Name
global.PWDChangePasswordBL
Description
No description available
Script
var PWDChangePasswordBL = Class.create();
PWDChangePasswordBL.prototype = {
credentialMgr: new SNC.PwdCredentialStoreManager(),
passwordPolicyEvaluator: SNC.PasswordPolicyEvaluator,
CHANGE_PASSWORD_MASTER_WORKFLOW: "Pwd Change - Master",
STAGE_CHANGE_PWD: "Change password",
REQUEST_TYPE: 3, // request type for Change Password
REQUEST_ACTION_TYPE: 4, // request action type for Change Password
STATUS_ERROR: 'error',
STATUS_BLOCKED: 'block',
STATUS_SUCCESS: 'success',
STATUS_PENDING: 'pending',
STATUS_FAILURE: 'failure',
CHANGE_PASSWORD_ACTION: '2',
initialize: function() {},
getProcessesForUser: function(userId) {
var processMgr = new SNC.PwdProcessManager();
var processIds = processMgr.getProcessIdsByUserId(userId);
var processes = [];
var processId;
var process;
var name;
var pwdRule;
var strengthRule;
var pwdPolicyRuleHint;
var enablePasswordPolicy;
var enableHistoryPolicy;
var hints;
for (var i = 0; i < processIds.size(); i++) {
hints = "";
pwdPolicyRuleHint = "";
processId = processIds.get(i);
process = new SNC.PwdProcess(processId);
// Skip the process if it does not support change password
if (!process.isChangePwd())
continue;
name = process.getLabel();
// prefix with domain name if plugin is active
if (GlidePluginManager.isRegistered("com.glide.domain.msp_extensions.installer"))
name = process.getDomainDisplayName() + ": " + name;
enablePasswordPolicy = this.credentialMgr.getEnablePasswordPolicy(processId);
pwdRule = this.credentialMgr.getPasswordRule(processId);
if (enablePasswordPolicy) {
var credStoreId = new SNC.PwdProcess(processId).getCredentialStoreId();
var credStore = new SNC.PwdCredentialStore(credStoreId);
enableHistoryPolicy = credStore.getEnforceHistoryPolicy();
var credStoreParams = credStore.getCredentialStoreParams();
var historyLimit = credStoreParams.get("password_history_limit");
var policyId = this.credentialMgr.getPasswordPolicyId(processId);
strengthRule = this.passwordPolicyEvaluator.getPasswordStrengthScript(policyId);
pwdPolicyRuleHint = this.passwordPolicyEvaluator.getPasswordRuleHints(policyId);
if (enableHistoryPolicy && historyLimit) {
pwdPolicyRuleHint = JSON.parse(pwdPolicyRuleHint);
pwdPolicyRuleHint.push({
"regex": "",
"hint": gs.getMessage("Previous {0} passwords must not be used", historyLimit),
"must": false
});
pwdPolicyRuleHint = JSON.stringify(pwdPolicyRuleHint);
}
} else {
strengthRule = this.credentialMgr.getStrengthRule(processId);
hints = this.credentialMgr.getPasswordRuleDesc(processId);
}
processes.push({
name: name,
procId: processId,
pwdRuleHint: hints,
pwdRule: pwdRule.replace("isPasswordValid", "isPasswordValid_" + processId),
enablePasswordStrength: this.credentialMgr.getEnablePasswordStrength(processId),
strengthRule: strengthRule.replace("calculatePasswordStrength", "calculatePasswordStrength_" + processId),
enablePasswordPolicy: enablePasswordPolicy,
pwdPolicyRuleHint: pwdPolicyRuleHint
});
}
return processes;
},
evaluatePasswordRule: function(processId, encryptedNewPassword, requestId) {
return this.credentialMgr.evaluatePasswordRuleAdvance(processId, encryptedNewPassword, requestId);
},
changePassword: function(userId, processId, newPassword, oldPassword, source) {
var process = new SNC.PwdProcess(processId);
var pwdFlowHelper = new PwdFlowHelper();
var result = {
status: this.STATUS_SUCCESS,
ctxId: '',
requestId: '',
errorMessage: '',
};
if (gs.nil(userId) || gs.nil(process))
return result;
var trackingMgr = new SNC.PwdTrackingManager();
var requestId = trackingMgr.createRequest(processId, userId, gs.getSessionID(), this.REQUEST_TYPE);
trackingMgr.updateRequestActionType(requestId, this.REQUEST_ACTION_TYPE);
if (!gs.nil(source))
trackingMgr.updateRequestSource(requestId, source);
result.requestId = requestId;
// if locked quit
if (trackingMgr.isRequestLocked(userId, processId)) {
var blockedMsg = "Cannot create request (process_id = " + processId + ", user_sys_id = " + userId + ") because the user is blocked.";
trackingMgr.createActivity(PwdConstants.TYPE_ERROR, PwdConstants.STAGE_CHANGE_PWD, blockedMsg, requestId);
// Leave request in progress state with retryCount of 0 - This way
// the next try with reuse this request and not lose one retry count.
result.status = this.STATUS_BLOCKED;
return result;
}
trackingMgr.createActivity(PwdConstants.TYPE_INFO, PwdConstants.STAGE_CHANGE_PWD, "User requested password change", requestId);
// change plain text passwords to KMF encrypted format
var passwordResetUtil = new PasswordResetUtil();
var encNewPassword = passwordResetUtil.encryptWithKMFModule(newPassword);
var encOldPassword = passwordResetUtil.encryptWithKMFModule(oldPassword);
if (this.evaluatePasswordRule(processId, encNewPassword, requestId) != "success") {
result.status = this.STATUS_FAILURE;
result.errorMessage = gs.getMessage("Invalid New Password");
return result;
}
var gr = new GlideRecord("pwd_process");
gr.get(processId);
var outputs = pwdFlowHelper.startMasterSubFlow(requestId, encNewPassword, encOldPassword, this.CHANGE_PASSWORD_ACTION);
if (outputs.is_flow == false) {
if (!gs.nil(outputs.context_id)) {
result.ctxId = outputs.context_id.sys_id;
} else {
result.errorMessage = gs.getMessage("Failed to start Password Change Workflow");
result.status = this.STATUS_FAILURE;
}
} else if (outputs.is_flow == true && outputs.status == "Error") {
result.status = this.STATUS_FAILURE;
if (!gs.nil(outputs.error_message) && outputs.error_message != 'Flow stopped executing')
result.errorMessage = outputs.error_message;
else
result.errorMessage = gs.getMessage("Change password request resulted in failure");
trackingMgr.updateRequestStatusAndRetry(requestId, -1);
trackingMgr.createActivity(PwdConstants.TYPE_ERROR, PwdConstants.STAGE_CHANGE_PWD, result.errorMessage, requestId);
} else if (outputs.is_flow == true) {
if (outputs.status == "Success") {
trackingMgr.updateRequestStatusAndRetry(requestId, 1);
trackingMgr.createActivity(PwdConstants.TYPE_INFO, PwdConstants.STAGE_CHANGE_PWD, "Password Changed Succesfully", requestId);
} else {
result.status = this.STATUS_PENDING;
gs.getSession().putProperty('async_pwd_request', 'true');
trackingMgr.updateRequestStatus(requestId, 3);
trackingMgr.createActivity(PwdConstants.TYPE_INFO, PwdConstants.STAGE_CHANGE_PWD, "Password Changed request is Pending with external system", requestId);
}
}
return result;
},
_startChangePasswordWorkflow: function(requestId, userId, encNewPassword, encOldPassword) {
var params = {
u_request_id: requestId,
u_user_id: userId,
u_new_password: encNewPassword,
u_old_password: encOldPassword
};
return PWDWorkflowHelper.startFlow(this.CHANGE_PASSWORD_MASTER_WORKFLOW, params, 'update');
},
type: 'PWDChangePasswordBL'
};
Sys ID
ff9a32f353020300f521ddeeff7b12dd