Examples with OtpService - password.pwm.util.operations.OtpService

Example 6 with OtpService

use of password.pwm.util.operations.OtpService in project pwm by pwm-project.

the class SetupOtpServlet method initializeBean.

private void initializeBean(final PwmRequest pwmRequest, final SetupOtpBean otpBean) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    // has pre-existing, nothing to do.
    if (otpBean.isHasPreExistingOtp()) {
        return;
    }
    final OtpService service = pwmApplication.getOtpService();
    final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
    // first time here
    if (otpBean.getOtpUserRecord() == null) {
        final OTPUserRecord existingUserRecord;
        try {
            existingUserRecord = service.readOTPUserConfiguration(pwmRequest.getSessionLabel(), theUser);
        } catch (ChaiUnavailableException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (existingUserRecord != null) {
            otpBean.setHasPreExistingOtp(true);
            LOGGER.trace(pwmSession, "user has existing otp record");
            return;
        }
    }
    // make a new user record.
    if (otpBean.getOtpUserRecord() == null) {
        try {
            final Configuration config = pwmApplication.getConfig();
            final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
            final String identifierConfigValue = setupOtpProfile.readSettingAsString(PwmSetting.OTP_SECRET_IDENTIFIER);
            final String identifier = pwmSession.getSessionManager().getMacroMachine(pwmApplication).expandMacros(identifierConfigValue);
            final OTPUserRecord otpUserRecord = new OTPUserRecord();
            final List<String> rawRecoveryCodes = pwmApplication.getOtpService().initializeUserRecord(setupOtpProfile, otpUserRecord, pwmRequest.getSessionLabel(), identifier);
            otpBean.setOtpUserRecord(otpUserRecord);
            otpBean.setRecoveryCodes(rawRecoveryCodes);
            LOGGER.trace(pwmSession, "generated new otp record");
            if (config.isDevDebugMode()) {
                LOGGER.trace(pwmRequest, "newly generated otp record: " + JsonUtil.serialize(otpUserRecord));
            }
        } catch (Exception e) {
            final String errorMsg = "error setting up new OTP secret: " + e.getMessage();
            LOGGER.error(pwmSession, errorMsg);
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
        }
    }
}

Also used : PwmApplication(password.pwm.PwmApplication) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) SetupOtpProfile(password.pwm.config.profile.SetupOtpProfile) Configuration(password.pwm.config.Configuration) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ErrorInformation(password.pwm.error.ErrorInformation) PwmSession(password.pwm.http.PwmSession) OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)

Example 7 with OtpService

use of password.pwm.util.operations.OtpService in project pwm by pwm-project.

the class SetupOtpServlet method nextStep.

@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException {
    final SetupOtpBean otpBean = getSetupOtpBean(pwmRequest);
    if (otpBean.isHasPreExistingOtp()) {
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_EXISTING);
        return;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    if (otpBean.isConfirmed()) {
        final OtpService otpService = pwmApplication.getOtpService();
        final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
        try {
            otpService.writeOTPUserConfiguration(pwmSession, theUser, otpBean.getOtpUserRecord());
            otpBean.setWritten(true);
            // Update the current user info bean, so the user can check the code right away
            pwmSession.reloadUserInfoBean(pwmApplication);
            // mark the event log
            final UserAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createUserAuditRecord(AuditEvent.SET_OTP_SECRET, pwmSession.getUserInfo(), pwmSession);
            pwmApplication.getAuditManager().submit(auditRecord);
            if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
                pwmApplication.getStatisticsManager().incrementValue(Statistic.SETUP_OTP_SECRET);
            }
        } catch (Exception e) {
            final ErrorInformation errorInformation;
            if (e instanceof PwmException) {
                errorInformation = ((PwmException) e).getErrorInformation();
            } else {
                errorInformation = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp secret: " + e.getMessage());
            }
            LOGGER.error(pwmSession, errorInformation.toDebugStr());
            setLastError(pwmRequest, errorInformation);
        }
    }
    if (otpBean.isCodeSeen()) {
        if (otpBean.isWritten()) {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_SUCCESS);
        } else {
            pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET_TEST);
        }
    } else {
        final String qrCodeValue = makeQrCodeDataImageUrl(pwmRequest, otpBean.getOtpUserRecord());
        pwmRequest.setAttribute(PwmRequestAttribute.SetupOtp_QrCodeValue, qrCodeValue);
        pwmRequest.forwardToJsp(JspUrl.SETUP_OTP_SECRET);
    }
}

Also used : PwmException(password.pwm.error.PwmException) UserAuditRecord(password.pwm.svc.event.UserAuditRecord) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) SetupOtpBean(password.pwm.http.bean.SetupOtpBean) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmSession(password.pwm.http.PwmSession) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)

Aggregations

PwmOperationalException (password.pwm.error.PwmOperationalException)7 OtpService (password.pwm.util.operations.OtpService)7 ErrorInformation (password.pwm.error.ErrorInformation)6 PwmApplication (password.pwm.PwmApplication)5 PwmSession (password.pwm.http.PwmSession)5 UserIdentity (password.pwm.bean.UserIdentity)4 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)3 SetupOtpBean (password.pwm.http.bean.SetupOtpBean)3 OTPUserRecord (password.pwm.util.operations.otp.OTPUserRecord)3 IOException (java.io.IOException)2 ServletException (javax.servlet.ServletException)2 PwmException (password.pwm.error.PwmException)2 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)2 RestResultBean (password.pwm.ws.server.RestResultBean)2 Configuration (password.pwm.config.Configuration)1 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)1 SetupOtpProfile (password.pwm.config.profile.SetupOtpProfile)1 PwmError (password.pwm.error.PwmError)1 HelpdeskAuditRecord (password.pwm.svc.event.HelpdeskAuditRecord)1