Example 46 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class WebDAVAuthManager method updateDigestPassword.
private void updateDigestPassword(Identity doer, Identity identity, String authUsername, String password, String provider, List<Authentication> authentications) {
String digestToken = authUsername + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":" + password;
Authentication authHa1 = getAndRemoveAuthentication(provider, authentications);
if (authHa1 == null) {
// create new authentication for provider OLAT
try {
dbInstance.commit();
Identity reloadedIdentity = securityManager.loadIdentityByKey(identity.getKey());
securityManager.createAndPersistAuthentication(reloadedIdentity, provider, authUsername, digestToken, Encoder.Algorithm.md5_noSalt);
log.audit(doer.getName() + " created new WebDAV (HA1) authentication for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (DBRuntimeException e) {
log.error("Cannot create digest password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
} else {
String md5DigestToken = Encoder.encrypt(digestToken, null, Encoder.Algorithm.md5_noSalt);
if (!md5DigestToken.equals(authHa1.getCredential()) || !authHa1.getAuthusername().equals(authUsername)) {
try {
authHa1.setCredential(md5DigestToken);
authHa1.setAuthusername(authUsername);
securityManager.updateAuthentication(authHa1);
log.audit(doer.getName() + " set new WebDAV (HA1) password for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (DBRuntimeException e) {
log.error("Cannot update digest password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
}
}
}
Also used :
DBRuntimeException(org.olat.core.logging.DBRuntimeException)
Authentication(org.olat.basesecurity.Authentication)
Identity(org.olat.core.id.Identity)
Example 47 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class WebDAVAuthManager method authenticate.
@Override
public Identity authenticate(Identity identity, String login, String password) {
List<String> providers = new ArrayList<>(3);
providers.add(PROVIDER_WEBDAV);
if (userModule.isEmailUnique()) {
providers.add(PROVIDER_HA1_EMAIL);
providers.add(PROVIDER_HA1_INSTITUTIONAL_EMAIL);
}
List<Authentication> authentications = null;
if (identity != null) {
authentications = securityManager.findAuthentications(identity, providers);
} else {
authentications = securityManager.findAuthenticationByAuthusername(login, providers);
}
if (authentications == null || authentications.isEmpty()) {
// fallback to standard OLAT authentication
return olatAuthenticationSpi.authenticate(identity, login, password);
}
Identity authenticatedIdentity = authentications.get(0).getIdentity();
boolean visible = securityManager.isIdentityVisible(authenticatedIdentity);
if (!visible) {
return null;
}
for (Authentication authentication : authentications) {
if (securityManager.checkCredentials(authentication, password)) {
Algorithm algorithm = Algorithm.find(authentication.getAlgorithm());
if (Algorithm.md5.equals(algorithm)) {
authentication = securityManager.updateCredentials(authentication, password, loginModule.getDefaultHashAlgorithm());
}
return authentication.getIdentity();
}
}
return null;
}
Also used :
Authentication(org.olat.basesecurity.Authentication)
ArrayList(java.util.ArrayList)
Identity(org.olat.core.id.Identity)
Algorithm(org.olat.core.util.Encoder.Algorithm)
Example 48 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class WebDAVAuthManager method updateWebDAVPassword.
private void updateWebDAVPassword(Identity doer, Identity identity, String authUsername, String password, String provider, List<Authentication> authentications) {
Authentication authentication = getAndRemoveAuthentication(provider, authentications);
if (authentication == null) {
// create new authentication for provider OLAT
try {
dbInstance.commit();
Identity reloadedIdentity = securityManager.loadIdentityByKey(identity.getKey());
securityManager.createAndPersistAuthentication(reloadedIdentity, provider, authUsername, password, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " created new WebDAV authentication for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (DBRuntimeException e) {
log.error("Cannot create webdav password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
} else {
try {
dbInstance.commit();
securityManager.updateCredentials(authentication, password, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " set new WebDAV password for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (Exception e) {
log.error("Cannot update webdav password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
}
}
Also used :
DBRuntimeException(org.olat.core.logging.DBRuntimeException)
Authentication(org.olat.basesecurity.Authentication)
Identity(org.olat.core.id.Identity)
AssertException(org.olat.core.logging.AssertException)
DBRuntimeException(org.olat.core.logging.DBRuntimeException)
Example 49 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class SendTokenToUserForm method sendToken.
private void sendToken(UserRequest ureq, String text) {
// mailer configuration
// We allow creation of password token when user has no password so far or when he as an OpenOLAT Password.
// For other cases such as Shibboleth, LDAP, oAuth etc. we don't allow creation of token as this is most
// likely not a desired action.
List<Authentication> authentications = BaseSecurityManager.getInstance().getAuthentications(user);
boolean isOOpwdAllowed = (authentications.size() == 0);
for (Authentication authentication : authentications) {
if (authentication.getProvider().equals(BaseSecurityModule.getDefaultAuthProviderIdentifier())) {
isOOpwdAllowed = true;
}
}
if (!isOOpwdAllowed) {
showWarning("sendtoken.wrong.auth");
return;
}
Preferences prefs = user.getUser().getPreferences();
Locale locale = i18nManager.getLocaleOrDefault(prefs.getLanguage());
String emailAdress = user.getUser().getProperty(UserConstants.EMAIL, locale);
String ip = ureq.getHttpReq().getRemoteAddr();
TemporaryKey tk = registrationManager.createAndDeleteOldTemporaryKey(user.getKey(), emailAdress, ip, RegistrationManager.PW_CHANGE);
if (text.indexOf(dummyKey) < 0) {
showWarning("changeuserpwd.failed");
logWarn("Can not replace temporary registration token in change pwd mail token dialog, user probably changed temporary token in mai template", null);
return;
}
String body = text.replace(dummyKey, tk.getRegistrationKey());
Translator userTrans = Util.createPackageTranslator(RegistrationManager.class, locale);
MailBundle bundle = new MailBundle();
bundle.setToId(user);
bundle.setContent(userTrans.translate("pwchange.subject"), body);
MailerResult result = mailManager.sendExternMessage(bundle, null, false);
if (result.getReturnCode() == 0) {
showInfo("email.sent");
} else {
showInfo("email.notsent");
}
}
Also used :
Locale(java.util.Locale)
Translator(org.olat.core.gui.translator.Translator)
MailerResult(org.olat.core.util.mail.MailerResult)
Authentication(org.olat.basesecurity.Authentication)
TemporaryKey(org.olat.registration.TemporaryKey)
Preferences(org.olat.core.id.Preferences)
MailBundle(org.olat.core.util.mail.MailBundle)
Example 50 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class UserAdminController method isPasswordChangesAllowed.
private boolean isPasswordChangesAllowed(Identity identity) {
Boolean canChangePwd = BaseSecurityModule.USERMANAGER_CAN_MODIFY_PWD;
if (canChangePwd.booleanValue() || isOlatAdmin) {
// of a user that has no password yet
if (ldapLoginModule.isLDAPEnabled() && ldapLoginManager.isIdentityInLDAPSecGroup(identity)) {
// it's an ldap-user
return ldapLoginModule.isPropagatePasswordChangedOnLdapServer();
}
Boolean canCreatePwd = BaseSecurityModule.USERMANAGER_CAN_CREATE_PWD;
Authentication olatAuth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
if (olatAuth != null || canCreatePwd.booleanValue() || isOlatAdmin) {
return true;
}
}
return false;
}
Also used :
Authentication(org.olat.basesecurity.Authentication)
Aggregations
Authentication (org.olat.basesecurity.Authentication)82
Identity (org.olat.core.id.Identity)46
BaseSecurity (org.olat.basesecurity.BaseSecurity)16
Test (org.junit.Test)10
RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8
AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8
URI (java.net.URI)6
ArrayList (java.util.ArrayList)6
Produces (javax.ws.rs.Produces)6
HttpResponse (org.apache.http.HttpResponse)6
SecurityGroup (org.olat.basesecurity.SecurityGroup)6
Locale (java.util.Locale)4
GET (javax.ws.rs.GET)4
HttpPut (org.apache.http.client.methods.HttpPut)4
AssertException (org.olat.core.logging.AssertException)4
DBRuntimeException (org.olat.core.logging.DBRuntimeException)4
Algorithm (org.olat.core.util.Encoder.Algorithm)4
TemporaryKey (org.olat.registration.TemporaryKey)4
ErrorVO (org.olat.restapi.support.vo.ErrorVO)4
UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4
