LinkedHashMap<>();
        messageObj.put("type", recordType);
        messageObj.put("subject", subject);
        final String message = JsonUtil.serializeMap(messageObj);
        final SystemAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createSystemAuditRecord(AuditEvent.INTRUDER_ATTEMPT, message);
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    try {
        check(recordType, subject);
    } catch (PwmUnrecoverableException e) {
        if (!manager.isAlerted(subject)) {
            if (recordType == RecordType.USER_ID) {
                final UserIdentity userIdentity = UserIdentity.fromKey(subject, pwmApplication);
                final UserAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.INTRUDER_USER_LOCK, userIdentity, sessionLabel);
                pwmApplication.getAuditManager().submit(auditRecord);
                sendAlert(manager.readIntruderRecord(subject), sessionLabel);
            } else {
                // send intruder attempt lock event
                final Map<String, Object> messageObj = new LinkedHashMap<>();
                messageObj.put("type", recordType);
                messageObj.put("subject", subject);
                final String message = JsonUtil.serializeMap(messageObj);
                final SystemAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createSystemAuditRecord(AuditEvent.INTRUDER_LOCK, message);
                pwmApplication.getAuditManager().submit(auditRecord);
            }
            manager.markAlerted(subject);
            final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
            if (statisticsManager != null && statisticsManager.status() == STATUS.OPEN) {
                statisticsManager.incrementValue(Statistic.INTRUDER_ATTEMPTS);
                statisticsManager.updateEps(EpsStatistic.INTRUDER_ATTEMPTS, 1);
                statisticsManager.incrementValue(recordType.getLockStatistic());
            }
        }
        throw e;
    }
    delayPenalty(manager.readIntruderRecord(subject), sessionLabel == null ? null : sessionLabel);
}

Also used : UserAuditRecord(password.pwm.svc.event.UserAuditRecord) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) LinkedHashMap(java.util.LinkedHashMap) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) StatisticsManager(password.pwm.svc.stats.StatisticsManager) InetAddress(java.net.InetAddress) SystemAuditRecord(password.pwm.svc.event.SystemAuditRecord) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 3 with UserAuditRecord

use of password.pwm.svc.event.UserAuditRecord in project pwm by pwm-project.

the class SetupOtpServlet method nextStep.

@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    if (otpBean.isHasPreExistingOtp()) {
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_EXISTING);
        return;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    if (otpBean.isConfirmed()) {
        final OtpService otpService = pwmApplication.getOtpService();
        final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
        try {
            otpService.writeOTPUserConfiguration(pwmSession, theUser, otpBean.getOtpUserRecord());
            otpBean.setWritten(true);
            // Update the current user info bean, so the user can check the code right away
            pwmSession.reloadUserInfoBean(pwmApplication);
            // mark the event log
            final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.SET_OTP_SECRET, pwmSession.getUserInfo(), pwmSession);
            pwmApplication.getAuditManager().submit(auditRecord);
            if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
                pwmApplication.getStatisticsManager().incrementValue(Statistic.SETUP_OTP_SECRET);
            }
        } catch (Exception e) {
            final ErrorInformation errorInformation;
            if (e instanceof PwmException) {
                errorInformation = ((PwmException) e).getErrorInformation();
            } else {
                errorInformation = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp secret: " + e.getMessage());
            }
            LOGGER.error(pwmSession, errorInformation.toDebugStr());
            setLastError(pwmRequest, errorInformation);
        }
    }
    if (otpBean.isCodeSeen()) {
        if (otpBean.isWritten()) {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_SUCCESS);
        } else {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_TEST);
        }
    } else {
        final String qrCodeValue = makeQrCodeDataImageUrl(pwmRequest, otpBean.getOtpUserRecord());
        pwmRequest.setAttribute(PwmRequestAttribute.SetupOtp_QrCodeValue, qrCodeValue);
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET);
    }
}

Also used : PwmException(password.pwm.error.PwmException) UserAuditRecord(password.pwm.svc.event.UserAuditRecord) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) SetupOtpBean(password.pwm.http.bean.SetupOtpBean) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmSession(password.pwm.http.PwmSession) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)

Example 4 with UserAuditRecord

use of password.pwm.svc.event.UserAuditRecord in project pwm by pwm-project.

the class SetupResponsesServlet method handleClearExisting.

@ActionHandler(action = "clearExisting")
private ProcessStatus handleClearExisting(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException {
    LOGGER.trace(pwmRequest, "request for response clear received");
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    try {
        final String userGUID = pwmSession.getUserInfo().getUserGuid();
        final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
        pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), pwmRequest.getUserInfoIfLoggedIn(), theUser, userGUID);
        pwmSession.reloadUserInfoBean(pwmApplication);
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, SetupResponsesBean.class);
        // mark the event log
        final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.CLEAR_RESPONSES, pwmSession.getUserInfo(), pwmSession);
        pwmApplication.getAuditManager().submit(auditRecord);
        pwmRequest.sendRedirect(PwmServletDefinition.SetupResponses);
    } catch (PwmOperationalException e) {
        LOGGER.debug(pwmSession, e.getErrorInformation());
        setLastError(pwmRequest, e.getErrorInformation());
    }
    return ProcessStatus.Continue;
}

Also used : UserAuditRecord(password.pwm.svc.event.UserAuditRecord) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) PwmApplication(password.pwm.PwmApplication) ChaiUser(com.novell.ldapchai.ChaiUser) PwmSession(password.pwm.http.PwmSession) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

UserAuditRecord (password.pwm.svc.event.UserAuditRecord)4 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)3 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)3 PwmApplication (password.pwm.PwmApplication)2 UserIdentity (password.pwm.bean.UserIdentity)2 PwmException (password.pwm.error.PwmException)2 PwmOperationalException (password.pwm.error.PwmOperationalException)2 PwmSession (password.pwm.http.PwmSession)2 ChaiUser (com.novell.ldapchai.ChaiUser)1 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 IOException (java.io.IOException)1 InetAddress (java.net.InetAddress)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 Map (java.util.Map)1 ServletException (javax.servlet.ServletException)1 ErrorInformation (password.pwm.error.ErrorInformation)1 SetupOtpBean (password.pwm.http.bean.SetupOtpBean)1 SystemAuditRecord (password.pwm.svc.event.SystemAuditRecord)1