use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class OLATAuthManager method changeOlatPassword.
/**
* This update the OLAT and the HA1 passwords
* @param doer
* @param identity
* @param newPwd
* @return
*/
public boolean changeOlatPassword(Identity doer, Identity identity, String username, String newPwd) {
Authentication auth = securityManager.findAuthentication(identity, "OLAT");
if (auth == null) {
// create new authentication for provider OLAT
auth = securityManager.createAndPersistAuthentication(identity, "OLAT", identity.getName(), newPwd, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " created new authenticatin for identity: " + identity.getName());
} else {
auth = securityManager.updateCredentials(auth, newPwd, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " set new password for identity: " + identity.getName());
}
if (identity != null && StringHelper.containsNonWhitespace(username) && webDAVAuthManager != null) {
webDAVAuthManager.changeDigestPassword(doer, identity, newPwd);
}
return true;
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class OAuthDispatcher method login.
private void login(OAuthUser infos, OAuthRegistration registration) {
String id = infos.getId();
// has an identifier
Authentication auth = null;
if (StringHelper.containsNonWhitespace(id)) {
auth = securityManager.findAuthenticationByAuthusername(id, registration.getAuthProvider());
if (auth == null) {
String email = infos.getEmail();
if (StringHelper.containsNonWhitespace(email)) {
Identity identity = userManager.findUniqueIdentityByEmail(email);
if (identity == null) {
identity = securityManager.findIdentityByName(id);
}
if (identity != null) {
auth = securityManager.createAndPersistAuthentication(identity, registration.getAuthProvider(), id, null, null);
registration.setIdentity(identity);
} else {
log.error("OAuth Login failed, user with user name " + email + " not found.");
}
}
} else {
registration.setIdentity(auth.getIdentity());
}
}
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class WebDAVAuthManager method digestAuthentication.
public Identity digestAuthentication(String httpMethod, DigestAuthentication digestAuth) {
String username = digestAuth.getUsername();
List<String> providers = new ArrayList<>(3);
providers.add(PROVIDER_HA1);
if (userModule.isEmailUnique()) {
providers.add(PROVIDER_HA1_EMAIL);
providers.add(PROVIDER_HA1_INSTITUTIONAL_EMAIL);
}
List<Authentication> authentications = securityManager.findAuthenticationByAuthusername(username, providers);
if (authentications != null && authentications.size() > 0) {
for (Authentication authentication : authentications) {
if ("auth".equals(digestAuth.getQop())) {
String nonce = digestAuth.getNonce();
String response = digestAuth.getResponse();
String ha1 = authentication.getCredential();
String a2 = httpMethod + ":" + digestAuth.getUri();
String ha2 = Encoder.md5hash(a2);
String ver = ha1 + ":" + nonce + ":" + digestAuth.getNc() + ":" + digestAuth.getCnonce() + ":" + digestAuth.getQop() + ":" + ha2;
String verity = Encoder.md5hash(ver);
if (verity.equals(response)) {
return authentication.getIdentity();
} else if (log.isDebug()) {
// don't log as error, happens all the time with certain clients, e.g. Microsoft-WebDAV-MiniRedir
log.debug("Verity::" + verity + " doesn't equals response::" + response);
}
}
}
}
return null;
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class WebDAVAuthManager method updateDigestPassword.
private void updateDigestPassword(Identity doer, Identity identity, String authUsername, String password, String provider, List<Authentication> authentications) {
String digestToken = authUsername + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":" + password;
Authentication authHa1 = getAndRemoveAuthentication(provider, authentications);
if (authHa1 == null) {
// create new authentication for provider OLAT
try {
dbInstance.commit();
Identity reloadedIdentity = securityManager.loadIdentityByKey(identity.getKey());
securityManager.createAndPersistAuthentication(reloadedIdentity, provider, authUsername, digestToken, Encoder.Algorithm.md5_noSalt);
log.audit(doer.getName() + " created new WebDAV (HA1) authentication for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (DBRuntimeException e) {
log.error("Cannot create digest password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
} else {
String md5DigestToken = Encoder.encrypt(digestToken, null, Encoder.Algorithm.md5_noSalt);
if (!md5DigestToken.equals(authHa1.getCredential()) || !authHa1.getAuthusername().equals(authUsername)) {
try {
authHa1.setCredential(md5DigestToken);
authHa1.setAuthusername(authUsername);
securityManager.updateAuthentication(authHa1);
log.audit(doer.getName() + " set new WebDAV (HA1) password for identity: " + identity.getKey() + " (" + authUsername + ")");
} catch (DBRuntimeException e) {
log.error("Cannot update digest password with provider " + provider + " for identity:" + identity, e);
dbInstance.commit();
}
}
}
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class PersonalRSSServlet method getPersonalFeed.
/**
* Creates a personal RSS document
*
* @param pathInfo
* @return RssDocument
*/
private SyndFeed getPersonalFeed(String pathInfo) {
// pathInfo is like /personal/username/tokenid/olat.rss
int startIdName = PersonalRSSUtil.RSS_PREFIX_PERSONAL.length();
int startIdToken = pathInfo.indexOf("/", PersonalRSSUtil.RSS_PREFIX_PERSONAL.length());
String idName = pathInfo.substring(startIdName, startIdToken);
int startUselessUri = pathInfo.indexOf("/", startIdToken + 1);
String idToken = pathInfo.substring(startIdToken + 1, startUselessUri);
// ---- check integrity and user authentication ----
if (idName == null || idName.equals("")) {
return null;
}
Identity identity = BaseSecurityManager.getInstance().findIdentityByName(idName);
if (identity == null) {
// error - abort
return null;
}
// check if this is a valid authentication
Authentication auth = BaseSecurityManager.getInstance().findAuthentication(identity, PersonalRSSUtil.RSS_AUTH_PROVIDER);
if (auth == null) {
// auth provider will be generated on the fly
return null;
}
if (!auth.getCredential().equals(idToken)) {
// error - wrong authentication
return null;
}
// create rss feed for user notifications
return new PersonalRSSFeed(identity);
}
Aggregations