Search in sources :

Example 6 with RestResultBean

use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.

the class HelpdeskServlet method processExecuteActionRequest.

@ActionHandler(action = "executeAction")
private ProcessStatus processExecuteActionRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final String userKey = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation).get(PwmConstants.PARAM_USERKEY);
    if (userKey == null || userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PwmConstants.PARAM_USERKEY + " parameter is missing");
        setLastError(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    LOGGER.debug(pwmRequest, "received executeAction request for user " + userIdentity.toString());
    final List<ActionConfiguration> actionConfigurations = helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_ACTIONS);
    final String requestedName = pwmRequest.readParameterAsString("name");
    ActionConfiguration action = null;
    for (final ActionConfiguration loopAction : actionConfigurations) {
        if (requestedName != null && requestedName.equals(loopAction.getName())) {
            action = loopAction;
            break;
        }
    }
    if (action == null) {
        final String errorMsg = "request to execute unknown action: " + requestedName;
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.debug(pwmRequest, errorInformation.toDebugStr());
        final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
    // check if user should be seen by actor
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
    try {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final ChaiUser chaiUser = useProxy ? pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity) : pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication(), userIdentity);
        final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
        final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmRequest.getPwmApplication(), chaiUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
        actionExecutor.executeAction(action, pwmRequest.getSessionLabel());
        // mark the event log
        {
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_ACTION, pwmSession.getUserInfo().getUserIdentity(), action.getName(), userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
        final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest.getLocale(), pwmRequest.getConfig(), Message.Success_Action, action.getName());
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmRequest, e.getErrorInformation().toDebugStr());
        final RestResultBean restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
}
Also used : ActionExecutor(password.pwm.util.operations.ActionExecutor) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) MacroMachine(password.pwm.util.macro.MacroMachine) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) PwmSession(password.pwm.http.PwmSession) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 7 with RestResultBean

use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.

the class HelpdeskServlet method restValidateOtpCodeRequest.

@ActionHandler(action = "validateOtpCode")
private ProcessStatus restValidateOtpCodeRequest(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException, ChaiUnavailableException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Instant startTime = Instant.now();
    final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), HelpdeskVerificationRequestBean.class);
    final String userKey = helpdeskVerificationRequestBean.getUserKey();
    if (userKey == null || userKey.isEmpty()) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    if (!helpdeskProfile.readOptionalVerificationMethods().contains(IdentityVerificationMethod.OTP)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password otp verification request, but otp verify is not enabled");
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    final String code = helpdeskVerificationRequestBean.getCode();
    final OTPUserRecord otpUserRecord = pwmRequest.getPwmApplication().getOtpService().readOTPUserConfiguration(pwmRequest.getSessionLabel(), userIdentity);
    try {
        final boolean passed = pwmRequest.getPwmApplication().getOtpService().validateToken(pwmRequest.getSessionLabel(), userIdentity, otpUserRecord, code, false);
        final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
        if (passed) {
            final PwmSession pwmSession = pwmRequest.getPwmSession();
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_OTP, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
            StatisticsManager.incrementStat(pwmRequest, Statistic.HELPDESK_VERIFY_OTP);
            verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.OTP);
        } else {
            final PwmSession pwmSession = pwmRequest.getPwmSession();
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_OTP_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
        // add a delay to prevent continuous checks
        final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
        while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
            JavaHelper.pause(100);
        }
        final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
        final RestResultBean restResultBean = RestResultBean.withData(responseBean);
        pwmRequest.outputJsonResult(restResultBean);
    } catch (PwmOperationalException e) {
        pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
    }
    return ProcessStatus.Halt;
}
Also used : Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) PwmSession(password.pwm.http.PwmSession) OTPUserRecord(password.pwm.util.operations.otp.OTPUserRecord) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 8 with RestResultBean

use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.

the class HelpdeskServlet method restValidateAttributes.

@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Instant startTime = Instant.now();
    final String bodyString = pwmRequest.readRequestBodyAsString();
    final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
    boolean passed = false;
    {
        final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
        if (verificationForms == null || verificationForms.isEmpty()) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
            throw new PwmUnrecoverableException(errorInformation);
        }
        final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
        final ChaiUser chaiUser;
        try {
            chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
        int successCount = 0;
        for (final FormConfiguration formConfiguration : verificationForms) {
            final String name = formConfiguration.getName();
            final String suppliedValue = bodyMap.get(name);
            try {
                if (chaiUser.compareStringAttribute(name, suppliedValue)) {
                    successCount++;
                }
            } catch (ChaiException e) {
                LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
            }
        }
        if (successCount == verificationForms.size()) {
            passed = true;
        }
    }
    final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
    if (passed) {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
    } else {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
    }
    // add a delay to prevent continuous checks
    final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
    while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
        JavaHelper.pause(100);
    }
    final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
    final RestResultBean restResultBean = RestResultBean.withData(responseBean);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) List(java.util.List) ArrayList(java.util.ArrayList) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmSession(password.pwm.http.PwmSession) Map(java.util.Map) HashMap(java.util.HashMap) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 9 with RestResultBean

use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.

the class HelpdeskServlet method restSearchRequest.

@ActionHandler(action = "search")
private ProcessStatus restSearchRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Map<String, String> valueMap = pwmRequest.readBodyAsJsonStringMap();
    final String username = valueMap.get("username");
    final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
    final List<FormConfiguration> searchForm = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_SEARCH_FORM);
    final int maxResults = (int) helpdeskProfile.readSettingAsLong(PwmSetting.HELPDESK_RESULT_LIMIT);
    if (username == null || username.isEmpty()) {
        final HelpdeskSearchResultsBean emptyResults = new HelpdeskSearchResultsBean();
        emptyResults.setSearchResults(new ArrayList<>());
        emptyResults.setSizeExceeded(false);
        final RestResultBean restResultBean = RestResultBean.withData(emptyResults);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
    final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
    final SearchConfiguration searchConfiguration;
    {
        final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
        builder.contexts(helpdeskProfile.readSettingAsStringArray(PwmSetting.HELPDESK_SEARCH_BASE));
        builder.enableContextValidation(false);
        builder.username(username);
        builder.enableValueEscaping(false);
        builder.filter(HelpdeskServletUtil.getSearchFilter(pwmRequest.getConfig(), helpdeskProfile));
        builder.enableSplitWhitespace(true);
        if (!useProxy) {
            final UserIdentity loggedInUser = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
            builder.ldapProfile(loggedInUser.getLdapProfileID());
            builder.chaiProvider(getChaiUser(pwmRequest, helpdeskProfile, loggedInUser).getChaiProvider());
        }
        searchConfiguration = builder.build();
    }
    final UserSearchResults results;
    final boolean sizeExceeded;
    try {
        final Locale locale = pwmRequest.getLocale();
        results = userSearchEngine.performMultiUserSearchFromForm(locale, searchConfiguration, maxResults, searchForm, pwmRequest.getSessionLabel());
        sizeExceeded = results.isSizeExceeded();
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInformation = e.getErrorInformation();
        LOGGER.error(pwmRequest, errorInformation);
        final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
    final HelpdeskSearchResultsBean outputData = new HelpdeskSearchResultsBean();
    outputData.setSearchResults(results.resultsAsJsonOutput(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn()));
    outputData.setSizeExceeded(sizeExceeded);
    final RestResultBean restResultBean = RestResultBean.withData(outputData);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : Locale(java.util.Locale) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) UserSearchResults(password.pwm.ldap.search.UserSearchResults) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) FormConfiguration(password.pwm.config.value.data.FormConfiguration) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 10 with RestResultBean

use of password.pwm.ws.server.RestResultBean in project pwm by pwm-project.

the class HelpdeskServlet method processRandomPasswordAction.

@ActionHandler(action = "randomPassword")
private ProcessStatus processRandomPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final RestRandomPasswordServer.JsonInput input = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestRandomPasswordServer.JsonInput.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(input.getUsername(), pwmRequest.getPwmApplication());
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
    final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
    final RandomPasswordGenerator.RandomGeneratorConfig.RandomGeneratorConfigBuilder randomConfigBuilder = RandomPasswordGenerator.RandomGeneratorConfig.builder();
    randomConfigBuilder.passwordPolicy(userInfo.getPasswordPolicy());
    final RandomPasswordGenerator.RandomGeneratorConfig randomConfig = randomConfigBuilder.build();
    final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getPwmSession().getLabel(), randomConfig, pwmRequest.getPwmApplication());
    final RestRandomPasswordServer.JsonOutput jsonOutput = new RestRandomPasswordServer.JsonOutput();
    jsonOutput.setPassword(randomPassword.getStringValue());
    final RestResultBean restResultBean = RestResultBean.withData(jsonOutput);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) UserInfo(password.pwm.ldap.UserInfo) RestRandomPasswordServer(password.pwm.ws.server.rest.RestRandomPasswordServer) ChaiUser(com.novell.ldapchai.ChaiUser) PasswordData(password.pwm.util.PasswordData) RandomPasswordGenerator(password.pwm.util.RandomPasswordGenerator) RestResultBean(password.pwm.ws.server.RestResultBean)

Aggregations

RestResultBean (password.pwm.ws.server.RestResultBean)63 ErrorInformation (password.pwm.error.ErrorInformation)27 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)21 UserIdentity (password.pwm.bean.UserIdentity)16 PwmException (password.pwm.error.PwmException)16 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)15 Instant (java.time.Instant)14 PwmOperationalException (password.pwm.error.PwmOperationalException)14 HashMap (java.util.HashMap)11 LinkedHashMap (java.util.LinkedHashMap)11 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10 IOException (java.io.IOException)10 PwmApplication (password.pwm.PwmApplication)10 PwmSession (password.pwm.http.PwmSession)10 ConfigManagerBean (password.pwm.http.bean.ConfigManagerBean)9 ArrayList (java.util.ArrayList)8 ServletException (javax.servlet.ServletException)8 UserInfo (password.pwm.ldap.UserInfo)8 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)8 HelpdeskAuditRecord (password.pwm.svc.event.HelpdeskAuditRecord)8