adn-agov-iam-project/patterns/584964c837512845d7940809_au.../recovery-preprocessing.xml

228 lines
14 KiB
XML
Raw Normal View History

2024-08-21 10:52:51 +00:00
<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<ResultCond name="default" next="${state.entry}_dispatch"/>
<Response value="AUTH_CONTINUE"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/initializeRecovery.groovy"/>
</AuthState>
<AuthState name="${state.entry}_dispatch" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
<ResultCond name="default" next="${state.exit.5}"/>
<ResultCond name="invalidUrlTicket" next="${state.exit.5}"/>
<ResultCond name="hasCode" next="${state.exit.2}"/>
<ResultCond name="cancel" next="${state.exit.2}"/>
<ResultCond name="cancel, hasCaptchaInfos" next="${state.exit.2}"/>
<ResultCond name="hasCode, hasCaptchaInfos" next="${state.exit.2}"/>
<ResultCond name="hasCaptchaInfos" next="${state.entry}_loginFactorQuestion"/>
<ResultCond name="hasCaptchaInfos, invalidUrlTicket" next="${state.entry}_enterEmail"/>
<ResultCond name="hasSessionCode, hasCaptchaInfos" next="${state.entry}_verifyUrlTicketIntro"/>
<ResultCond name="hasCaptchaInfos, continue" next="${state.exit.6}"/>
<ResultCond name="hasSessionCode" next="${state.entry}_verifyUrlTicketIntro"/>
<ResultCond name="hasCode, hasSessionCode" next="${state.exit.2}"/>
<ResultCond name="invalidUrl" next="${state.entry}_ticketInvalid"/>
2024-11-22 07:41:53 +00:00
<ResultCond name="invalidUrl, hasCode" next="${state.entry}_invalidateCode"/>
<ResultCond name="invalidUrl, hasCode, hasCaptchaInfos" next="${state.entry}_invalidateCode"/>
2024-08-21 10:52:51 +00:00
<ResultCond name="invalidUrl, hasCaptchaInfos" next="${state.entry}_ticketInvalid"/>
2024-11-22 07:41:53 +00:00
<ResultCond name="invalidUrl, invalidUrlTicket" next="${state.exit.5}"/>
<ResultCond name="invalidUrl, hasCaptchaInfos, invalidUrlTicket" next="${state.entry}_enterEmail"/>
<ResultCond name="invalidUrl, hasCode, hasCaptchaInfos, invalidUrlTicket" next="${state.entry}_enterEmail"/>
2024-08-21 10:52:51 +00:00
<Response value="AUTH_CONTINUE">
<Gui name="NoGui">
</Gui>
</Response>
<property name="condition:cancel" value="#{inargs.containsKey('cancel')}"/>
<property name="condition:hasCode" value="#{inargs.containsKey('cd')}"/>
<property name="condition:hasSessionCode" value="#{sess.get('agov.recovery.code')}"/>
2024-10-30 16:44:16 +00:00
<property name="condition:invalidUrl" value="#{!inctx.getProperty('connection.actualURL').matches('^https://[^/]*/AUTH/RECOVERY/(\\?|\\?&amp;?language=[a-z][a-z]|\\?cd=.+)?$')}"/>
2024-08-21 10:52:51 +00:00
<property name="condition:invalidUrlTicket" value="${notes:invalidUrlTicket}"/>
<property name="condition:hasCaptchaInfos" value="#{sess.get('agov.recovery.captchaSettings.puzzleUrl')}"/>
</AuthState>
<AuthState name="${state.entry}_loginFactorQuestion" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.exit.2}"/>
<ResultCond name="loginFactorYes" next="${state.entry}_reasonSelection"/>
<ResultCond name="loginFactorNo" next="${state.entry}_reasonSelection"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_questionnaire_loginfactor">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<property name="condition:loginFactorYes" value="${inargs:continue}==yes"/>
<property name="condition:loginFactorNo" value="${inargs:continue}==no"/>
</AuthState>
<AuthState name="${state.entry}_reasonSelection" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.entry}_loginFactorQuestion"/>
<ResultCond name="validReasons" next="${state.entry}_instructions"/>
<ResultCond name="invalidReasons" next="${state.entry}_noRecovery"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_questionnaire_reason_selection">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="question" type="hidden" value="${inargs:continue}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<property name="condition:validReasons" value="${inargs:continue}==yes"/>
<property name="condition:invalidReasons" value="${inargs:continue}==no"/>
</AuthState>
<AuthState name="${state.entry}_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.entry}_loginFactorQuestion"/>
<ResultCond name="continue" next="${state.entry}_enterEmail"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_questionnaire_instructions">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<property name="condition:continue" value="${inargs:continue}==continue"/>
</AuthState>
<AuthState name="${state.entry}_noRecovery" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.exit.2}"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_questionnaire_no_recovery">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
</Gui>
</Response>
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
</AuthState>
<AuthState name="${state.entry}_enterEmail" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.exit.2}"/>
<ResultCond name="verifyEmail" next="${state.entry}_saveEmail"/>
<ResultCond name="stay" next="${state.entry}_enterEmail"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_intro_email">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<GuiElem name="email" type="text" label="prompt.email" value="#{(sess.containsKey('agov.recovery.email'))?sess.get('agov.recovery.email'):inargs.getProperty('email', '')}" optional="true"/>
<GuiElem name="captchaSettings.enabled" type="hidden" value="${sess:agov.recovery.captchaSettings.enabled}" optional="true"/>
<GuiElem name="friendlyCaptchaSettings.siteKey" type="hidden" value="${sess:agov.recovery.captchaSettings.siteKey}" optional="true"/>
<GuiElem name="friendlyCaptchaSettings.puzzleUrl" type="hidden" value="${sess:agov.recovery.captchaSettings.puzzleUrl}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<property name="script" value="file:///var/opt/nevisauth/default/conf/sanitizeAndDispatchRecoveryEmailInput.groovy"/>
</AuthState>
<AuthState name="${state.entry}_saveEmail" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<ResultCond name="default" next="${state.exit.6}"/>
<Response value="AUTH_CONTINUE"/>
<property name="sess:agov.recovery.email" value="${inargs:email}"/>
</AuthState>
<AuthState name="${state.entry}_verifyUrlTicketIntro" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<ResultCond name="cancel" next="${state.failed}"/>
<ResultCond name="confirm" next="${state.entry}_verifyUrlTicket"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_start_info">
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="email" type="text" label="prompt.email" value="${sess:ch.nevis.session.loginid}" optional="true"/>
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<property name="condition:confirm" value="#{inargs.containsKey('confirm') &amp;&amp; inargs.getProperty('confirm') eq 'confirm'}"/>
</AuthState>
<AuthState name="${state.entry}_verifyUrlTicket" final="false" class="ch.nevis.idm.authstate.IdmURLTicketVerifyState">
<ResultCond name="ok" next="${state.entry}_IdmGetPropertiesStateTicket" authLevel="auth.weak"/>
<ResultCond name="tmpLocked" next="${state.entry}_invalidateCode"/>
<ResultCond name="lockWarn" next="${state.entry}_invalidateCode"/>
<ResultCond name="nowLocked" next="${state.entry}_invalidateCode"/>
<ResultCond name="locked" next="${state.entry}_invalidateCode"/>
<ResultCond name="failed" next="${state.entry}_invalidateCode"/>
<Response value="AUTH_CONTINUE">
<Gui name="NoGui"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<property name="user.ticket" value="${session:agov.recovery.code}"/>
</AuthState>
<AuthState name="${state.entry}_invalidateCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<ResultCond name="default" next="${state.entry}"/>
<Response value="AUTH_CONTINUE"/>
<property name="sess:agov.recovery.code" value=""/>
<property name="removeOnEmptyValue" value="true"/>
<property name="notes:invalidUrlTicket" value="was invalid"/>
</AuthState>
<AuthState class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" name="${state.entry}_ticketInvalid">
<Response value="AUTH_ERROR">
<Arg name="nevis.transfer.type" value="redirect"/>
<Arg name="nevis.transfer.destination" value="/AUTH/RECOVERY/"/>
</Response>
</AuthState>
<AuthState name="${state.entry}_IdmGetPropertiesStateTicket" final="false" class="ch.nevis.idm.authstate.IdmGetPropertiesState" resumeState="false">
<ResultCond name="ok" next="${state.entry}_verifyUser"/>
<ResultCond name="clientNotFound" next="${state.failed}"/>
<ResultCond name="default" next="${state.failed}"/>
<Response value="AUTH_ERROR">
<Gui name="internal_error">
<GuiElem name="transferId" type="hidden" value="${request:traceId}" optional="true"/>
</Gui>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<property name="forceDataReload" value="true"/>
<!-- Returned Attributes in SecToken -->
<property name="user.attributes" value="${param.attributes}"/>
<property name="user.properties" value="${param.properties}"/>
<property name="userExtId" value="${request:userid}"/>
<property name="chooseDefaultProfile" value="true"/>
<property name="client.name" value="${param.client.name}"/>
<property name="detaillevel.profile" value="HIGH"/>
<property name="detaillevel.role" value="HIGH"/>
<property name="detaillevel.authorization" value="HIGH"/>
<property name="detaillevel.dataroom" value="HIGH"/>
<property name="detaillevel.credential" value="HIGH"/>
</AuthState>
<AuthState name="${state.entry}_verifyUser" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<ResultCond name="ok" next="${state.exit.1}"/>
<ResultCond name="needCode" next="${state.entry}_IdmUserIdPasswordLogin"/>
<ResultCond name="error" next="${state.failed}"/>
<ResultCond name="alreadyInRecovery" next="${state.exit.3}"/>
<ResultCond name="notFullyRegistered" next="${state.exit.7}"/>
<Response value="AUTH_CONTINUE">
<Gui name="${state.entry}Dialog" label="op-onboarding.intro.title">
<GuiElem name="info" type="info" label="op-onboarding.intro.message"/>
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<GuiElem name="submit" type="button" label="continue.button.label" value="go"/>
</Gui>
</Response>
<property name="scriptTraceGroup" value="Recovery"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/recovery-preprocessing.groovy"/>
</AuthState>
<AuthState name="${state.entry}_IdmUserIdPasswordLogin" final="true" resumeState="true" class="ch.nevis.idm.authstate.IdmPasswordVerifyState">
<ResultCond name="ok" next="${state.exit.1}" authLevel="auth.weak"/>
<ResultCond name="pwChange" next="${state.entry}_IdmUserIdPasswordLogin" authLevel="auth.weak"/>
<ResultCond name="lockWarn" next="${state.entry}_IdmUserIdPasswordLogin"/>
<ResultCond name="nowLocked" next="${state.entry}_codeLocked"/>
<ResultCond name="locked" next="${state.entry}_codeLocked"/>
<ResultCond name="tmpLocked" next="${state.entry}_codeLocked"/>
<ResultCond name="failed" next="${state.entry}_IdmUserIdPasswordLogin"/>
<ResultCond name="clientNotFound" next="${state.entry}_IdmUserIdPasswordLogin"/>
<ResultCond name="disabled" next="${state.entry}_codeLocked"/>
<Response value="AUTH_CONTINUE">
<Gui name="recovery_check_code">
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<GuiElem name="code" type="pw-text" label="not-used" value="hide-input-in-logs" optional="true"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
</Gui>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<property name="user.loginType" value="LOGINID"/>
<property name="credential.type" value="contextPassword"/>
<property name="credential.context" value="RECOVERY"/>
<property name="user.password" value="#{inargs.getProperty('code').replace('-', '')}"/>
<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
<property name="client.name" value="agov"/>
</AuthState>
<AuthState name="${state.entry}_codeLocked" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" resumeState="false">
<Response value="AUTH_ERROR">
<Gui name="recovery_check_noCode">
</Gui>
</Response>
</AuthState>