@Override
public boolean doPostUpdateCredential(
String userName, Object credential, UserStoreManager userStoreManager)
throws UserStoreException {
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
UserIdentityClaimsDO userIdentityDTO = module.load(userName, userStoreManager);
if (userIdentityDTO == null) {
userIdentityDTO = new UserIdentityClaimsDO(userName);
}
// Do not timestamp if OTP enabled.
boolean userOTPEnabled = userIdentityDTO.getOneTimeLogin();
if (config.isAuthPolicyExpirePasswordCheck()
&& !userOTPEnabled
&& (!userStoreManager.isReadOnly())) {
Calendar currentTime = Calendar.getInstance();
userIdentityDTO.setPasswordTimeStamp(Calendar.getInstance().getTimeInMillis());
try {
// Store the new timestamp after change password
module.store(userIdentityDTO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException(e.getMessage());
}
}
return true;
}
public UserIdentityClaimsDO(String userName, Map<String, String> userDataMap) {
this.userName = userName;
this.userIdentityDataMap = userDataMap;
if (userDataMap.get(UserIdentityDataStore.FAIL_LOGIN_ATTEMPTS) != null) {
setFailAttempts(Integer.parseInt(userDataMap.get(UserIdentityDataStore.FAIL_LOGIN_ATTEMPTS)));
}
if (userDataMap.get(UserIdentityDataStore.LAST_FAILED_LOGIN_ATTEMPT_TIME) != null) {
setLastFailAttemptTime(
Long.parseLong(userDataMap.get(UserIdentityDataStore.LAST_FAILED_LOGIN_ATTEMPT_TIME)));
}
if (userDataMap.get(UserIdentityDataStore.UNLOCKING_TIME) != null) {
setUnlockTime(Long.parseLong(userDataMap.get(UserIdentityDataStore.UNLOCKING_TIME)));
}
if (userDataMap.get(UserIdentityDataStore.ONE_TIME_PASSWORD) != null) {
setOneTimeLogin(
Boolean.parseBoolean(userDataMap.get(UserIdentityDataStore.ONE_TIME_PASSWORD)));
}
if (userDataMap.get(UserIdentityDataStore.PASSWORD_CHANGE_REQUIRED) != null) {
setPasswordChangeRequired(
Boolean.parseBoolean(userDataMap.get(UserIdentityDataStore.PASSWORD_CHANGE_REQUIRED)));
}
if (userDataMap.get(UserIdentityDataStore.LAST_LOGON_TIME) != null) {
setLastLogonTime(Long.parseLong(userDataMap.get(UserIdentityDataStore.LAST_LOGON_TIME)));
}
if (userDataMap.get(UserIdentityDataStore.ACCOUNT_LOCK) != null) {
setAccountLock(Boolean.parseBoolean(userDataMap.get(UserIdentityDataStore.ACCOUNT_LOCK)));
}
if (userDataMap.get(UserIdentityDataStore.PASSWORD_TIME_STAMP) != null) {
setPasswordTimeStamp(
Long.parseLong(userDataMap.get(UserIdentityDataStore.PASSWORD_TIME_STAMP)));
}
// if (userDataMap.get(UserIdentityDataStore.PASSWORD_TIME_STAMP) != null) {
//
// setPasswordTimeStamp(Long.parseLong(userDataMap.get(UserIdentityDataStore.PASSWORD_TIME_STAMP)));
// }
}
/**
* This method locks the created accounts based on the account policies or based on the account
* confirmation method being used. Two account confirmation methods are used : Temporary Password
* and Verification Code. In the case of temporary password is used the temporary password will be
* emailed to the user. In the case of verification code, the code will be emailed to the user.
* The security questions filter ad doPreAddUser will be persisted in this method.
*/
@Override
public boolean doPostAddUser(
String userName,
Object credential,
String[] roleList,
Map<String, String> claims,
String profile,
UserStoreManager userStoreManager)
throws UserStoreException {
if (log.isDebugEnabled()) {
log.debug("Post add user is called in IdentityMgtEventListener");
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
if (!config.isListenerEnable()) {
return true;
}
// reading the value from the thread local
UserIdentityClaimsDO userIdentityClaimsDO =
(UserIdentityClaimsDO) threadLocalProperties.get().get(USER_IDENTITY_DO);
if (config.isEnableUserAccountVerification()) {
// empty password account creation
if (threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
// store identity data
userIdentityClaimsDO.setAccountLock(false).setPasswordTimeStamp(System.currentTimeMillis());
try {
module.store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException("Error while doPostAddUser", e);
}
// store identity metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO
.setUserName(userName)
.setTenantId(userStoreManager.getTenantId())
.setCode((String) credential);
// try {
// UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
// } catch (IdentityException e) {
// throw new UserStoreException("Error while doPreAddUser", e);
// }
// set recovery data
RecoveryProcessor processor = new RecoveryProcessor();
VerificationBean verificationBean = new VerificationBean();
try {
verificationBean =
processor.updateConfirmationCode(1, userName, userStoreManager.getTenantId());
} catch (IdentityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// preparing a bean to send the email
UserIdentityMgtBean bean = new UserIdentityMgtBean();
bean.setUserId(userName)
.setConfirmationCode(verificationBean.getKey())
.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD)
.setEmail(claims.get(config.getAccountRecoveryClaim()));
UserRecoveryDTO recoveryDto = new UserRecoveryDTO(userName);
recoveryDto.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
recoveryDto.setNotificationType("EMAIL");
recoveryDto.setTenantId(userStoreManager.getTenantId());
recoveryDto.setConfirmationCode(verificationBean.getKey());
NotificationDataDTO notificationDto = null;
try {
notificationDto = processor.recoverWithNotification(recoveryDto);
} catch (IdentityException e) {
if (log.isDebugEnabled()) {
log.debug(e.getMessage());
}
throw new UserStoreException("Error while sending notification. " + e.getMessage());
}
if (notificationDto != null && notificationDto.isNotificationSent()) {
return true;
} else {
return false;
}
// sending email
// UserIdentityManagementUtil.notifyViaEmail(bean);
} else {
// none-empty passwords. lock account and persist
/* This scenario needs to be validated.
* userIdentityClaimsDO.setAccountLock(true)
.setPasswordTimeStamp(System.currentTimeMillis());
try {
UserIdentityManagementUtil.storeUserIdentityClaims(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException("Error while doPostAddUser", e);
}
String confirmationCode = UserIdentityManagementUtil.generateRandomConfirmationCode();
// store identity metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO.setUserName(userName).setTenantId(userStoreManager.getTenantId())
.setCode(confirmationCode);
try {
UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
} catch (IdentityException e) {
throw new UserStoreException("Error while doPostAddUser", e);
}
// sending a mail with the confirmation code
UserIdentityMgtBean bean = new UserIdentityMgtBean();
bean.setUserId(userName)
.setRecoveryType(IdentityMgtConstants.Notification.ACCOUNT_CONFORM)
.setConfirmationCode(confirmationCode);
UserIdentityManagementUtil.notifyViaEmail(bean);
return true; */
}
}
// No account recoveries are defined, no email will be sent.
if (config.isAuthPolicyAccountLockOnCreation()) {
// accounts are locked. Admin should unlock
userIdentityClaimsDO.setAccountLock(true);
userIdentityClaimsDO.setPasswordTimeStamp(System.currentTimeMillis());
try {
config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
throw new UserStoreException("Error while doPostAddUser", e);
}
}
return true;
}