Examples with OTPUserRecord password.pwm.util.operations.otp.OTPUserRecord used on opensource projects

Search in sources :

Example 6 with OTPUserRecord

use of password.pwm.util.operations.otp.OTPUserRecord in project pwm by pwm-project.

the class SetupOtpServlet method handleRestValidateCode.

@ActionHandler(action = "restValidateCode")
private ProcessStatus handleRestValidateCode(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final OTPUserRecord otpUserRecord = pwmSession.getUserInfo().getOtpUserRecord();
    final OtpService otpService = pwmApplication.getOtpService();
    final String bodyString = pwmRequest.readRequestBodyAsString();
    final Map<String, String> clientValues = JsonUtil.deserializeStringMap(bodyString);
    final String code = Validator.sanitizeInputValue(pwmApplication.getConfig(), clientValues.get("code"), 1024);
    try {
        final boolean passed = otpService.validateToken(pwmRequest.getSessionLabel(), pwmSession.getUserInfo().getUserIdentity(), otpUserRecord, code, false);
        final RestResultBean restResultBean = RestResultBean.withData(passed);
        LOGGER.trace(pwmSession, "returning result for restValidateCode: " + JsonUtil.serialize(restResultBean));
        pwmRequest.outputJsonResult(restResultBean);
    } catch (PwmOperationalException e) {
        final String errorMsg = "error during otp code validation: " + e.getMessage();
        LOGGER.error(pwmSession, errorMsg);
        pwmRequest.outputJsonResult(RestResultBean.fromError(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg), pwmRequest));
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) OtpService(password.pwm.util.operations.OtpService) PwmSession(password.pwm.http.PwmSession) OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord) RestResultBean(password.pwm.ws.server.RestResultBean) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 7 with OTPUserRecord

use of password.pwm.util.operations.otp.OTPUserRecord in project pwm by pwm-project.

the class SetupOtpServlet method initializeBean.

private void initializeBean(final PwmRequest pwmRequest, final SetupOtpBean otpBean) throws PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    // has pre-existing, nothing to do.
    if (otpBean.isHasPreExistingOtp()) {
        return;
    }
    final OtpService service = pwmApplication.getOtpService();
    final UserIdentity theUser = pwmSession.getUserInfo().getUserIdentity();
    // first time here
    if (otpBean.getOtpUserRecord() == null) {
        final OTPUserRecord existingUserRecord;
        try {
            existingUserRecord = service.readOTPUserConfiguration(pwmRequest.getSessionLabel(), theUser);
        } catch (ChaiUnavailableException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (existingUserRecord != null) {
            otpBean.setHasPreExistingOtp(true);
            LOGGER.trace(pwmSession, "user has existing otp record");
            return;
        }
    }
    // make a new user record.
    if (otpBean.getOtpUserRecord() == null) {
        try {
            final Configuration config = pwmApplication.getConfig();
            final SetupOtpProfile setupOtpProfile = getSetupOtpProfile(pwmRequest);
            final String identifierConfigValue = setupOtpProfile.readSettingAsString(PwmSetting.OTP_SECRET_IDENTIFIER);
            final String identifier = pwmSession.getSessionManager().getMacroMachine(pwmApplication).expandMacros(identifierConfigValue);
            final OTPUserRecord otpUserRecord = new OTPUserRecord();
            final List<String> rawRecoveryCodes = pwmApplication.getOtpService().initializeUserRecord(setupOtpProfile, otpUserRecord, pwmRequest.getSessionLabel(), identifier);
            otpBean.setOtpUserRecord(otpUserRecord);
            otpBean.setRecoveryCodes(rawRecoveryCodes);
            LOGGER.trace(pwmSession, "generated new otp record");
            if (config.isDevDebugMode()) {
                LOGGER.trace(pwmRequest, "newly generated otp record: " + JsonUtil.serialize(otpUserRecord));
            }
        } catch (Exception e) {
            final String errorMsg = "error setting up new OTP secret: " + e.getMessage();
            LOGGER.error(pwmSession, errorMsg);
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
        }
    }
}
Also used : PwmApplication(password.pwm.PwmApplication) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) SetupOtpProfile(password.pwm.config.profile.SetupOtpProfile) Configuration(password.pwm.config.Configuration) OtpService(password.pwm.util.operations.OtpService) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ErrorInformation(password.pwm.error.ErrorInformation) PwmSession(password.pwm.http.PwmSession) OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord)

Example 8 with OTPUserRecord

use of password.pwm.util.operations.otp.OTPUserRecord in project pwm by pwm-project.

the class ForgottenPasswordServlet method processEnterOtpToken.

@ActionHandler(action = "enterOtp")
private ProcessStatus processEnterOtpToken(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);
    LOGGER.debug(pwmRequest, String.format("entered OTP: %s", userEnteredCode));
    final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
    final OTPUserRecord otpUserRecord = userInfo.getOtpUserRecord();
    final boolean otpPassed;
    if (otpUserRecord != null) {
        LOGGER.info(pwmRequest, "checking entered OTP");
        try {
            // forces service to use proxy account to update (write) updated otp record if necessary.
            otpPassed = pwmRequest.getPwmApplication().getOtpService().validateToken(null, forgottenPasswordBean.getUserIdentity(), otpUserRecord, userEnteredCode, true);
            if (otpPassed) {
                StatisticsManager.incrementStat(pwmRequest, Statistic.RECOVERY_OTP_PASSED);
                LOGGER.debug(pwmRequest, "one time password validation has been passed");
                forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.OTP);
            } else {
                StatisticsManager.incrementStat(pwmRequest, Statistic.RECOVERY_OTP_FAILED);
                handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_OTP_TOKEN));
            }
        } catch (PwmOperationalException e) {
            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_OTP_TOKEN, e.getErrorInformation().toDebugStr()));
        }
    }
    return ProcessStatus.Continue;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) UserInfo(password.pwm.ldap.UserInfo) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

OTPUserRecord (password.pwm.util.operations.otp.OTPUserRecord)8 PwmOperationalException (password.pwm.error.PwmOperationalException)7 ErrorInformation (password.pwm.error.ErrorInformation)6 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4 IOException (java.io.IOException)3 PwmException (password.pwm.error.PwmException)3 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)3 PwmSession (password.pwm.http.PwmSession)3 OtpService (password.pwm.util.operations.OtpService)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PwmApplication (password.pwm.PwmApplication)2 UserIdentity (password.pwm.bean.UserIdentity)2 Configuration (password.pwm.config.Configuration)2 SetupOtpProfile (password.pwm.config.profile.SetupOtpProfile)2 RestResultBean (password.pwm.ws.server.RestResultBean)2 Instant (java.time.Instant)1 Date (java.util.Date)1 Mac (javax.crypto.Mac)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 ServletException (javax.servlet.ServletException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial