Search in sources :

Example 66 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class SendTokenToUserForm method sendToken.

private void sendToken(UserRequest ureq, String text) {
    // mailer configuration
    // We allow creation of password token when user has no password so far or when he as an OpenOLAT Password.
    // For other cases such as Shibboleth, LDAP, oAuth etc. we don't allow creation of token as this is most
    // likely not a desired action.
    List<Authentication> authentications = BaseSecurityManager.getInstance().getAuthentications(user);
    boolean isOOpwdAllowed = (authentications.size() == 0);
    for (Authentication authentication : authentications) {
        if (authentication.getProvider().equals(BaseSecurityModule.getDefaultAuthProviderIdentifier())) {
            isOOpwdAllowed = true;
        }
    }
    if (!isOOpwdAllowed) {
        showWarning("sendtoken.wrong.auth");
        return;
    }
    Preferences prefs = user.getUser().getPreferences();
    Locale locale = i18nManager.getLocaleOrDefault(prefs.getLanguage());
    String emailAdress = user.getUser().getProperty(UserConstants.EMAIL, locale);
    String ip = ureq.getHttpReq().getRemoteAddr();
    TemporaryKey tk = registrationManager.createAndDeleteOldTemporaryKey(user.getKey(), emailAdress, ip, RegistrationManager.PW_CHANGE);
    if (text.indexOf(dummyKey) < 0) {
        showWarning("changeuserpwd.failed");
        logWarn("Can not replace temporary registration token in change pwd mail token dialog, user probably changed temporary token in mai template", null);
        return;
    }
    String body = text.replace(dummyKey, tk.getRegistrationKey());
    Translator userTrans = Util.createPackageTranslator(RegistrationManager.class, locale);
    MailBundle bundle = new MailBundle();
    bundle.setToId(user);
    bundle.setContent(userTrans.translate("pwchange.subject"), body);
    MailerResult result = mailManager.sendExternMessage(bundle, null, false);
    if (result.getReturnCode() == 0) {
        showInfo("email.sent");
    } else {
        showInfo("email.notsent");
    }
}
Also used : Locale(java.util.Locale) Translator(org.olat.core.gui.translator.Translator) MailerResult(org.olat.core.util.mail.MailerResult) Authentication(org.olat.basesecurity.Authentication) TemporaryKey(org.olat.registration.TemporaryKey) Preferences(org.olat.core.id.Preferences) MailBundle(org.olat.core.util.mail.MailBundle)

Example 67 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserAdminController method isPasswordChangesAllowed.

private boolean isPasswordChangesAllowed(Identity identity) {
    Boolean canChangePwd = BaseSecurityModule.USERMANAGER_CAN_MODIFY_PWD;
    if (canChangePwd.booleanValue() || isOlatAdmin) {
        // of a user that has no password yet
        if (ldapLoginModule.isLDAPEnabled() && ldapLoginManager.isIdentityInLDAPSecGroup(identity)) {
            // it's an ldap-user
            return ldapLoginModule.isPropagatePasswordChangedOnLdapServer();
        }
        Boolean canCreatePwd = BaseSecurityModule.USERMANAGER_CAN_CREATE_PWD;
        Authentication olatAuth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
        if (olatAuth != null || canCreatePwd.booleanValue() || isOlatAdmin) {
            return true;
        }
    }
    return false;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Example 68 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserImportController method doUpdateIdentity.

private Identity doUpdateIdentity(UpdateIdentity userToUpdate, Boolean updateUsers, Boolean updatePassword, ImportReport report) {
    Identity identity;
    if (updateUsers != null && updateUsers.booleanValue()) {
        identity = userToUpdate.getIdentity(true);
        String oldEmail = loadEmail(identity);
        if (um.updateUserFromIdentity(identity)) {
            report.incrementUpdatedUser();
            securityManager.deleteInvalidAuthenticationsByEmail(oldEmail);
        }
    } else {
        identity = userToUpdate.getIdentity();
    }
    String password = userToUpdate.getPassword();
    if (StringHelper.containsNonWhitespace(password)) {
        if (password.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
            String uniqueID = password.substring(SHIBBOLETH_MARKER.length());
            Authentication auth = securityManager.findAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB);
            if (auth == null) {
                securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
                report.incrementUpdatedShibboletAuthentication();
            } else if (!uniqueID.equals(auth.getAuthusername())) {
                // remove the old authentication
                securityManager.deleteAuthentication(auth);
                DBFactory.getInstance().commit();
                // create the new one with the new authusername
                securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
                report.incrementUpdatedShibboletAuthentication();
            }
        } else if (updatePassword != null && updatePassword.booleanValue()) {
            Authentication auth = securityManager.findAuthentication(identity, "OLAT");
            if (auth != null) {
                olatAuthManager.changePassword(getIdentity(), identity, password);
                report.incrementUpdatedPassword();
            }
        }
    }
    return userToUpdate.getIdentity();
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Example 69 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class RestSecurityBeanImpl method removeTooOldRestToken.

@Override
public int removeTooOldRestToken() {
    Calendar cal = Calendar.getInstance();
    cal.setTime(new Date());
    cal.add(Calendar.MONTH, -1);
    Date limit = cal.getTime();
    List<Authentication> authentications = securityManager.findOldAuthentication(REST_AUTH_PROVIDER, limit);
    for (Authentication authentication : authentications) {
        String token = authentication.getCredential();
        if (tokenToIdentity.containsKey(token)) {
            // don't delete authentication in use
            continue;
        }
        securityManager.deleteAuthentication(authentication);
    }
    return authentications.size();
}
Also used : Authentication(org.olat.basesecurity.Authentication) Calendar(java.util.Calendar) Date(java.util.Date)

Example 70 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class UserWebService method getUserListQuery.

/**
 * Search users and return them in a simple form (without user properties). User properties
 * can be added two the query parameters. If the authUsername and the authProvider are set,
 * the search is made only with these two parameters because they are sufficient to return
 * a single user.<br>
 * The search with login and user properties are made default with wild cards. If an exact
 * match is needed, the parameter msut be quoted:<br>
 * users?login="username"<br>
 * Don't forget the right escaping in the URL!<br>
 * You can make a search with the user properties like this:<br>
 * users?telMobile=39847592&login=test
 * <br >/ The lookup is possible for authors, usermanagers and system administrators. Normal
 * users are not allowed to use the lookup service.
 *
 * @response.representation.200.qname {http://www.example.com}userVO
 * @response.representation.200.mediaType application/xml, application/json
 * @response.representation.200.doc The list of all users in the OLAT system
 * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @param login The login (search with like)
 * @param authProvider An authentication provider (optional)
 * @param authUsername An specific username from the authentication provider
 * @param uriInfo The URI infos
 * @param httpRequest The HTTP request
 * @return An array of users
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getUserListQuery(@QueryParam("login") String login, @QueryParam("authProvider") String authProvider, @QueryParam("authUsername") String authUsername, @QueryParam("statusVisibleLimit") String statusVisibleLimit, @Context UriInfo uriInfo, @Context HttpServletRequest httpRequest) {
    // User lookup allowed for authors, usermanagers and admins. For
    // usernamanger and up are considered "administrative" when it comes to
    // lookup of the user properties
    boolean isAdministrativeUser = isUserManager(httpRequest);
    if (!isAdministrativeUser && !isAuthor(httpRequest)) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
    List<Identity> identities;
    // make only a search by authUsername
    if (StringHelper.containsNonWhitespace(authProvider) && StringHelper.containsNonWhitespace(authUsername)) {
        Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(authUsername, authProvider);
        if (auth == null) {
            identities = Collections.emptyList();
        } else {
            identities = Collections.singletonList(auth.getIdentity());
        }
    } else {
        String[] authProviders = null;
        if (StringHelper.containsNonWhitespace(authProvider)) {
            authProviders = new String[] { authProvider };
        }
        // retrieve and convert the parameters value
        Map<String, String> userProps = new HashMap<String, String>();
        if (!params.isEmpty()) {
            UserManager um = UserManager.getInstance();
            Locale locale = getLocale(httpRequest);
            List<UserPropertyHandler> propertyHandlers = um.getUserPropertyHandlersFor(PROPERTY_HANDLER_IDENTIFIER, isAdministrativeUser);
            for (UserPropertyHandler handler : propertyHandlers) {
                if (!params.containsKey(handler.getName()))
                    continue;
                List<String> values = params.get(handler.getName());
                if (values.isEmpty())
                    continue;
                String value = formatDbUserProperty(values.get(0), handler, locale);
                userProps.put(handler.getName(), value);
            }
        }
        Integer status = Identity.STATUS_VISIBLE_LIMIT;
        if (isAdministrativeUser && "all".equalsIgnoreCase(statusVisibleLimit)) {
            status = null;
        }
        identities = BaseSecurityManager.getInstance().getIdentitiesByPowerSearch(login, userProps, true, null, null, authProviders, null, null, null, null, status);
    }
    int count = 0;
    UserVO[] userVOs = new UserVO[identities.size()];
    for (Identity identity : identities) {
        userVOs[count++] = get(identity);
    }
    return Response.ok(userVOs).build();
}
Also used : Locale(java.util.Locale) RestSecurityHelper.getLocale(org.olat.restapi.security.RestSecurityHelper.getLocale) HashMap(java.util.HashMap) Authentication(org.olat.basesecurity.Authentication) UserManager(org.olat.user.UserManager) RestSecurityHelper.isUserManager(org.olat.restapi.security.RestSecurityHelper.isUserManager) Identity(org.olat.core.id.Identity) RestSecurityHelper.getIdentity(org.olat.restapi.security.RestSecurityHelper.getIdentity) UserPropertyHandler(org.olat.user.propertyhandlers.UserPropertyHandler) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4