예제 #1
0
  private void initTempData() throws LocalDBException, PwmUnrecoverableException {
    final String cleanFlag =
        pwmApplication.readAppAttribute(PwmApplication.AppAttribute.REPORT_CLEAN_FLAG);
    if (!"true".equals(cleanFlag)) {
      LOGGER.error(PwmConstants.REPORTING_SESSION_LABEL, "did not shut down cleanly");
      reportStatus = new ReportStatusInfo(settings.getSettingsHash());
      reportStatus.setTotal(userCacheService.size());
    } else {
      try {
        final String jsonInfo =
            pwmApplication.readAppAttribute(PwmApplication.AppAttribute.REPORT_STATUS);
        if (jsonInfo != null && !jsonInfo.isEmpty()) {
          reportStatus = JsonUtil.deserialize(jsonInfo, ReportStatusInfo.class);
        }
      } catch (Exception e) {
        LOGGER.error(
            PwmConstants.REPORTING_SESSION_LABEL,
            "error loading cached report status info into memory: " + e.getMessage());
      }
    }

    reportStatus =
        reportStatus == null
            ? new ReportStatusInfo(settings.getSettingsHash())
            : reportStatus; // safety

    final String currentSettingCache = settings.getSettingsHash();
    if (reportStatus.getSettingsHash() != null
        && !reportStatus.getSettingsHash().equals(currentSettingCache)) {
      LOGGER.error(
          PwmConstants.REPORTING_SESSION_LABEL,
          "configuration has changed, will clear cached report data");
      clear();
    }

    reportStatus.setInProgress(false);

    pwmApplication.writeAppAttribute(PwmApplication.AppAttribute.REPORT_CLEAN_FLAG, "false");
  }
예제 #2
0
  public static PasswordCheckInfo checkEnteredPassword(
      final PwmApplication pwmApplication,
      final Locale locale,
      final ChaiUser user,
      final UserInfoBean userInfoBean,
      final LoginInfoBean loginInfoBean,
      final PasswordData password,
      final PasswordData confirmPassword)
      throws PwmUnrecoverableException, ChaiUnavailableException {
    if (userInfoBean == null) {
      throw new NullPointerException("userInfoBean cannot be null");
    }

    boolean pass = false;
    String userMessage = "";
    int errorCode = 0;

    final boolean passwordIsCaseSensitive =
        userInfoBean.getPasswordPolicy() == null
            || userInfoBean
                .getPasswordPolicy()
                .getRuleHelper()
                .readBooleanValue(PwmPasswordRule.CaseSensitive);
    final CachePolicy cachePolicy;
    {
      final long cacheLifetimeMS =
          Long.parseLong(
              pwmApplication
                  .getConfig()
                  .readAppProperty(AppProperty.CACHE_PWRULECHECK_LIFETIME_MS));
      cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
    }

    if (password == null) {
      userMessage =
          new ErrorInformation(PwmError.PASSWORD_MISSING)
              .toUserStr(locale, pwmApplication.getConfig());
    } else {
      final CacheService cacheService = pwmApplication.getCacheService();
      final CacheKey cacheKey =
          user != null && userInfoBean.getUserIdentity() != null
              ? CacheKey.makeCacheKey(
                  PasswordUtility.class,
                  userInfoBean.getUserIdentity(),
                  user.getEntryDN() + ":" + password.hash())
              : null;
      if (pwmApplication.getConfig().isDevDebugMode()) {
        LOGGER.trace("generated cacheKey for password check request: " + cacheKey);
      }
      try {
        if (cacheService != null && cacheKey != null) {
          final String cachedValue = cacheService.get(cacheKey);
          if (cachedValue != null) {
            if (NEGATIVE_CACHE_HIT.equals(cachedValue)) {
              pass = true;
            } else {
              LOGGER.trace("cache hit!");
              final ErrorInformation errorInformation =
                  JsonUtil.deserialize(cachedValue, ErrorInformation.class);
              throw new PwmDataValidationException(errorInformation);
            }
          }
        }
        if (!pass) {
          final PwmPasswordRuleValidator pwmPasswordRuleValidator =
              new PwmPasswordRuleValidator(
                  pwmApplication, userInfoBean.getPasswordPolicy(), locale);
          final PasswordData oldPassword =
              loginInfoBean == null ? null : loginInfoBean.getUserCurrentPassword();
          pwmPasswordRuleValidator.testPassword(password, oldPassword, userInfoBean, user);
          pass = true;
          if (cacheService != null && cacheKey != null) {
            cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
          }
        }
      } catch (PwmDataValidationException e) {
        errorCode = e.getError().getErrorCode();
        userMessage = e.getErrorInformation().toUserStr(locale, pwmApplication.getConfig());
        pass = false;
        if (cacheService != null && cacheKey != null) {
          final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
          cacheService.put(cacheKey, cachePolicy, jsonPayload);
        }
      }
    }

    final PasswordCheckInfo.MATCH_STATUS matchStatus =
        figureMatchStatus(passwordIsCaseSensitive, password, confirmPassword);
    if (pass) {
      switch (matchStatus) {
        case EMPTY:
          userMessage =
              new ErrorInformation(PwmError.PASSWORD_MISSING_CONFIRM)
                  .toUserStr(locale, pwmApplication.getConfig());
          break;
        case MATCH:
          userMessage =
              new ErrorInformation(PwmError.PASSWORD_MEETS_RULES)
                  .toUserStr(locale, pwmApplication.getConfig());
          break;
        case NO_MATCH:
          userMessage =
              new ErrorInformation(PwmError.PASSWORD_DOESNOTMATCH)
                  .toUserStr(locale, pwmApplication.getConfig());
          break;
        default:
          userMessage = "";
      }
    }

    final int strength = judgePasswordStrength(password == null ? null : password.getStringValue());
    return new PasswordCheckInfo(userMessage, pass, strength, matchStatus, errorCode);
  }