예제 #1
0
  /**
   * This method is used to check if the user has provided answers for all the password/passphrase
   * reset questions.
   */
  private int setResetQuestions() throws Exception {
    if (user == null) {
      replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("userNotExists.message"));
      return MODULE_ENTRY_POINT;
    }
    if (!user.isActive()) {
      replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("userNotActive.message"));
      return MODULE_ENTRY_POINT;
    }

    PWResetModelImpl resetModel = new PWResetModelImpl();
    resetModel.populateLockoutValues(user.getRealm());
    resetLockout = new PWResetAccountLockout(resetModel);

    if (resetLockout.isLockout(user.getUniversalId())) {
      replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("lockoutMsg.message"));
      return MODULE_ENTRY_POINT;
    }

    Map<String, String> qaMap = new HashMap<String, String>();
    PasswordResetOptionsModel model = new PasswordResetOptionsModel(getHttpServletRequest(), null);
    List<PasswordResetOptionsData> answers_ = model.getUserAnswers(user);
    List<PasswordResetOptionsData> answers = new ArrayList<PasswordResetOptionsData>();

    for (PasswordResetOptionsData ans : answers_) {
      if (ans.getDataStatus() == PasswordResetOptionsData.DEFAULT_ON
          && StringUtils.isNotEmpty(ans.getAnswer())) answers.add(ans);
    }

    if (answers == null || answers.size() == 0) {
      replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("noQuestions.message"));
      return MODULE_ENTRY_POINT;
    }

    Collections.shuffle(answers);
    int maxQuestions =
        new UMUserPasswordResetOptionsModelImpl()
            .getMaxNumQuestions(DNMapper.orgNameToRealmName(user.getRealm()));
    if (answers.size() > maxQuestions) answers = answers.subList(0, maxQuestions);

    int i = 0;
    for (PasswordResetOptionsData qn : answers) {
      replaceCallback(2, i++, new NameCallback(qn.getQuestion()));
      qaMap.put(qn.getQuestion(), qn.getAnswer());
    }
    sharedState.put("QAMap", qaMap);
    return MODULE_VALIDATE_ANSWERS;
  }
예제 #2
0
  /**
   * This method is used to validate the security answers and on on successful validation, it resets
   * the password and sends a mail to the user with the generated password.
   *
   * @param callbacks
   * @return
   * @throws Exception
   */
  private int validateAnswers(Callback[] callbacks) throws Exception {
    for (Callback callback_ : callbacks) {
      if (callback_ instanceof NameCallback) {
        NameCallback callback = (NameCallback) callback_;
        if (StringUtils.isEmpty(callback.getName())) {
          replaceHeader(MODULE_VALIDATE_ANSWERS, getLocalizedString("missingAnswer.message"));
          return MODULE_VALIDATE_ANSWERS;
        }
      }
    }
    Map<String, String> qaMap = (Map<String, String>) sharedState.get("QAMap");
    for (Callback callback_ : callbacks) {
      if (callback_ instanceof NameCallback) {
        NameCallback callback = (NameCallback) callback_;
        if (!qaMap.get(callback.getPrompt()).equals(callback.getName().trim())) {
          resetLockout.invalidAnswer(user);
          debug.error("Invalid password reset answers provided for " + user.getUniversalId());
          int warningCount = resetLockout.getWarnUserCount(user.getUniversalId());
          if (warningCount < 0) {
            replaceHeader(
                MODULE_SUCCESS_MSG,
                "<font color=\"red\">" + getLocalizedString("lockoutMsg.message") + "</font>");
            return MODULE_SUCCESS_MSG;
          } else if (warningCount > 0) {
            replaceHeader(
                MODULE_VALIDATE_ANSWERS,
                MessageFormat.format(
                    getLocalizedString("lockoutWarning.message"), new Object[] {warningCount}));
            return MODULE_VALIDATE_ANSWERS;
          } else {
            replaceHeader(MODULE_VALIDATE_ANSWERS, getLocalizedString("wrongAnswer.message"));
            return MODULE_VALIDATE_ANSWERS;
          }
        }
      }
    }
    resetLockout.removeUserLockoutEntry(user.getUniversalId());
    String resetPassword = new RandomPasswordGenerator().generatePassword(user);

    // ensure the random generated password meets the password criteria
    while (!isValidPWD(resetPassword))
      resetPassword = new RandomPasswordGenerator().generatePassword(user);

    Map<String, Set> attrMap = new HashMap<String, Set>();
    Set<String> attribVals = new HashSet<String>();
    attribVals.add(resetPassword);
    attrMap.put(
        CommonUtilities.getProperty(PassphraseConstants.USER_PASSWORD_ATTRIBUTE), attribVals);

    // Enable the force password reset flag
    Set<String> passwordResetFlag = new HashSet<String>();
    passwordResetFlag.add("true");
    attrMap.put(
        CommonUtilities.getProperty(PassphraseConstants.USER_PASSWORD_RESET_FLAG_ATTRIBUTE),
        passwordResetFlag);

    user.setAttributes(attrMap);
    user.store();

    debug.message("Password has been reset for the user: "******"emailNotify.message"));
    } catch (Exception e) {
      debug.error("Error sending password reset mail:", e);
      replaceHeader(MODULE_SUCCESS_MSG, getLocalizedString("sendEmailFailed.message"));
    }
    return MODULE_SUCCESS_MSG;
  }