private static List<UserIdentity> readAllUsersFromLdap(
final PwmApplication pwmApplication, final String searchFilter, final int maxResults)
throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException,
PwmOperationalException {
final UserSearchEngine userSearchEngine = new UserSearchEngine(pwmApplication, null);
final UserSearchEngine.SearchConfiguration searchConfiguration =
new UserSearchEngine.SearchConfiguration();
searchConfiguration.setEnableValueEscaping(false);
searchConfiguration.setSearchTimeout(
Long.parseLong(
pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT)));
if (searchFilter == null) {
searchConfiguration.setUsername("*");
} else {
searchConfiguration.setFilter(searchFilter);
}
LOGGER.debug(
PwmConstants.REPORTING_SESSION_LABEL,
"beginning UserReportService user search using parameters: "
+ (JsonUtil.serialize(searchConfiguration)));
final Map<UserIdentity, Map<String, String>> searchResults =
userSearchEngine.performMultiUserSearch(
searchConfiguration, maxResults, Collections.<String>emptyList());
LOGGER.debug(
PwmConstants.REPORTING_SESSION_LABEL,
"user search found " + searchResults.size() + " users for reporting");
final List<UserIdentity> returnList = new ArrayList<>(searchResults.keySet());
Collections.shuffle(returnList);
return returnList;
}
public void addSample(final long input) {
samples.add(new BigInteger(Long.toString(input)));
while (samples.size() > maxSamples) {
samples.remove();
}
}
public static PasswordCheckInfo checkEnteredPassword(
final PwmApplication pwmApplication,
final Locale locale,
final ChaiUser user,
final UserInfoBean userInfoBean,
final LoginInfoBean loginInfoBean,
final PasswordData password,
final PasswordData confirmPassword)
throws PwmUnrecoverableException, ChaiUnavailableException {
if (userInfoBean == null) {
throw new NullPointerException("userInfoBean cannot be null");
}
boolean pass = false;
String userMessage = "";
int errorCode = 0;
final boolean passwordIsCaseSensitive =
userInfoBean.getPasswordPolicy() == null
|| userInfoBean
.getPasswordPolicy()
.getRuleHelper()
.readBooleanValue(PwmPasswordRule.CaseSensitive);
final CachePolicy cachePolicy;
{
final long cacheLifetimeMS =
Long.parseLong(
pwmApplication
.getConfig()
.readAppProperty(AppProperty.CACHE_PWRULECHECK_LIFETIME_MS));
cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
}
if (password == null) {
userMessage =
new ErrorInformation(PwmError.PASSWORD_MISSING)
.toUserStr(locale, pwmApplication.getConfig());
} else {
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey =
user != null && userInfoBean.getUserIdentity() != null
? CacheKey.makeCacheKey(
PasswordUtility.class,
userInfoBean.getUserIdentity(),
user.getEntryDN() + ":" + password.hash())
: null;
if (pwmApplication.getConfig().isDevDebugMode()) {
LOGGER.trace("generated cacheKey for password check request: " + cacheKey);
}
try {
if (cacheService != null && cacheKey != null) {
final String cachedValue = cacheService.get(cacheKey);
if (cachedValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cachedValue)) {
pass = true;
} else {
LOGGER.trace("cache hit!");
final ErrorInformation errorInformation =
JsonUtil.deserialize(cachedValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
if (!pass) {
final PwmPasswordRuleValidator pwmPasswordRuleValidator =
new PwmPasswordRuleValidator(
pwmApplication, userInfoBean.getPasswordPolicy(), locale);
final PasswordData oldPassword =
loginInfoBean == null ? null : loginInfoBean.getUserCurrentPassword();
pwmPasswordRuleValidator.testPassword(password, oldPassword, userInfoBean, user);
pass = true;
if (cacheService != null && cacheKey != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
} catch (PwmDataValidationException e) {
errorCode = e.getError().getErrorCode();
userMessage = e.getErrorInformation().toUserStr(locale, pwmApplication.getConfig());
pass = false;
if (cacheService != null && cacheKey != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
}
}
final PasswordCheckInfo.MATCH_STATUS matchStatus =
figureMatchStatus(passwordIsCaseSensitive, password, confirmPassword);
if (pass) {
switch (matchStatus) {
case EMPTY:
userMessage =
new ErrorInformation(PwmError.PASSWORD_MISSING_CONFIRM)
.toUserStr(locale, pwmApplication.getConfig());
break;
case MATCH:
userMessage =
new ErrorInformation(PwmError.PASSWORD_MEETS_RULES)
.toUserStr(locale, pwmApplication.getConfig());
break;
case NO_MATCH:
userMessage =
new ErrorInformation(PwmError.PASSWORD_DOESNOTMATCH)
.toUserStr(locale, pwmApplication.getConfig());
break;
default:
userMessage = "";
}
}
final int strength = judgePasswordStrength(password == null ? null : password.getStringValue());
return new PasswordCheckInfo(userMessage, pass, strength, matchStatus, errorCode);
}
