use of password.pwm.util.operations.ActionExecutor in project pwm by pwm-project.
the class HelpdeskServlet method processExecuteActionRequest.
@ActionHandler(action = "executeAction")
private ProcessStatus processExecuteActionRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final String userKey = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation).get(PwmConstants.PARAM_USERKEY);
if (userKey == null || userKey.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PwmConstants.PARAM_USERKEY + " parameter is missing");
setLastError(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
LOGGER.debug(pwmRequest, "received executeAction request for user " + userIdentity.toString());
final List<ActionConfiguration> actionConfigurations = helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_ACTIONS);
final String requestedName = pwmRequest.readParameterAsString("name");
ActionConfiguration action = null;
for (final ActionConfiguration loopAction : actionConfigurations) {
if (requestedName != null && requestedName.equals(loopAction.getName())) {
action = loopAction;
break;
}
}
if (action == null) {
final String errorMsg = "request to execute unknown action: " + requestedName;
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.debug(pwmRequest, errorInformation.toDebugStr());
final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
// check if user should be seen by actor
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
try {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ChaiUser chaiUser = useProxy ? pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity) : pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication(), userIdentity);
final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmRequest.getPwmApplication(), chaiUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
actionExecutor.executeAction(action, pwmRequest.getSessionLabel());
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_ACTION, pwmSession.getUserInfo().getUserIdentity(), action.getName(), userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest.getLocale(), pwmRequest.getConfig(), Message.Success_Action, action.getName());
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, e.getErrorInformation().toDebugStr());
final RestResultBean restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
}
use of password.pwm.util.operations.ActionExecutor in project pwm by pwm-project.
the class GuestRegistrationServlet method handleCreateRequest.
private void handleCreateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
final Configuration config = pwmApplication.getConfig();
final Locale locale = ssBean.getLocale();
final List<FormConfiguration> guestUserForm = config.readSettingAsForm(PwmSetting.GUEST_FORM);
try {
// read the values from the request
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, guestUserForm, locale);
// read the expiration date from the request.
final Instant expirationDate = readExpirationFromRequest(pwmRequest);
// see if the values meet form requirements.
FormUtility.validateFormValues(config, formValues, locale);
// read new user DN
final String guestUserDN = determineUserDN(formValues, config);
// read a chai provider to make the user
final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
// set up the user creation attributes
final Map<String, String> createAttributes = new HashMap<>();
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
final String value = entry.getValue();
LOGGER.debug(pwmSession, "Attribute from form: " + formItem.getName() + " = " + value);
final String n = formItem.getName();
final String v = formValues.get(formItem);
if (n != null && n.length() > 0 && v != null && v.length() > 0) {
createAttributes.put(n, v);
}
}
// Write creator DN
createAttributes.put(config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE), pwmSession.getUserInfo().getUserIdentity().getUserDN());
// read the creation object classes.
final Set<String> createObjectClasses = new HashSet<>(config.readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
provider.createEntry(guestUserDN, createObjectClasses, createAttributes);
LOGGER.info(pwmSession, "created user object: " + guestUserDN);
final ChaiUser theUser = provider.getEntryFactory().newChaiUser(guestUserDN);
final UserIdentity userIdentity = new UserIdentity(guestUserDN, pwmSession.getUserInfo().getUserIdentity().getLdapProfileID());
// write the expiration date:
if (expirationDate != null) {
final String expirationAttr = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
theUser.writeDateAttribute(expirationAttr, expirationDate);
}
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, pwmSession.getLabel(), userIdentity, theUser, locale);
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), passwordPolicy, pwmApplication);
theUser.setPassword(newPassword.getStringValue());
{
// execute configured actions
LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final List<ActionConfiguration> actions = pwmApplication.getConfig().readSettingAsAction(PwmSetting.GUEST_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, theUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
}
}
// everything good so forward to success page.
this.sendGuestUserEmailConfirmation(pwmRequest, userIdentity);
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateGuest);
} catch (ChaiOperationException e) {
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, "error creating user: " + e.getMessage());
setLastError(pwmRequest, info);
LOGGER.warn(pwmSession, info);
this.forwardToJSP(pwmRequest, guestRegistrationBean);
} catch (PwmOperationalException e) {
LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
setLastError(pwmRequest, e.getErrorInformation());
this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
}
use of password.pwm.util.operations.ActionExecutor in project pwm by pwm-project.
the class DeleteAccountServlet method handleDeleteRequest.
@ActionHandler(action = "delete")
private ProcessStatus handleDeleteRequest(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final DeleteAccountProfile deleteAccountProfile = getProfile(pwmRequest);
final UserIdentity userIdentity = pwmRequest.getUserInfoIfLoggedIn();
{
// execute configured actions
final List<ActionConfiguration> actions = deleteAccountProfile.readSettingAsAction(PwmSetting.DELETE_ACCOUNT_ACTIONS);
if (actions != null && !actions.isEmpty()) {
LOGGER.debug(pwmRequest, "executing configured actions to user " + userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
try {
actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
LOGGER.error("error during user delete action execution: " + e.getMessage());
throw new PwmUnrecoverableException(e.getErrorInformation(), e.getCause());
}
}
}
// send notification
sendProfileUpdateEmailNotice(pwmRequest);
// mark the event log
pwmApplication.getAuditManager().submit(AuditEvent.DELETE_ACCOUNT, pwmRequest.getPwmSession().getUserInfo(), pwmRequest.getPwmSession());
final String nextUrl = deleteAccountProfile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
if (nextUrl != null && !nextUrl.isEmpty()) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
final String macroedUrl = macroMachine.expandMacros(nextUrl);
LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
}
// perform ldap entry delete.
if (deleteAccountProfile.readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_DELETE_USER_ENTRY)) {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(pwmRequest.getUserInfoIfLoggedIn());
try {
chaiUser.getChaiProvider().deleteEntry(chaiUser.getEntryDN());
} catch (ChaiException e) {
final PwmUnrecoverableException pwmException = PwmUnrecoverableException.fromChaiException(e);
LOGGER.error("error during user delete", pwmException);
throw pwmException;
}
}
// clear the delete bean
pwmApplication.getSessionStateService().clearBean(pwmRequest, DeleteAccountBean.class);
// delete finished, so logout and redirect.
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
pwmRequest.sendRedirectToContinue();
return ProcessStatus.Halt;
}
use of password.pwm.util.operations.ActionExecutor in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
use of password.pwm.util.operations.ActionExecutor in project pwm by pwm-project.
the class UpdateProfileUtil method doProfileUpdate.
@SuppressWarnings("checkstyle:ParameterNumber")
public static void doProfileUpdate(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final Locale locale, final UserInfo userInfo, final MacroMachine macroMachine, final UpdateProfileProfile updateProfileProfile, final Map<String, String> formValues, final ChaiUser theUser) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
final Map<FormConfiguration, String> formMap = FormUtility.readFormValuesFromMap(formValues, formFields, locale);
// verify form meets the form requirements (may be redundant, but shouldn't hurt)
verifyFormAttributes(pwmApplication, userInfo.getUserIdentity(), locale, formMap, false);
// write values.
LOGGER.info("updating profile for " + userInfo.getUserIdentity());
LdapOperationsHelper.writeFormValuesToLdap(pwmApplication, macroMachine, theUser, formMap, false);
final UserIdentity userIdentity = userInfo.getUserIdentity();
{
// execute configured actions
final List<ActionConfiguration> actions = updateProfileProfile.readSettingAsAction(PwmSetting.UPDATE_PROFILE_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
LOGGER.debug(sessionLabel, "executing configured actions to user " + userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
actionExecutor.executeActions(actions, sessionLabel);
}
}
sendProfileUpdateEmailNotice(pwmApplication, macroMachine, userInfo, locale, sessionLabel);
// success, so forward to success page
pwmApplication.getStatisticsManager().incrementValue(Statistic.UPDATE_ATTRIBUTES);
}
Aggregations