Search in sources :

Example 56 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserAuthenticationMgmtTest method deleteAuthentications.

@Test
public void deleteAuthentications() throws IOException, URISyntaxException {
    RestConnection conn = new RestConnection();
    assertTrue(conn.login("administrator", "openolat"));
    // create an authentication token
    Identity adminIdent = securityManager.findIdentityByName("administrator");
    Authentication authentication = securityManager.createAndPersistAuthentication(adminIdent, "REST-A-2", "administrator", "credentials", Encoder.Algorithm.sha512);
    assertTrue(authentication != null && authentication.getKey() != null && authentication.getKey().longValue() > 0);
    DBFactory.getInstance().intermediateCommit();
    // delete an authentication token
    URI request = UriBuilder.fromUri(getContextURI()).path("/users/administrator/auth/" + authentication.getKey()).build();
    HttpDelete method = conn.createDelete(request, MediaType.APPLICATION_XML);
    HttpResponse response = conn.execute(method);
    assertEquals(200, response.getStatusLine().getStatusCode());
    EntityUtils.consume(response.getEntity());
    Authentication refAuth = securityManager.findAuthentication(adminIdent, "REST-A-2");
    assertNull(refAuth);
    conn.shutdown();
}
Also used : HttpDelete(org.apache.http.client.methods.HttpDelete) Authentication(org.olat.basesecurity.Authentication) HttpResponse(org.apache.http.HttpResponse) Identity(org.olat.core.id.Identity) URI(java.net.URI) Test(org.junit.Test)

Example 57 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class Path method getFeedBaseUri.

/**
 * Returns a podcast base URI of the type<br>
 * http://myolat.org/olat/[podcast|blog]/[IDKEY/TOKEN]/ORESID
 *
 * @param feed
 * @param identityKey
 * @return The feed base uri for the given user (identity)
 */
public static String getFeedBaseUri(Feed feed, Identity identity, Long courseId, String nodeId) {
    BaseSecurity manager = BaseSecurityManager.getInstance();
    boolean isCourseNode = courseId != null && nodeId != null;
    final String slash = "/";
    StringBuffer uri = new StringBuffer();
    uri.append(Settings.getServerContextPathURI());
    uri.append(slash);
    uri.append(FeedMediaDispatcher.uriPrefixes.get(feed.getResourceableTypeName()));
    uri.append(slash);
    if (isCourseNode) {
        uri.append(COURSE_NODE_INDICATOR);
        uri.append(slash);
    }
    if (identity != null) {
        // The identity can be null for guests
        String idKey = identity.getKey().toString();
        Authentication authentication = manager.findAuthenticationByAuthusername(idKey, TOKEN_PROVIDER);
        if (authentication == null) {
            // Create an authentication
            String token = RandomStringUtils.randomAlphanumeric(6);
            authentication = manager.createAndPersistAuthentication(identity, TOKEN_PROVIDER, idKey, token, null);
        }
        // If the repository entry allows guest access it is public, thus not
        // private.
        boolean isPrivate = true;
        RepositoryEntry entry = RepositoryManager.getInstance().lookupRepositoryEntry(feed, false);
        if (entry != null && entry.getAccess() == RepositoryEntry.ACC_USERS_GUESTS) {
            isPrivate = false;
        }
        if (isPrivate) {
            // identity key
            uri.append(idKey);
            uri.append(slash);
            // token
            uri.append(authentication.getCredential());
            uri.append(slash);
        }
    }
    if (isCourseNode) {
        uri.append(courseId);
        uri.append(slash);
        uri.append(nodeId);
        uri.append(slash);
    }
    // feed id
    uri.append(feed.getResourceableId());
    // Append base uri delimiter. (Used to identify the root path for caching)
    uri.append("/_");
    return uri.toString();
}
Also used : Authentication(org.olat.basesecurity.Authentication) RepositoryEntry(org.olat.repository.RepositoryEntry) BaseSecurity(org.olat.basesecurity.BaseSecurity)

Example 58 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class ShibbolethDispatcher method execute.

/**
 * Main method called by OpenOLATServlet.
 * This processess all shibboleth requests.
 *
 * @param req
 * @param resp
 * @param uriPrefix
 */
@Override
public void execute(HttpServletRequest req, HttpServletResponse resp) {
    if (translator == null) {
        translator = Util.createPackageTranslator(ShibbolethDispatcher.class, I18nModule.getDefaultLocale());
    }
    if (!shibbolethModule.isEnableShibbolethLogins()) {
        throw new OLATSecurityException("Got shibboleth request but shibboleth is not enabled");
    }
    String uriPrefix = DispatcherModule.getLegacyUriPrefix(req);
    Map<String, String> attributesMap = getShibbolethAttributesFromRequest(req);
    ShibbolethAttributes shibbolethAttriutes = CoreSpringFactory.getImpl(ShibbolethAttributes.class);
    shibbolethAttriutes.init(attributesMap);
    String uid = shibbolethAttriutes.getUID();
    if (uid == null) {
        handleException(new ShibbolethException(ShibbolethException.UNIQUE_ID_NOT_FOUND, "Unable to get unique identifier for subject. Make sure you are listed in the metadata.xml file and your resources your are trying to access are available and your are allowed to see them. (Resourceregistry). "), req, resp, translator);
        return;
    }
    if (!authorization(req, resp, shibbolethAttriutes)) {
        return;
    }
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(uriPrefix, req, resp);
    } catch (NumberFormatException nfe) {
        // a 404 message must be shown -> e.g. robots correct their links.
        if (log.isDebug()) {
            log.debug("Bad Request " + req.getPathInfo());
        }
        DispatcherModule.sendBadRequest(req.getPathInfo(), resp);
        return;
    }
    Authentication auth = securityManager.findAuthenticationByAuthusername(uid, PROVIDER_SHIB);
    if (auth == null) {
        // no matching authentication...
        ShibbolethRegistrationController.putShibAttributes(req, shibbolethAttriutes);
        ShibbolethRegistrationController.putShibUniqueID(req, uid);
        redirectToShibbolethRegistration(resp);
        return;
    }
    if (ureq.getUserSession() != null) {
        // re-init the activity logger
        ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(req);
    }
    int loginStatus = AuthHelper.doLogin(auth.getIdentity(), ShibbolethDispatcher.PROVIDER_SHIB, ureq);
    if (loginStatus != AuthHelper.LOGIN_OK) {
        if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
            DispatcherModule.redirectToServiceNotAvailable(resp);
        } else {
            // error, redirect to login screen
            DispatcherModule.redirectToDefaultDispatcher(resp);
        }
        return;
    }
    // Successful login
    Identity authenticationedIdentity = ureq.getIdentity();
    userDeletionManager.setIdentityAsActiv(authenticationedIdentity);
    shibbolethManager.syncUser(authenticationedIdentity, shibbolethAttriutes);
    ureq.getUserSession().getIdentityEnvironment().addAttributes(shibbolethModule.getAttributeTranslator().translateAttributesMap(shibbolethAttriutes.toMap()));
    MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
    if (mr instanceof RedirectMediaResource) {
        RedirectMediaResource rmr = (RedirectMediaResource) mr;
        rmr.prepare(resp);
    } else {
        // error, redirect to login screen
        DispatcherModule.redirectToDefaultDispatcher(resp);
    }
}
Also used : ShibbolethAttributes(org.olat.shibboleth.manager.ShibbolethAttributes) Authentication(org.olat.basesecurity.Authentication) OLATSecurityException(org.olat.core.logging.OLATSecurityException) RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource) MediaResource(org.olat.core.gui.media.MediaResource) RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource) Identity(org.olat.core.id.Identity) UserRequest(org.olat.core.gui.UserRequest) UserRequestImpl(org.olat.core.gui.UserRequestImpl)

Example 59 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class ChangePasswordController method event.

@Override
public void event(UserRequest ureq, Controller source, Event event) {
    if (source == chPwdForm) {
        if (event == Event.DONE_EVENT) {
            String oldPwd = chPwdForm.getOldPasswordValue();
            Identity provenIdent = null;
            Authentication ldapAuthentication = securityManager.findAuthentication(ureq.getIdentity(), LDAPAuthenticationController.PROVIDER_LDAP);
            if (ldapAuthentication != null) {
                LDAPError ldapError = new LDAPError();
                // fallback to OLAT if enabled happen automatically in LDAPAuthenticationController
                String userName = ldapAuthentication.getAuthusername();
                provenIdent = ldapLoginManager.authenticate(userName, oldPwd, ldapError);
            } else if (securityManager.findAuthentication(ureq.getIdentity(), BaseSecurityModule.getDefaultAuthProviderIdentifier()) != null) {
                provenIdent = olatAuthenticationSpi.authenticate(ureq.getIdentity(), ureq.getIdentity().getName(), oldPwd);
            }
            if (provenIdent == null) {
                showError("error.password.noauth");
            } else {
                String newPwd = chPwdForm.getNewPasswordValue();
                if (olatAuthenticationSpi.changePassword(ureq.getIdentity(), provenIdent, newPwd)) {
                    fireEvent(ureq, Event.DONE_EVENT);
                    getLogger().audit("Changed password for identity." + provenIdent.getName());
                    showInfo("password.successful");
                } else {
                    showError("password.failed");
                }
            }
        } else if (event == Event.CANCELLED_EVENT) {
            removeAsListenerAndDispose(chPwdForm);
            chPwdForm = new ChangePasswordForm(ureq, getWindowControl());
            listenTo(chPwdForm);
            myContent.put("chpwdform", chPwdForm.getInitialComponent());
        }
    }
}
Also used : Authentication(org.olat.basesecurity.Authentication) LDAPError(org.olat.ldap.LDAPError) Identity(org.olat.core.id.Identity)

Example 60 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class OLATAuthManager method synchronizeOlatPasswordAndUsername.

public boolean synchronizeOlatPasswordAndUsername(Identity doer, Identity identity, String username, String newPwd) {
    Authentication auth = securityManager.findAuthentication(identity, "OLAT");
    if (auth == null) {
        // create new authentication for provider OLAT
        auth = securityManager.createAndPersistAuthentication(identity, "OLAT", username, newPwd, loginModule.getDefaultHashAlgorithm());
        log.audit(doer.getName() + " created new authenticatin for identity: " + identity.getName());
    } else {
        // update credentials
        if (!securityManager.checkCredentials(auth, newPwd)) {
            auth = securityManager.updateCredentials(auth, newPwd, loginModule.getDefaultHashAlgorithm());
        }
        if (!username.equals(auth.getAuthusername())) {
            auth.setAuthusername(username);
            auth = securityManager.updateAuthentication(auth);
        }
        log.audit(doer.getName() + " set new password for identity: " + identity.getName());
    }
    if (identity != null && StringHelper.containsNonWhitespace(username) && webDAVAuthManager != null) {
        webDAVAuthManager.changeDigestPassword(doer, identity, newPwd);
    }
    return true;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4