use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class ShibbolethRegistrationController method event.
@Override
public void event(UserRequest ureq, Controller source, Event event) {
if (source == migrationForm) {
if (event == Event.CANCELLED_EVENT) {
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
} else if (event == Event.DONE_EVENT) {
state = STATE_MIGRATED_SHIB_USER;
mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
}
} else if (source == regWithUserPropForm) {
if (event == Event.CANCELLED_EVENT) {
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
} else if (event == Event.DONE_EVENT) {
state = STATE_NEW_SHIB_USER;
mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
}
} else if (source == regForm) {
if (event == Event.DONE_EVENT) {
String choosenLogin = regForm.getLogin();
BaseSecurity secMgr = BaseSecurityManager.getInstance();
Identity identity = secMgr.findIdentityByName(choosenLogin);
if (identity == null) {
// ok, create new user
if (isMandatoryUserPropertyMissing()) {
regWithUserPropForm = new ShibbolethRegistrationUserPropertiesFrom(ureq, getWindowControl(), shibbolethAttributes);
regWithUserPropForm.addControllerListener(this);
mainContainer.put("getUserPropsForm", regWithUserPropForm.getInitialComponent());
mainContainer.setPage(VELOCITY_ROOT + "/register_user_props.html");
} else {
state = STATE_NEW_SHIB_USER;
mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
}
} else {
// offer identity migration, if OLAT provider exists
Authentication auth = secMgr.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
if (auth == null) {
// no OLAT provider, migration not possible...
getWindowControl().setError(translator.translate("sr.error.loginexists", new String[] { WebappHelper.getMailConfig("mailSupport") }));
} else {
// OLAT provider exists, offer migration...
migrationForm = new ShibbolethMigrationForm(ureq, getWindowControl(), auth);
migrationForm.addControllerListener(this);
mainContainer.put("migrationForm", migrationForm.getInitialComponent());
mainContainer.setPage(VELOCITY_ROOT + "/migration.html");
}
}
}
} else if (source == languageChooserController) {
if (event == Event.DONE_EVENT) {
// language choosed
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
ureq.getUserSession().removeEntry(LocaleNegotiator.NEGOTIATED_LOCALE);
} else if (event instanceof LanguageChangedEvent) {
LanguageChangedEvent lcev = (LanguageChangedEvent) event;
translator.setLocale(lcev.getNewLocale());
dclController.changeLocale(lcev.getNewLocale());
}
} else if (source == dclController) {
if (event == Event.DONE_EVENT) {
// disclaimer accepted...
if (state == STATE_NEW_SHIB_USER) {
// ...proceed and create user
String choosenLogin;
if (regForm == null) {
choosenLogin = proposedUsername;
} else {
choosenLogin = regForm.getLogin();
}
// check if login has been taken by another user in the meantime...
BaseSecurity secMgr = BaseSecurityManager.getInstance();
// check if login has been taken by another user in the meantime...
Identity identity = secMgr.findIdentityByName(choosenLogin);
if (identity != null) {
getWindowControl().setError(translator.translate("sr.login.meantimetaken"));
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
state = STATE_UNDEFINED;
return;
}
String email = shibbolethAttributes.getValueForUserPropertyName(UserConstants.EMAIL);
if (!UserManager.getInstance().isEmailAllowed(email)) {
// error, email already exists. should actually not happen if OLAT Authenticator has
// been set after removing shibboleth authenticator
getWindowControl().setError(translator.translate("sr.error.emailexists", new String[] { WebappHelper.getMailConfig("mailSupport") }));
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
state = STATE_UNDEFINED;
return;
}
identity = shibbolethManager.createUser(choosenLogin, shibbolethUniqueID, locale.getLanguage(), shibbolethAttributes);
// tell system that this user did accept the disclaimer
CoreSpringFactory.getImpl(RegistrationManager.class).setHasConfirmedDislaimer(identity);
doLogin(identity, ureq);
return;
} else if (state == STATE_MIGRATED_SHIB_USER) {
// ...proceed and migrate user
// create additional authentication
Authentication auth = migrationForm.getAuthentication();
Identity authenticationedIdentity = auth.getIdentity();
BaseSecurity secMgr = BaseSecurityManager.getInstance();
secMgr.createAndPersistAuthentication(authenticationedIdentity, ShibbolethDispatcher.PROVIDER_SHIB, shibbolethUniqueID, null, null);
// update user profile
shibbolethManager.syncUser(authenticationedIdentity, shibbolethAttributes);
doLogin(authenticationedIdentity, ureq);
return;
}
} else if (event == Event.CANCELLED_EVENT) {
mainContainer.setPage(VELOCITY_ROOT + "/register.html");
getWindowControl().setError(translator.translate("sr.error.disclaimer"));
}
}
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class UserDeletionManager method deleteIdentity.
/**
* Delete all user-data in registered deleteable resources.
* @param identity
* @return true
*/
public void deleteIdentity(Identity identity) {
logInfo("Start deleteIdentity for identity=" + identity);
String newName = getBackupStringWithDate(identity.getName());
logInfo("Start Deleting user=" + identity);
File archiveFilePath = getArchivFilePath(identity);
Map<String, UserDataDeletable> userDataDeletableResourcesMap = CoreSpringFactory.getBeansOfType(UserDataDeletable.class);
List<UserDataDeletable> userDataDeletableResources = new ArrayList<>(userDataDeletableResourcesMap.values());
Collections.sort(userDataDeletableResources, new UserDataDeletableComparator());
for (UserDataDeletable element : userDataDeletableResources) {
logInfo("UserDataDeletable-Loop element=" + element);
element.deleteUserData(identity, newName, archiveFilePath);
}
// Delete all authentications for certain identity
List<Authentication> authentications = securityManager.getAuthentications(identity);
for (Authentication auth : authentications) {
logInfo("deleteAuthentication auth=" + auth);
securityManager.deleteAuthentication(auth);
logDebug("Delete auth=" + auth + " of identity=" + identity);
}
// remove identity from its security groups
List<SecurityGroup> securityGroups = securityManager.getSecurityGroupsForIdentity(identity);
for (SecurityGroup secGroup : securityGroups) {
securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
logInfo("Removing user=" + identity + " from security group=" + secGroup.toString());
}
// remove identity from groups
groupDao.removeMemberships(identity);
String key = identity.getUser().getProperty("emchangeKey", null);
TemporaryKey tempKey = registrationManager.loadTemporaryKeyByRegistrationKey(key);
if (tempKey != null) {
registrationManager.deleteTemporaryKey(tempKey);
}
identity = securityManager.loadIdentityByKey(identity.getKey());
// keep login-name only -> change email
User persistedUser = identity.getUser();
List<UserPropertyHandler> userPropertyHandlers = UserManager.getInstance().getAllUserPropertyHandlers();
for (UserPropertyHandler userPropertyHandler : userPropertyHandlers) {
String actualProperty = userPropertyHandler.getName();
if (userPropertyHandler.isDeletable() && !(keepUserEmailAfterDeletion && UserConstants.EMAIL.equals(actualProperty))) {
persistedUser.setProperty(actualProperty, null);
}
if ((!keepUserEmailAfterDeletion && UserConstants.EMAIL.equals(actualProperty))) {
String oldEmail = userPropertyHandler.getUserProperty(persistedUser, null);
String newEmail = "";
if (StringHelper.containsNonWhitespace(oldEmail)) {
newEmail = getBackupStringWithDate(oldEmail);
}
logInfo("Update user-property user=" + persistedUser);
userPropertyHandler.setUserProperty(persistedUser, newEmail);
}
}
UserManager.getInstance().updateUserFromIdentity(identity);
logInfo("deleteUserProperties user=" + persistedUser);
dbInstance.commit();
identity = securityManager.loadIdentityByKey(identity.getKey());
// keep email only -> change login-name
if (!keepUserEmailAfterDeletion) {
identity = securityManager.saveIdentityName(identity, newName, null);
}
// keep everything, change identity.status to deleted
logInfo("Change stater identity=" + identity);
identity = securityManager.saveIdentityStatus(identity, Identity.STATUS_DELETED);
LifeCycleManager.createInstanceFor(identity).deleteTimestampFor(SEND_DELETE_EMAIL_ACTION);
LifeCycleManager.createInstanceFor(identity).markTimestampFor(USER_DELETED_ACTION, createLifeCycleLogDataFor(identity));
logAudit("User-Deletion: Delete all userdata for identity=" + identity);
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class UserImportController method doUpdateIdentity.
private Identity doUpdateIdentity(UpdateIdentity userToUpdate, Boolean updateUsers, Boolean updatePassword, ImportReport report) {
Identity identity;
if (updateUsers != null && updateUsers.booleanValue()) {
identity = userToUpdate.getIdentity(true);
String oldEmail = loadEmail(identity);
if (um.updateUserFromIdentity(identity)) {
report.incrementUpdatedUser();
securityManager.deleteInvalidAuthenticationsByEmail(oldEmail);
}
} else {
identity = userToUpdate.getIdentity();
}
String password = userToUpdate.getPassword();
if (StringHelper.containsNonWhitespace(password)) {
if (password.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
String uniqueID = password.substring(SHIBBOLETH_MARKER.length());
Authentication auth = securityManager.findAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB);
if (auth == null) {
securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
report.incrementUpdatedShibboletAuthentication();
} else if (!uniqueID.equals(auth.getAuthusername())) {
// remove the old authentication
securityManager.deleteAuthentication(auth);
DBFactory.getInstance().commit();
// create the new one with the new authusername
securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
report.incrementUpdatedShibboletAuthentication();
}
} else if (updatePassword != null && updatePassword.booleanValue()) {
Authentication auth = securityManager.findAuthentication(identity, "OLAT");
if (auth != null) {
olatAuthManager.changePassword(getIdentity(), identity, password);
report.incrementUpdatedPassword();
}
}
}
return userToUpdate.getIdentity();
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class WebDAVAuthManager method digestAuthentication.
public Identity digestAuthentication(String httpMethod, DigestAuthentication digestAuth) {
String username = digestAuth.getUsername();
List<String> providers = new ArrayList<>(3);
providers.add(PROVIDER_HA1);
if (userModule.isEmailUnique()) {
providers.add(PROVIDER_HA1_EMAIL);
providers.add(PROVIDER_HA1_INSTITUTIONAL_EMAIL);
}
List<Authentication> authentications = securityManager.findAuthenticationByAuthusername(username, providers);
if (authentications != null && authentications.size() > 0) {
for (Authentication authentication : authentications) {
if ("auth".equals(digestAuth.getQop())) {
String nonce = digestAuth.getNonce();
String response = digestAuth.getResponse();
String ha1 = authentication.getCredential();
String a2 = httpMethod + ":" + digestAuth.getUri();
String ha2 = Encoder.md5hash(a2);
String ver = ha1 + ":" + nonce + ":" + digestAuth.getNc() + ":" + digestAuth.getCnonce() + ":" + digestAuth.getQop() + ":" + ha2;
String verity = Encoder.md5hash(ver);
if (verity.equals(response)) {
return authentication.getIdentity();
} else if (log.isDebug()) {
// don't log as error, happens all the time with certain clients, e.g. Microsoft-WebDAV-MiniRedir
log.debug("Verity::" + verity + " doesn't equals response::" + response);
}
}
}
}
return null;
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class LTIManagerImpl method createPersonSourceId.
/**
* A comma-separated list of URN values for roles. If this list is non-empty,
* it should contain at least one role from the LIS System Role, LIS
* Institution Role, or LIS Context Role vocabularies (See Appendix A of
* LTI_BasicLTI_Implementation_Guide_rev1.pdf).
*
* @param roles
* @return
*/
/*private String setRoles(Identity identity, Roles roles, LTIContext context) {
StringBuilder rolesStr;
if (roles.isGuestOnly()) {
rolesStr = new StringBuilder("Guest");
} else {
rolesStr = new StringBuilder("Learner");
boolean coach = context.isCoach(identity);
if (coach) {
rolesStr.append(",").append("Instructor");
}
boolean admin = context.isAdmin(identity);
if (roles.isOLATAdmin() || admin) {
rolesStr.append(",").append("Administrator");
}
}
return rolesStr.toString();
}*/
private String createPersonSourceId(Identity identity) {
// The person source ID is used as user identifier. The rule is as follows:
// 1) if a shibboleth authentication token is availble, use the ShibbolethModule.getDefaultUIDAttribute()
// 2) if a LDAP authentication token is available, use the LDAPConstants.LDAP_USER_IDENTIFYER
// 3) as fallback use the system URL together with the identity username
String personSourceId = null;
// Use the shibboleth ID as person source identificator
List<Authentication> authMethods = BaseSecurityManager.getInstance().getAuthentications(identity);
for (Authentication method : authMethods) {
String provider = method.getProvider();
if (ShibbolethDispatcher.PROVIDER_SHIB.equals(provider)) {
personSourceId = method.getAuthusername();
// done, case 1)
break;
} else if (LDAPAuthenticationController.PROVIDER_LDAP.equals(provider)) {
personSourceId = method.getAuthusername();
// normally done, case 2). however, lets continue because we might still find a case 1)
}
// ignore all other authentication providers
}
if (!StringHelper.containsNonWhitespace(personSourceId)) {
// fallback to the serverDomainName:identityId as case 3)
personSourceId = Settings.getServerDomainName() + ":" + identity.getKey();
}
return personSourceId;
}
Aggregations