private static void sendProfileUpdateEmailNotice(
final PwmSession pwmSession, final PwmApplication pwmApplication)
throws PwmUnrecoverableException, ChaiUnavailableException {
final Configuration config = pwmApplication.getConfig();
final Locale locale = pwmSession.getSessionStateBean().getLocale();
final EmailItemBean configuredEmailSetting =
config.readSettingAsEmail(PwmSetting.EMAIL_UPDATEPROFILE, locale);
if (configuredEmailSetting == null) {
LOGGER.debug(
pwmSession,
"skipping send profile update email for '"
+ pwmSession.getUserInfoBean().getUserIdentity()
+ "' no email configured");
return;
}
pwmApplication
.getEmailQueue()
.submitEmail(
configuredEmailSetting,
pwmSession.getUserInfoBean(),
pwmSession.getSessionManager().getMacroMachine(pwmApplication));
}
private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, PwmUnrecoverableException {
final Configuration tempConfiguration =
new Configuration(configGuideBean.getStoredConfiguration());
final PwmApplication tempApplication =
new PwmApplication.PwmEnvironment(
tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath())
.setApplicationMode(PwmApplication.MODE.NEW)
.setInternalRuntimeInstance(true)
.setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath())
.createPwmApplication();
final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
final List<HealthRecord> records = new ArrayList<>();
final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
switch (configGuideBean.getStep()) {
case LDAP_SERVER:
{
try {
checkLdapServer(configGuideBean);
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Can not connect to remote server: " + e.getMessage()));
}
}
break;
case LDAP_ADMIN:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
if (records.isEmpty()) {
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
}
}
break;
case LDAP_CONTEXT:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, true));
if (records.isEmpty()) {
records.add(
new HealthRecord(
HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
}
try {
final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
final Collection<UserIdentity> results =
userMatchViewerFunction.discoverMatchingUsers(
pwmRequest.getPwmApplication(),
2,
configGuideBean.getStoredConfiguration(),
PwmSetting.QUERY_MATCH_PWM_ADMIN,
null);
if (results.isEmpty()) {
records.add(
new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
} else {
records.add(
new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
}
} catch (PwmException e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: "
+ e.getErrorInformation().toDebugStr()));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: " + e.getMessage()));
}
}
break;
case LDAP_TESTUSER:
{
final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER);
if (testUserValue != null && !testUserValue.isEmpty()) {
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
records.addAll(
ldapStatusChecker.doLdapTestUserCheck(
tempConfiguration, ldapProfile, tempApplication));
} else {
records.add(
new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
}
}
break;
}
HealthData jsonOutput = new HealthData();
jsonOutput.records =
password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(
records, pwmRequest.getLocale(), tempConfiguration);
jsonOutput.timestamp = new Date();
jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
final RestResultBean restResultBean = new RestResultBean();
restResultBean.setData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
}
public void initializeToken(
final PwmRequest pwmRequest,
final UpdateProfileBean updateProfileBean,
final TokenVerificationProgress.TokenChannel tokenType)
throws PwmUnrecoverableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
if (pwmApplication.getConfig().getTokenStorageMethod() == TokenStorageMethod.STORE_LDAP) {
throw new PwmUnrecoverableException(
new ErrorInformation(
PwmError.CONFIG_FORMAT_ERROR,
null,
new String[] {
"cannot generate new user tokens when storage type is configured as STORE_LDAP."
}));
}
final MacroMachine macroMachine =
pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
final Configuration config = pwmApplication.getConfig();
switch (tokenType) {
case SMS:
{
final String telephoneNumberAttribute =
pwmRequest.getConfig().readSettingAsString(PwmSetting.SMS_USER_PHONE_ATTRIBUTE);
final String toNum = updateProfileBean.getFormData().get(telephoneNumberAttribute);
final String tokenKey;
try {
final TokenPayload tokenPayload =
pwmApplication
.getTokenService()
.createTokenPayload(
TokenType.UPDATE_SMS,
Collections.<String, String>emptyMap(),
pwmRequest.getUserInfoIfLoggedIn(),
Collections.singleton(toNum));
tokenKey =
pwmApplication
.getTokenService()
.generateNewToken(tokenPayload, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
final String message =
config.readSettingAsLocalizedString(
PwmSetting.SMS_UPDATE_PROFILE_TOKEN_TEXT,
pwmSession.getSessionStateBean().getLocale());
try {
TokenService.TokenSender.sendSmsToken(
pwmApplication, null, macroMachine, toNum, message, tokenKey);
} catch (Exception e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN));
}
updateProfileBean
.getTokenVerificationProgress()
.getIssuedTokens()
.add(TokenVerificationProgress.TokenChannel.SMS);
updateProfileBean.getTokenVerificationProgress().setTokenDisplayText(toNum);
updateProfileBean
.getTokenVerificationProgress()
.setPhase(TokenVerificationProgress.TokenChannel.SMS);
}
break;
case EMAIL:
{
final EmailItemBean configuredEmailSetting =
config.readSettingAsEmail(
PwmSetting.EMAIL_UPDATEPROFILE_VERIFICATION, pwmRequest.getLocale());
final String emailAddressAttribute =
pwmRequest.getConfig().readSettingAsString(PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE);
final String toAddress = updateProfileBean.getFormData().get(emailAddressAttribute);
final String tokenKey;
try {
final TokenPayload tokenPayload =
pwmApplication
.getTokenService()
.createTokenPayload(
TokenType.UPDATE_EMAIL,
Collections.<String, String>emptyMap(),
pwmRequest.getUserInfoIfLoggedIn(),
Collections.singleton(toAddress));
tokenKey =
pwmApplication
.getTokenService()
.generateNewToken(tokenPayload, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
updateProfileBean
.getTokenVerificationProgress()
.getIssuedTokens()
.add(TokenVerificationProgress.TokenChannel.EMAIL);
updateProfileBean
.getTokenVerificationProgress()
.setPhase(TokenVerificationProgress.TokenChannel.EMAIL);
updateProfileBean.getTokenVerificationProgress().setTokenDisplayText(toAddress);
final EmailItemBean emailItemBean =
new EmailItemBean(
toAddress,
configuredEmailSetting.getFrom(),
configuredEmailSetting.getSubject(),
configuredEmailSetting.getBodyPlain().replace("%TOKEN%", tokenKey),
configuredEmailSetting.getBodyHtml().replace("%TOKEN%", tokenKey));
try {
TokenService.TokenSender.sendEmailToken(
pwmApplication, null, macroMachine, emailItemBean, toAddress, tokenKey);
} catch (Exception e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN));
}
}
break;
default:
LOGGER.error("Unimplemented token purpose: " + tokenType);
updateProfileBean.getTokenVerificationProgress().setPhase(null);
}
}
