use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class SendTokenToUserForm method sendToken.
private void sendToken(UserRequest ureq, String text) {
// mailer configuration
// We allow creation of password token when user has no password so far or when he as an OpenOLAT Password.
// For other cases such as Shibboleth, LDAP, oAuth etc. we don't allow creation of token as this is most
// likely not a desired action.
List<Authentication> authentications = BaseSecurityManager.getInstance().getAuthentications(user);
boolean isOOpwdAllowed = (authentications.size() == 0);
for (Authentication authentication : authentications) {
if (authentication.getProvider().equals(BaseSecurityModule.getDefaultAuthProviderIdentifier())) {
isOOpwdAllowed = true;
}
}
if (!isOOpwdAllowed) {
showWarning("sendtoken.wrong.auth");
return;
}
Preferences prefs = user.getUser().getPreferences();
Locale locale = i18nManager.getLocaleOrDefault(prefs.getLanguage());
String emailAdress = user.getUser().getProperty(UserConstants.EMAIL, locale);
String ip = ureq.getHttpReq().getRemoteAddr();
TemporaryKey tk = registrationManager.createAndDeleteOldTemporaryKey(user.getKey(), emailAdress, ip, RegistrationManager.PW_CHANGE);
if (text.indexOf(dummyKey) < 0) {
showWarning("changeuserpwd.failed");
logWarn("Can not replace temporary registration token in change pwd mail token dialog, user probably changed temporary token in mai template", null);
return;
}
String body = text.replace(dummyKey, tk.getRegistrationKey());
Translator userTrans = Util.createPackageTranslator(RegistrationManager.class, locale);
MailBundle bundle = new MailBundle();
bundle.setToId(user);
bundle.setContent(userTrans.translate("pwchange.subject"), body);
MailerResult result = mailManager.sendExternMessage(bundle, null, false);
if (result.getReturnCode() == 0) {
showInfo("email.sent");
} else {
showInfo("email.notsent");
}
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class UserAdminController method isPasswordChangesAllowed.
private boolean isPasswordChangesAllowed(Identity identity) {
Boolean canChangePwd = BaseSecurityModule.USERMANAGER_CAN_MODIFY_PWD;
if (canChangePwd.booleanValue() || isOlatAdmin) {
// of a user that has no password yet
if (ldapLoginModule.isLDAPEnabled() && ldapLoginManager.isIdentityInLDAPSecGroup(identity)) {
// it's an ldap-user
return ldapLoginModule.isPropagatePasswordChangedOnLdapServer();
}
Boolean canCreatePwd = BaseSecurityModule.USERMANAGER_CAN_CREATE_PWD;
Authentication olatAuth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
if (olatAuth != null || canCreatePwd.booleanValue() || isOlatAdmin) {
return true;
}
}
return false;
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class UserImportController method doUpdateIdentity.
private Identity doUpdateIdentity(UpdateIdentity userToUpdate, Boolean updateUsers, Boolean updatePassword, ImportReport report) {
Identity identity;
if (updateUsers != null && updateUsers.booleanValue()) {
identity = userToUpdate.getIdentity(true);
String oldEmail = loadEmail(identity);
if (um.updateUserFromIdentity(identity)) {
report.incrementUpdatedUser();
securityManager.deleteInvalidAuthenticationsByEmail(oldEmail);
}
} else {
identity = userToUpdate.getIdentity();
}
String password = userToUpdate.getPassword();
if (StringHelper.containsNonWhitespace(password)) {
if (password.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
String uniqueID = password.substring(SHIBBOLETH_MARKER.length());
Authentication auth = securityManager.findAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB);
if (auth == null) {
securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
report.incrementUpdatedShibboletAuthentication();
} else if (!uniqueID.equals(auth.getAuthusername())) {
// remove the old authentication
securityManager.deleteAuthentication(auth);
DBFactory.getInstance().commit();
// create the new one with the new authusername
securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
report.incrementUpdatedShibboletAuthentication();
}
} else if (updatePassword != null && updatePassword.booleanValue()) {
Authentication auth = securityManager.findAuthentication(identity, "OLAT");
if (auth != null) {
olatAuthManager.changePassword(getIdentity(), identity, password);
report.incrementUpdatedPassword();
}
}
}
return userToUpdate.getIdentity();
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class RestSecurityBeanImpl method removeTooOldRestToken.
@Override
public int removeTooOldRestToken() {
Calendar cal = Calendar.getInstance();
cal.setTime(new Date());
cal.add(Calendar.MONTH, -1);
Date limit = cal.getTime();
List<Authentication> authentications = securityManager.findOldAuthentication(REST_AUTH_PROVIDER, limit);
for (Authentication authentication : authentications) {
String token = authentication.getCredential();
if (tokenToIdentity.containsKey(token)) {
// don't delete authentication in use
continue;
}
securityManager.deleteAuthentication(authentication);
}
return authentications.size();
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class UserWebService method getUserListQuery.
/**
* Search users and return them in a simple form (without user properties). User properties
* can be added two the query parameters. If the authUsername and the authProvider are set,
* the search is made only with these two parameters because they are sufficient to return
* a single user.<br>
* The search with login and user properties are made default with wild cards. If an exact
* match is needed, the parameter msut be quoted:<br>
* users?login="username"<br>
* Don't forget the right escaping in the URL!<br>
* You can make a search with the user properties like this:<br>
* users?telMobile=39847592&login=test
* <br >/ The lookup is possible for authors, usermanagers and system administrators. Normal
* users are not allowed to use the lookup service.
*
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The list of all users in the OLAT system
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc The roles of the authenticated user are not sufficient
* @param login The login (search with like)
* @param authProvider An authentication provider (optional)
* @param authUsername An specific username from the authentication provider
* @param uriInfo The URI infos
* @param httpRequest The HTTP request
* @return An array of users
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getUserListQuery(@QueryParam("login") String login, @QueryParam("authProvider") String authProvider, @QueryParam("authUsername") String authUsername, @QueryParam("statusVisibleLimit") String statusVisibleLimit, @Context UriInfo uriInfo, @Context HttpServletRequest httpRequest) {
// User lookup allowed for authors, usermanagers and admins. For
// usernamanger and up are considered "administrative" when it comes to
// lookup of the user properties
boolean isAdministrativeUser = isUserManager(httpRequest);
if (!isAdministrativeUser && !isAuthor(httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
List<Identity> identities;
// make only a search by authUsername
if (StringHelper.containsNonWhitespace(authProvider) && StringHelper.containsNonWhitespace(authUsername)) {
Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(authUsername, authProvider);
if (auth == null) {
identities = Collections.emptyList();
} else {
identities = Collections.singletonList(auth.getIdentity());
}
} else {
String[] authProviders = null;
if (StringHelper.containsNonWhitespace(authProvider)) {
authProviders = new String[] { authProvider };
}
// retrieve and convert the parameters value
Map<String, String> userProps = new HashMap<String, String>();
if (!params.isEmpty()) {
UserManager um = UserManager.getInstance();
Locale locale = getLocale(httpRequest);
List<UserPropertyHandler> propertyHandlers = um.getUserPropertyHandlersFor(PROPERTY_HANDLER_IDENTIFIER, isAdministrativeUser);
for (UserPropertyHandler handler : propertyHandlers) {
if (!params.containsKey(handler.getName()))
continue;
List<String> values = params.get(handler.getName());
if (values.isEmpty())
continue;
String value = formatDbUserProperty(values.get(0), handler, locale);
userProps.put(handler.getName(), value);
}
}
Integer status = Identity.STATUS_VISIBLE_LIMIT;
if (isAdministrativeUser && "all".equalsIgnoreCase(statusVisibleLimit)) {
status = null;
}
identities = BaseSecurityManager.getInstance().getIdentitiesByPowerSearch(login, userProps, true, null, null, authProviders, null, null, null, null, status);
}
int count = 0;
UserVO[] userVOs = new UserVO[identities.size()];
for (Identity identity : identities) {
userVOs[count++] = get(identity);
}
return Response.ok(userVOs).build();
}
Aggregations