Search in sources :

Example 61 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class OLATAuthManager method changeOlatPassword.

/**
 * This update the OLAT and the HA1 passwords
 * @param doer
 * @param identity
 * @param newPwd
 * @return
 */
public boolean changeOlatPassword(Identity doer, Identity identity, String username, String newPwd) {
    Authentication auth = securityManager.findAuthentication(identity, "OLAT");
    if (auth == null) {
        // create new authentication for provider OLAT
        auth = securityManager.createAndPersistAuthentication(identity, "OLAT", identity.getName(), newPwd, loginModule.getDefaultHashAlgorithm());
        log.audit(doer.getName() + " created new authenticatin for identity: " + identity.getName());
    } else {
        auth = securityManager.updateCredentials(auth, newPwd, loginModule.getDefaultHashAlgorithm());
        log.audit(doer.getName() + " set new password for identity: " + identity.getName());
    }
    if (identity != null && StringHelper.containsNonWhitespace(username) && webDAVAuthManager != null) {
        webDAVAuthManager.changeDigestPassword(doer, identity, newPwd);
    }
    return true;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Example 62 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class OAuthDispatcher method login.

private void login(OAuthUser infos, OAuthRegistration registration) {
    String id = infos.getId();
    // has an identifier
    Authentication auth = null;
    if (StringHelper.containsNonWhitespace(id)) {
        auth = securityManager.findAuthenticationByAuthusername(id, registration.getAuthProvider());
        if (auth == null) {
            String email = infos.getEmail();
            if (StringHelper.containsNonWhitespace(email)) {
                Identity identity = userManager.findUniqueIdentityByEmail(email);
                if (identity == null) {
                    identity = securityManager.findIdentityByName(id);
                }
                if (identity != null) {
                    auth = securityManager.createAndPersistAuthentication(identity, registration.getAuthProvider(), id, null, null);
                    registration.setIdentity(identity);
                } else {
                    log.error("OAuth Login failed, user with user name " + email + " not found.");
                }
            }
        } else {
            registration.setIdentity(auth.getIdentity());
        }
    }
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Example 63 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManager method digestAuthentication.

public Identity digestAuthentication(String httpMethod, DigestAuthentication digestAuth) {
    String username = digestAuth.getUsername();
    List<String> providers = new ArrayList<>(3);
    providers.add(PROVIDER_HA1);
    if (userModule.isEmailUnique()) {
        providers.add(PROVIDER_HA1_EMAIL);
        providers.add(PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    }
    List<Authentication> authentications = securityManager.findAuthenticationByAuthusername(username, providers);
    if (authentications != null && authentications.size() > 0) {
        for (Authentication authentication : authentications) {
            if ("auth".equals(digestAuth.getQop())) {
                String nonce = digestAuth.getNonce();
                String response = digestAuth.getResponse();
                String ha1 = authentication.getCredential();
                String a2 = httpMethod + ":" + digestAuth.getUri();
                String ha2 = Encoder.md5hash(a2);
                String ver = ha1 + ":" + nonce + ":" + digestAuth.getNc() + ":" + digestAuth.getCnonce() + ":" + digestAuth.getQop() + ":" + ha2;
                String verity = Encoder.md5hash(ver);
                if (verity.equals(response)) {
                    return authentication.getIdentity();
                } else if (log.isDebug()) {
                    // don't log as error, happens all the time with certain clients, e.g. Microsoft-WebDAV-MiniRedir
                    log.debug("Verity::" + verity + " doesn't equals response::" + response);
                }
            }
        }
    }
    return null;
}
Also used : Authentication(org.olat.basesecurity.Authentication) ArrayList(java.util.ArrayList)

Example 64 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManager method updateDigestPassword.

private void updateDigestPassword(Identity doer, Identity identity, String authUsername, String password, String provider, List<Authentication> authentications) {
    String digestToken = authUsername + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":" + password;
    Authentication authHa1 = getAndRemoveAuthentication(provider, authentications);
    if (authHa1 == null) {
        // create new authentication for provider OLAT
        try {
            dbInstance.commit();
            Identity reloadedIdentity = securityManager.loadIdentityByKey(identity.getKey());
            securityManager.createAndPersistAuthentication(reloadedIdentity, provider, authUsername, digestToken, Encoder.Algorithm.md5_noSalt);
            log.audit(doer.getName() + " created new WebDAV (HA1) authentication for identity: " + identity.getKey() + " (" + authUsername + ")");
        } catch (DBRuntimeException e) {
            log.error("Cannot create digest password with provider " + provider + " for identity:" + identity, e);
            dbInstance.commit();
        }
    } else {
        String md5DigestToken = Encoder.encrypt(digestToken, null, Encoder.Algorithm.md5_noSalt);
        if (!md5DigestToken.equals(authHa1.getCredential()) || !authHa1.getAuthusername().equals(authUsername)) {
            try {
                authHa1.setCredential(md5DigestToken);
                authHa1.setAuthusername(authUsername);
                securityManager.updateAuthentication(authHa1);
                log.audit(doer.getName() + " set new WebDAV (HA1) password for identity: " + identity.getKey() + " (" + authUsername + ")");
            } catch (DBRuntimeException e) {
                log.error("Cannot update digest password with provider " + provider + " for identity:" + identity, e);
                dbInstance.commit();
            }
        }
    }
}
Also used : DBRuntimeException(org.olat.core.logging.DBRuntimeException) Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Example 65 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class PersonalRSSServlet method getPersonalFeed.

/**
 * Creates a personal RSS document
 *
 * @param pathInfo
 * @return RssDocument
 */
private SyndFeed getPersonalFeed(String pathInfo) {
    // pathInfo is like /personal/username/tokenid/olat.rss
    int startIdName = PersonalRSSUtil.RSS_PREFIX_PERSONAL.length();
    int startIdToken = pathInfo.indexOf("/", PersonalRSSUtil.RSS_PREFIX_PERSONAL.length());
    String idName = pathInfo.substring(startIdName, startIdToken);
    int startUselessUri = pathInfo.indexOf("/", startIdToken + 1);
    String idToken = pathInfo.substring(startIdToken + 1, startUselessUri);
    // ---- check integrity and user authentication ----
    if (idName == null || idName.equals("")) {
        return null;
    }
    Identity identity = BaseSecurityManager.getInstance().findIdentityByName(idName);
    if (identity == null) {
        // error - abort
        return null;
    }
    // check if this is a valid authentication
    Authentication auth = BaseSecurityManager.getInstance().findAuthentication(identity, PersonalRSSUtil.RSS_AUTH_PROVIDER);
    if (auth == null) {
        // auth provider will be generated on the fly
        return null;
    }
    if (!auth.getCredential().equals(idToken)) {
        // error - wrong authentication
        return null;
    }
    // create rss feed for user notifications
    return new PersonalRSSFeed(identity);
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4