use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.
the class HelpdeskServlet method restCheckVerification.
@ActionHandler(action = "checkVerification")
private ProcessStatus restCheckVerification(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Map<String, String> bodyMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
final UserIdentity userIdentity = HelpdeskServletUtil.userIdentityFromMap(pwmRequest, bodyMap);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final String rawVerificationStr = bodyMap.get(HelpdeskVerificationStateBean.PARAMETER_VERIFICATION_STATE_KEY);
final HelpdeskVerificationStateBean state = HelpdeskVerificationStateBean.fromClientString(pwmRequest, rawVerificationStr);
final boolean passed = HelpdeskServletUtil.checkIfRequiredVerificationPassed(userIdentity, state, helpdeskProfile);
final HashMap<String, Object> results = new HashMap<>();
results.put("passed", passed);
final RestResultBean restResultBean = RestResultBean.withData(results);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.
the class HelpdeskServlet method restClearResponsesHandler.
@ActionHandler(action = "clearResponses")
private ProcessStatus restClearResponsesHandler(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException, ChaiUnavailableException, PwmOperationalException {
final UserIdentity userIdentity;
try {
userIdentity = readUserKeyRequestParameter(pwmRequest);
} catch (PwmUnrecoverableException e) {
pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation()));
return ProcessStatus.Halt;
}
final HelpdeskProfile helpdeskProfile = pwmRequest.getPwmSession().getSessionManager().getHelpdeskProfile(pwmRequest.getPwmApplication());
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
{
final boolean buttonEnabled = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_CLEAR_RESPONSES_BUTTON);
final HelpdeskClearResponseMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_CLEAR_RESPONSES, HelpdeskClearResponseMode.class);
if (!buttonEnabled && (mode == HelpdeskClearResponseMode.no)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_CLEAR_RESPONSES_BUTTON.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must be enabled or setting " + PwmSetting.HELPDESK_CLEAR_RESPONSES.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + "must be set to yes or ask"));
}
}
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession().getLabel(), userIdentity, true);
final CrService crService = pwmRequest.getPwmApplication().getCrService();
crService.clearResponses(pwmRequest.getPwmSession().getLabel(), userIdentity, chaiUser, userGUID);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest.getPwmApplication(), pwmRequest.getPwmSession()).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getPwmSession().getSessionStateBean().getSrcAddress(), pwmRequest.getPwmSession().getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.
the class HelpdeskServlet method restVerifyVerificationTokenRequest.
@ActionHandler(action = "verifyVerificationToken")
private ProcessStatus restVerifyVerificationTokenRequest(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final Instant startTime = Instant.now();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), HelpdeskVerificationRequestBean.class);
final String token = helpdeskVerificationRequestBean.getCode();
final SecureService secureService = pwmRequest.getPwmApplication().getSecureService();
final HelpdeskVerificationRequestBean.TokenData tokenData = secureService.decryptObject(helpdeskVerificationRequestBean.getTokenData(), HelpdeskVerificationRequestBean.TokenData.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
if (tokenData == null || tokenData.getIssueDate() == null || tokenData.getToken() == null || tokenData.getToken().isEmpty()) {
final String errorMsg = "token data is corrupted";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg));
}
final TimeDuration maxTokenAge = new TimeDuration(Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_TOKEN_MAX_AGE)) * 1000);
final Date maxTokenAgeTimestamp = new Date(System.currentTimeMillis() - maxTokenAge.getTotalMilliseconds());
if (tokenData.getIssueDate().before(maxTokenAgeTimestamp)) {
final String errorMsg = "token is older than maximum issue time (" + maxTokenAge.asCompactString() + ")";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_TOKEN_EXPIRED, errorMsg));
}
final boolean passed = tokenData.getToken().equals(token);
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_TOKEN, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.TOKEN);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_TOKEN_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.
the class HelpdeskServlet method restClientData.
@ActionHandler(action = "clientData")
private ProcessStatus restClientData(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final HelpdeskClientDataBean returnValues = HelpdeskClientDataBean.fromConfig(helpdeskProfile, pwmRequest.getLocale());
final RestResultBean restResultBean = RestResultBean.withData(returnValues);
LOGGER.trace(pwmRequest, "returning clientData: " + JsonUtil.serialize(restResultBean));
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.
the class HelpdeskServlet method processCheckPasswordAction.
@ActionHandler(action = "checkPassword")
private ProcessStatus processCheckPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final RestCheckPasswordServer.JsonInput jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestCheckPasswordServer.JsonInput.class);
final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final ChaiUser chaiUser = getChaiUser(pwmRequest, getHelpdeskProfile(pwmRequest), userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
{
final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
if (mode == HelpdeskUIMode.none) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
}
}
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = PasswordUtility.checkEnteredPassword(pwmRequest.getPwmApplication(), pwmRequest.getLocale(), chaiUser, userInfo, null, PasswordData.forStringValue(jsonInput.getPassword1()), PasswordData.forStringValue(jsonInput.getPassword2()));
final RestCheckPasswordServer.JsonOutput jsonResponse = RestCheckPasswordServer.JsonOutput.fromPasswordCheckInfo(passwordCheckInfo);
final RestResultBean restResultBean = RestResultBean.withData(jsonResponse);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Aggregations