Example #1
0
  private void handleEnterCodeRequest(
      final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean)
      throws PwmUnrecoverableException, IOException, ServletException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final String userEnteredCode = pwmRequest.readParameterAsString(PwmConstants.PARAM_TOKEN);

    boolean tokenPassed = false;
    ErrorInformation errorInformation = null;
    try {
      final TokenPayload tokenPayload =
          pwmApplication
              .getTokenService()
              .processUserEnteredCode(
                  pwmSession, pwmRequest.getUserInfoIfLoggedIn(), null, userEnteredCode);
      if (tokenPayload != null) {
        if (TokenType.UPDATE_EMAIL.matchesName(tokenPayload.getName())) {
          LOGGER.debug(pwmRequest, "email token passed");

          updateProfileBean
              .getTokenVerificationProgress()
              .getPassedTokens()
              .add(TokenVerificationProgress.TokenChannel.EMAIL);
          updateProfileBean
              .getTokenVerificationProgress()
              .getIssuedTokens()
              .add(TokenVerificationProgress.TokenChannel.EMAIL);
          updateProfileBean.getTokenVerificationProgress().setPhase(null);
          tokenPassed = true;
        } else if (TokenType.UPDATE_SMS.matchesName(tokenPayload.getName())) {
          LOGGER.debug(pwmRequest, "SMS token passed");
          updateProfileBean
              .getTokenVerificationProgress()
              .getPassedTokens()
              .add(TokenVerificationProgress.TokenChannel.SMS);
          updateProfileBean
              .getTokenVerificationProgress()
              .getIssuedTokens()
              .add(TokenVerificationProgress.TokenChannel.SMS);
          updateProfileBean.getTokenVerificationProgress().setPhase(null);
          tokenPassed = true;
        } else {
          final String errorMsg = "token name/type is not recognized: " + tokenPayload.getName();
          errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
        }
      }
    } catch (PwmOperationalException e) {
      final String errorMsg = "token incorrect: " + e.getMessage();
      errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg);
    }

    if (!tokenPassed) {
      if (errorInformation == null) {
        errorInformation = new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT);
      }
      LOGGER.debug(pwmSession, errorInformation.toDebugStr());
      pwmRequest.setResponseError(errorInformation);
    }
  }
Example #2
0
  public static void restUploadConfig(final PwmRequest pwmRequest)
      throws PwmUnrecoverableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final HttpServletRequest req = pwmRequest.getHttpServletRequest();

    if (pwmApplication.getApplicationMode() == PwmApplication.MODE.RUNNING) {
      final String errorMsg = "config upload is not permitted when in running mode";
      final ErrorInformation errorInformation =
          new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, errorMsg, new String[] {errorMsg});
      pwmRequest.respondWithError(errorInformation, true);
      return;
    }

    if (ServletFileUpload.isMultipartContent(req)) {
      final InputStream uploadedFile = ServletHelper.readFileUpload(req, "uploadFile");
      if (uploadedFile != null) {
        try {
          final StoredConfigurationImpl storedConfig =
              StoredConfigurationImpl.fromXml(uploadedFile);
          final List<String> configErrors = storedConfig.validateValues();
          if (configErrors != null && !configErrors.isEmpty()) {
            throw new PwmOperationalException(
                new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, configErrors.get(0)));
          }
          writeConfig(ContextManager.getContextManager(req.getSession()), storedConfig);
          LOGGER.trace(pwmSession, "read config from file: " + storedConfig.toString());
          final RestResultBean restResultBean = new RestResultBean();
          restResultBean.setSuccessMessage("read message");
          pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
          req.getSession().invalidate();
        } catch (PwmException e) {
          final RestResultBean restResultBean =
              RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
          pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
          LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        }
      } else {
        final ErrorInformation errorInformation =
            new ErrorInformation(
                PwmError.CONFIG_UPLOAD_FAILURE,
                "error reading config file: no file present in upload");
        final RestResultBean restResultBean =
            RestResultBean.fromError(errorInformation, pwmRequest);
        pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
      }
    }
  }
Example #3
0
  private void restGotoStep(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
      throws PwmUnrecoverableException, IOException, ServletException {
    final String requestedStep = pwmRequest.readParameterAsString("step");
    STEP step = null;
    if (requestedStep != null && requestedStep.length() > 0) {
      try {
        step = STEP.valueOf(requestedStep);
      } catch (IllegalArgumentException e) {
        /* */
      }
    }

    final boolean ldapSchemaPermitted =
        "LDAP".equals(configGuideBean.getFormData().get(PARAM_CR_STORAGE_PREF))
            && configGuideBean.getSelectedTemplate() == PwmSettingTemplate.NOVL;

    if ("NEXT".equals(requestedStep)) {
      step = configGuideBean.getStep().next();
      if (step == STEP.LDAP_SCHEMA && !ldapSchemaPermitted) {
        step = step.next();
      }
    } else if ("PREVIOUS".equals(requestedStep)) {
      step = configGuideBean.getStep().previous();
      if (step == STEP.LDAP_SCHEMA && !ldapSchemaPermitted) {
        step = step.previous();
      }
    }

    if (step == null) {
      final String errorMsg = "unknown goto step request: " + requestedStep;
      final ErrorInformation errorInformation =
          new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg);
      final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
      LOGGER.error(pwmRequest, errorInformation.toDebugStr());
      pwmRequest.outputJsonResult(restResultBean);
      return;
    }

    if (step == STEP.FINISH) {
      final ContextManager contextManager = ContextManager.getContextManager(pwmRequest);
      try {
        writeConfig(contextManager, configGuideBean);
      } catch (PwmException e) {
        final RestResultBean restResultBean =
            RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return;
      } catch (Exception e) {
        final RestResultBean restResultBean =
            RestResultBean.fromError(
                new ErrorInformation(
                    PwmError.ERROR_UNKNOWN, "error during save: " + e.getMessage()),
                pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return;
      }
      final HashMap<String, String> resultData = new HashMap<>();
      resultData.put("serverRestart", "true");
      pwmRequest.outputJsonResult(new RestResultBean(resultData));
      pwmRequest.invalidateSession();
    } else {
      configGuideBean.setStep(step);
      pwmRequest.outputJsonResult(new RestResultBean());
      LOGGER.trace("setting current step to: " + step);
    }
  }
Example #4
0
  @Override
  protected void processAction(final PwmRequest pwmRequest)
      throws ServletException, IOException, ChaiUnavailableException, PwmUnrecoverableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();

    if ((pwmSession.getSessionBean(ConfigGuideBean.class)).getStep() == STEP.START) {
      pwmSession.clearSessionBeans();
      pwmSession.getSessionStateBean().setTheme(null);
    }

    final ConfigGuideBean configGuideBean = pwmSession.getSessionBean(ConfigGuideBean.class);

    if (pwmApplication.getApplicationMode() != PwmApplication.MODE.NEW) {
      final ErrorInformation errorInformation =
          new ErrorInformation(
              PwmError.ERROR_SERVICE_NOT_AVAILABLE, "ConfigGuide unavailable unless in NEW mode");
      LOGGER.error(pwmSession, errorInformation.toDebugStr());
      pwmRequest.respondWithError(errorInformation);
      return;
    }

    if (!configGuideBean.getFormData().containsKey(PARAM_APP_SITEURL)) {
      final URI uri = URI.create(pwmRequest.getHttpServletRequest().getRequestURL().toString());
      final int port = Helper.portForUriSchema(uri);
      final String newUri =
          uri.getScheme() + "://" + uri.getHost() + ":" + port + pwmRequest.getContextPath();
      configGuideBean.getFormData().put(PARAM_APP_SITEURL, newUri);
    }

    pwmSession.setSessionTimeout(
        pwmRequest.getHttpServletRequest().getSession(),
        Integer.parseInt(
            pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_GUIDE_IDLE_TIMEOUT)));

    if (configGuideBean.getStep() == STEP.LDAP_CERT) {
      final String ldapServerString =
          ((List<String>)
                  configGuideBean
                      .getStoredConfiguration()
                      .readSetting(PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY)
                      .toNativeObject())
              .get(0);
      try {
        final URI ldapServerUri = new URI(ldapServerString);
        if ("ldaps".equalsIgnoreCase(ldapServerUri.getScheme())) {
          configGuideBean.setLdapCertificates(X509Utils.readRemoteCertificates(ldapServerUri));
          configGuideBean.setCertsTrustedbyKeystore(
              X509Utils.testIfLdapServerCertsInDefaultKeystore(ldapServerUri));
        } else {
          configGuideBean.setLdapCertificates(null);
          configGuideBean.setCertsTrustedbyKeystore(false);
        }
      } catch (Exception e) {
        LOGGER.error("error reading/testing ldap server certificates: " + e.getMessage());
      }
    }

    final ConfigGuideAction action = readProcessAction(pwmRequest);
    if (action != null) {
      pwmRequest.validatePwmFormID();
      switch (action) {
        case ldapHealth:
          restLdapHealth(pwmRequest, configGuideBean);
          return;

        case updateForm:
          restUpdateLdapForm(pwmRequest, configGuideBean);
          return;

        case gotoStep:
          restGotoStep(pwmRequest, configGuideBean);
          return;

        case useConfiguredCerts:
          restUseConfiguredCerts(pwmRequest, configGuideBean);
          return;

        case uploadConfig:
          restUploadConfig(pwmRequest);
          return;

        case extendSchema:
          restExtendSchema(pwmRequest, configGuideBean);
          return;

        case viewAdminMatches:
          restViewAdminMatches(pwmRequest, configGuideBean);
          return;

        case browseLdap:
          restBrowseLdap(pwmRequest, configGuideBean);
      }
    }

    if (!pwmRequest.getPwmResponse().getHttpServletResponse().isCommitted()) {
      forwardToJSP(pwmRequest);
    }
  }
Example #5
0
  private void advanceToNextStep(
      final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean)
      throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();

    final String updateProfileAgreementText =
        pwmApplication
            .getConfig()
            .readSettingAsLocalizedString(
                PwmSetting.UPDATE_PROFILE_AGREEMENT_MESSAGE,
                pwmSession.getSessionStateBean().getLocale());

    if (updateProfileAgreementText != null && updateProfileAgreementText.length() > 0) {
      if (!updateProfileBean.isAgreementPassed()) {
        final MacroMachine macroMachine =
            pwmRequest
                .getPwmSession()
                .getSessionManager()
                .getMacroMachine(pwmRequest.getPwmApplication());
        final String expandedText = macroMachine.expandMacros(updateProfileAgreementText);
        pwmRequest.setAttribute(PwmConstants.REQUEST_ATTR.AgreementText, expandedText);
        pwmRequest.forwardToJsp(PwmConstants.JSP_URL.UPDATE_ATTRIBUTES_AGREEMENT);
        return;
      }
    }

    final Map<FormConfiguration, String> formValues = updateProfileBean.getFormData();
    if (!updateProfileBean.isFormSubmitted()) {
      final Map<FormConfiguration, String> formMap = updateProfileBean.getFormData();
      final List<FormConfiguration> formFields =
          pwmApplication.getConfig().readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
      FormUtility.populateFormMapFromLdap(
          formFields,
          pwmRequest.getSessionLabel(),
          formMap,
          pwmSession.getSessionManager().getUserDataReader(pwmApplication));
      forwardToForm(pwmRequest);
      return;
    }

    // make sure there is form data in the bean.
    if (updateProfileBean.getFormData() == null) {
      forwardToForm(pwmRequest);
      return;
    }

    // validate the form data.
    try {
      // verify form meets the form requirements
      verifyFormAttributes(pwmRequest, formValues, true);
    } catch (PwmOperationalException e) {
      LOGGER.error(pwmSession, e.getMessage());
      pwmRequest.setResponseError(e.getErrorInformation());
      forwardToForm(pwmRequest);
      return;
    }

    final boolean requireConfirmation =
        pwmApplication
            .getConfig()
            .readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SHOW_CONFIRMATION);
    if (requireConfirmation && !updateProfileBean.isConfirmationPassed()) {
      forwardToConfirmForm(pwmRequest);
      return;
    }

    try {
      // write the form values
      final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
      doProfileUpdate(pwmRequest, formValues, theUser);
      pwmRequest.forwardToSuccessPage(Message.Success_UpdateProfile);
      return;
    } catch (PwmException e) {
      LOGGER.error(pwmSession, e.getMessage());
      pwmRequest.setResponseError(e.getErrorInformation());
    } catch (ChaiException e) {
      final ErrorInformation errorInformation =
          new ErrorInformation(PwmError.ERROR_UPDATE_ATTRS_FAILURE, e.toString());
      LOGGER.error(pwmSession, errorInformation.toDebugStr());
      pwmRequest.setResponseError(errorInformation);
    }

    forwardToForm(pwmRequest);
  }
Example #6
0
  private void advanceToNextStep(
      final PwmRequest pwmRequest,
      final UpdateAttributesProfile updateAttributesProfile,
      final UpdateProfileBean updateProfileBean)
      throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();

    final String updateProfileAgreementText =
        updateAttributesProfile.readSettingAsLocalizedString(
            PwmSetting.UPDATE_PROFILE_AGREEMENT_MESSAGE,
            pwmSession.getSessionStateBean().getLocale());

    if (updateProfileAgreementText != null && updateProfileAgreementText.length() > 0) {
      if (!updateProfileBean.isAgreementPassed()) {
        final MacroMachine macroMachine =
            pwmRequest
                .getPwmSession()
                .getSessionManager()
                .getMacroMachine(pwmRequest.getPwmApplication());
        final String expandedText = macroMachine.expandMacros(updateProfileAgreementText);
        pwmRequest.setAttribute(PwmRequest.Attribute.AgreementText, expandedText);
        pwmRequest.forwardToJsp(PwmConstants.JSP_URL.UPDATE_ATTRIBUTES_AGREEMENT);
        return;
      }
    }

    // make sure there is form data in the bean.
    if (updateProfileBean.getFormData() == null) {
      updateProfileBean.setFormData(formDataFromLdap(pwmRequest, updateAttributesProfile));
      forwardToForm(pwmRequest, updateAttributesProfile, updateProfileBean);
      return;
    }

    if (!updateProfileBean.isFormSubmitted()) {
      forwardToForm(pwmRequest, updateAttributesProfile, updateProfileBean);
      return;
    }

    // validate the form data.
    try {
      // verify form meets the form requirements
      final List<FormConfiguration> formFields =
          updateAttributesProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
      final Map<FormConfiguration, String> formValues =
          FormUtility.readFormValuesFromMap(
              updateProfileBean.getFormData(), formFields, pwmRequest.getLocale());
      verifyFormAttributes(pwmRequest, formValues, true);
    } catch (PwmException e) {
      LOGGER.error(pwmSession, e.getMessage());
      pwmRequest.setResponseError(e.getErrorInformation());
      forwardToForm(pwmRequest, updateAttributesProfile, updateProfileBean);
      return;
    }

    final boolean requireConfirmation =
        updateAttributesProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SHOW_CONFIRMATION);
    if (requireConfirmation && !updateProfileBean.isConfirmationPassed()) {
      forwardToConfirmForm(pwmRequest, updateAttributesProfile, updateProfileBean);
      return;
    }

    final Set<TokenVerificationProgress.TokenChannel> requiredVerifications =
        determineTokenPhaseRequired(pwmRequest, updateProfileBean, updateAttributesProfile);
    if (requiredVerifications != null) {
      for (final TokenVerificationProgress.TokenChannel tokenChannel : requiredVerifications) {
        if (requiredVerifications.contains(tokenChannel)) {
          if (!updateProfileBean
              .getTokenVerificationProgress()
              .getIssuedTokens()
              .contains(tokenChannel)) {
            initializeToken(pwmRequest, updateProfileBean, tokenChannel);
          }

          if (!updateProfileBean
              .getTokenVerificationProgress()
              .getPassedTokens()
              .contains(tokenChannel)) {
            updateProfileBean.getTokenVerificationProgress().setPhase(tokenChannel);
            pwmRequest.forwardToJsp(PwmConstants.JSP_URL.UPDATE_ATTRIBUTES_ENTER_CODE);
            return;
          }
        }
      }
    }

    try {
      // write the form values
      final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
      doProfileUpdate(pwmRequest, updateProfileBean.getFormData(), theUser);
      pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateProfile);
      return;
    } catch (PwmException e) {
      LOGGER.error(pwmSession, e.getMessage());
      pwmRequest.setResponseError(e.getErrorInformation());
    } catch (ChaiException e) {
      final ErrorInformation errorInformation =
          new ErrorInformation(PwmError.ERROR_UPDATE_ATTRS_FAILURE, e.toString());
      LOGGER.error(pwmSession, errorInformation.toDebugStr());
      pwmRequest.setResponseError(errorInformation);
    }

    forwardToForm(pwmRequest, updateAttributesProfile, updateProfileBean);
  }