Search in sources :

Example 76 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class ShibbolethRegistrationController method event.

@Override
public void event(UserRequest ureq, Controller source, Event event) {
    if (source == migrationForm) {
        if (event == Event.CANCELLED_EVENT) {
            mainContainer.setPage(VELOCITY_ROOT + "/register.html");
        } else if (event == Event.DONE_EVENT) {
            state = STATE_MIGRATED_SHIB_USER;
            mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
        }
    } else if (source == regWithUserPropForm) {
        if (event == Event.CANCELLED_EVENT) {
            mainContainer.setPage(VELOCITY_ROOT + "/register.html");
        } else if (event == Event.DONE_EVENT) {
            state = STATE_NEW_SHIB_USER;
            mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
        }
    } else if (source == regForm) {
        if (event == Event.DONE_EVENT) {
            String choosenLogin = regForm.getLogin();
            BaseSecurity secMgr = BaseSecurityManager.getInstance();
            Identity identity = secMgr.findIdentityByName(choosenLogin);
            if (identity == null) {
                // ok, create new user
                if (isMandatoryUserPropertyMissing()) {
                    regWithUserPropForm = new ShibbolethRegistrationUserPropertiesFrom(ureq, getWindowControl(), shibbolethAttributes);
                    regWithUserPropForm.addControllerListener(this);
                    mainContainer.put("getUserPropsForm", regWithUserPropForm.getInitialComponent());
                    mainContainer.setPage(VELOCITY_ROOT + "/register_user_props.html");
                } else {
                    state = STATE_NEW_SHIB_USER;
                    mainContainer.setPage(VELOCITY_ROOT + "/disclaimer.html");
                }
            } else {
                // offer identity migration, if OLAT provider exists
                Authentication auth = secMgr.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
                if (auth == null) {
                    // no OLAT provider, migration not possible...
                    getWindowControl().setError(translator.translate("sr.error.loginexists", new String[] { WebappHelper.getMailConfig("mailSupport") }));
                } else {
                    // OLAT provider exists, offer migration...
                    migrationForm = new ShibbolethMigrationForm(ureq, getWindowControl(), auth);
                    migrationForm.addControllerListener(this);
                    mainContainer.put("migrationForm", migrationForm.getInitialComponent());
                    mainContainer.setPage(VELOCITY_ROOT + "/migration.html");
                }
            }
        }
    } else if (source == languageChooserController) {
        if (event == Event.DONE_EVENT) {
            // language choosed
            mainContainer.setPage(VELOCITY_ROOT + "/register.html");
            ureq.getUserSession().removeEntry(LocaleNegotiator.NEGOTIATED_LOCALE);
        } else if (event instanceof LanguageChangedEvent) {
            LanguageChangedEvent lcev = (LanguageChangedEvent) event;
            translator.setLocale(lcev.getNewLocale());
            dclController.changeLocale(lcev.getNewLocale());
        }
    } else if (source == dclController) {
        if (event == Event.DONE_EVENT) {
            // disclaimer accepted...
            if (state == STATE_NEW_SHIB_USER) {
                // ...proceed and create user
                String choosenLogin;
                if (regForm == null) {
                    choosenLogin = proposedUsername;
                } else {
                    choosenLogin = regForm.getLogin();
                }
                // check if login has been taken by another user in the meantime...
                BaseSecurity secMgr = BaseSecurityManager.getInstance();
                // check if login has been taken by another user in the meantime...
                Identity identity = secMgr.findIdentityByName(choosenLogin);
                if (identity != null) {
                    getWindowControl().setError(translator.translate("sr.login.meantimetaken"));
                    mainContainer.setPage(VELOCITY_ROOT + "/register.html");
                    state = STATE_UNDEFINED;
                    return;
                }
                String email = shibbolethAttributes.getValueForUserPropertyName(UserConstants.EMAIL);
                if (!UserManager.getInstance().isEmailAllowed(email)) {
                    // error, email already exists. should actually not happen if OLAT Authenticator has
                    // been set after removing shibboleth authenticator
                    getWindowControl().setError(translator.translate("sr.error.emailexists", new String[] { WebappHelper.getMailConfig("mailSupport") }));
                    mainContainer.setPage(VELOCITY_ROOT + "/register.html");
                    state = STATE_UNDEFINED;
                    return;
                }
                identity = shibbolethManager.createUser(choosenLogin, shibbolethUniqueID, locale.getLanguage(), shibbolethAttributes);
                // tell system that this user did accept the disclaimer
                CoreSpringFactory.getImpl(RegistrationManager.class).setHasConfirmedDislaimer(identity);
                doLogin(identity, ureq);
                return;
            } else if (state == STATE_MIGRATED_SHIB_USER) {
                // ...proceed and migrate user
                // create additional authentication
                Authentication auth = migrationForm.getAuthentication();
                Identity authenticationedIdentity = auth.getIdentity();
                BaseSecurity secMgr = BaseSecurityManager.getInstance();
                secMgr.createAndPersistAuthentication(authenticationedIdentity, ShibbolethDispatcher.PROVIDER_SHIB, shibbolethUniqueID, null, null);
                // update user profile
                shibbolethManager.syncUser(authenticationedIdentity, shibbolethAttributes);
                doLogin(authenticationedIdentity, ureq);
                return;
            }
        } else if (event == Event.CANCELLED_EVENT) {
            mainContainer.setPage(VELOCITY_ROOT + "/register.html");
            getWindowControl().setError(translator.translate("sr.error.disclaimer"));
        }
    }
}
Also used : RegistrationManager(org.olat.registration.RegistrationManager) Authentication(org.olat.basesecurity.Authentication) LanguageChangedEvent(org.olat.core.commons.chiefcontrollers.LanguageChangedEvent) Identity(org.olat.core.id.Identity) BaseSecurity(org.olat.basesecurity.BaseSecurity)

Example 77 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class UserDeletionManager method deleteIdentity.

/**
 * Delete all user-data in registered deleteable resources.
 * @param identity
 * @return true
 */
public void deleteIdentity(Identity identity) {
    logInfo("Start deleteIdentity for identity=" + identity);
    String newName = getBackupStringWithDate(identity.getName());
    logInfo("Start Deleting user=" + identity);
    File archiveFilePath = getArchivFilePath(identity);
    Map<String, UserDataDeletable> userDataDeletableResourcesMap = CoreSpringFactory.getBeansOfType(UserDataDeletable.class);
    List<UserDataDeletable> userDataDeletableResources = new ArrayList<>(userDataDeletableResourcesMap.values());
    Collections.sort(userDataDeletableResources, new UserDataDeletableComparator());
    for (UserDataDeletable element : userDataDeletableResources) {
        logInfo("UserDataDeletable-Loop element=" + element);
        element.deleteUserData(identity, newName, archiveFilePath);
    }
    // Delete all authentications for certain identity
    List<Authentication> authentications = securityManager.getAuthentications(identity);
    for (Authentication auth : authentications) {
        logInfo("deleteAuthentication auth=" + auth);
        securityManager.deleteAuthentication(auth);
        logDebug("Delete auth=" + auth + "  of identity=" + identity);
    }
    // remove identity from its security groups
    List<SecurityGroup> securityGroups = securityManager.getSecurityGroupsForIdentity(identity);
    for (SecurityGroup secGroup : securityGroups) {
        securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
        logInfo("Removing user=" + identity + " from security group=" + secGroup.toString());
    }
    // remove identity from groups
    groupDao.removeMemberships(identity);
    String key = identity.getUser().getProperty("emchangeKey", null);
    TemporaryKey tempKey = registrationManager.loadTemporaryKeyByRegistrationKey(key);
    if (tempKey != null) {
        registrationManager.deleteTemporaryKey(tempKey);
    }
    identity = securityManager.loadIdentityByKey(identity.getKey());
    // keep login-name only -> change email
    User persistedUser = identity.getUser();
    List<UserPropertyHandler> userPropertyHandlers = UserManager.getInstance().getAllUserPropertyHandlers();
    for (UserPropertyHandler userPropertyHandler : userPropertyHandlers) {
        String actualProperty = userPropertyHandler.getName();
        if (userPropertyHandler.isDeletable() && !(keepUserEmailAfterDeletion && UserConstants.EMAIL.equals(actualProperty))) {
            persistedUser.setProperty(actualProperty, null);
        }
        if ((!keepUserEmailAfterDeletion && UserConstants.EMAIL.equals(actualProperty))) {
            String oldEmail = userPropertyHandler.getUserProperty(persistedUser, null);
            String newEmail = "";
            if (StringHelper.containsNonWhitespace(oldEmail)) {
                newEmail = getBackupStringWithDate(oldEmail);
            }
            logInfo("Update user-property user=" + persistedUser);
            userPropertyHandler.setUserProperty(persistedUser, newEmail);
        }
    }
    UserManager.getInstance().updateUserFromIdentity(identity);
    logInfo("deleteUserProperties user=" + persistedUser);
    dbInstance.commit();
    identity = securityManager.loadIdentityByKey(identity.getKey());
    // keep email only -> change login-name
    if (!keepUserEmailAfterDeletion) {
        identity = securityManager.saveIdentityName(identity, newName, null);
    }
    // keep everything, change identity.status to deleted
    logInfo("Change stater identity=" + identity);
    identity = securityManager.saveIdentityStatus(identity, Identity.STATUS_DELETED);
    LifeCycleManager.createInstanceFor(identity).deleteTimestampFor(SEND_DELETE_EMAIL_ACTION);
    LifeCycleManager.createInstanceFor(identity).markTimestampFor(USER_DELETED_ACTION, createLifeCycleLogDataFor(identity));
    logAudit("User-Deletion: Delete all userdata for identity=" + identity);
}
Also used : User(org.olat.core.id.User) TemporaryKey(org.olat.registration.TemporaryKey) ArrayList(java.util.ArrayList) SecurityGroup(org.olat.basesecurity.SecurityGroup) Authentication(org.olat.basesecurity.Authentication) UserDataDeletable(org.olat.user.UserDataDeletable) File(java.io.File) UserPropertyHandler(org.olat.user.propertyhandlers.UserPropertyHandler)

Example 78 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class UserImportController method doUpdateIdentity.

private Identity doUpdateIdentity(UpdateIdentity userToUpdate, Boolean updateUsers, Boolean updatePassword, ImportReport report) {
    Identity identity;
    if (updateUsers != null && updateUsers.booleanValue()) {
        identity = userToUpdate.getIdentity(true);
        String oldEmail = loadEmail(identity);
        if (um.updateUserFromIdentity(identity)) {
            report.incrementUpdatedUser();
            securityManager.deleteInvalidAuthenticationsByEmail(oldEmail);
        }
    } else {
        identity = userToUpdate.getIdentity();
    }
    String password = userToUpdate.getPassword();
    if (StringHelper.containsNonWhitespace(password)) {
        if (password.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
            String uniqueID = password.substring(SHIBBOLETH_MARKER.length());
            Authentication auth = securityManager.findAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB);
            if (auth == null) {
                securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
                report.incrementUpdatedShibboletAuthentication();
            } else if (!uniqueID.equals(auth.getAuthusername())) {
                // remove the old authentication
                securityManager.deleteAuthentication(auth);
                DBFactory.getInstance().commit();
                // create the new one with the new authusername
                securityManager.createAndPersistAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, null, null);
                report.incrementUpdatedShibboletAuthentication();
            }
        } else if (updatePassword != null && updatePassword.booleanValue()) {
            Authentication auth = securityManager.findAuthentication(identity, "OLAT");
            if (auth != null) {
                olatAuthManager.changePassword(getIdentity(), identity, password);
                report.incrementUpdatedPassword();
            }
        }
    }
    return userToUpdate.getIdentity();
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Example 79 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class WebDAVAuthManager method digestAuthentication.

public Identity digestAuthentication(String httpMethod, DigestAuthentication digestAuth) {
    String username = digestAuth.getUsername();
    List<String> providers = new ArrayList<>(3);
    providers.add(PROVIDER_HA1);
    if (userModule.isEmailUnique()) {
        providers.add(PROVIDER_HA1_EMAIL);
        providers.add(PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    }
    List<Authentication> authentications = securityManager.findAuthenticationByAuthusername(username, providers);
    if (authentications != null && authentications.size() > 0) {
        for (Authentication authentication : authentications) {
            if ("auth".equals(digestAuth.getQop())) {
                String nonce = digestAuth.getNonce();
                String response = digestAuth.getResponse();
                String ha1 = authentication.getCredential();
                String a2 = httpMethod + ":" + digestAuth.getUri();
                String ha2 = Encoder.md5hash(a2);
                String ver = ha1 + ":" + nonce + ":" + digestAuth.getNc() + ":" + digestAuth.getCnonce() + ":" + digestAuth.getQop() + ":" + ha2;
                String verity = Encoder.md5hash(ver);
                if (verity.equals(response)) {
                    return authentication.getIdentity();
                } else if (log.isDebug()) {
                    // don't log as error, happens all the time with certain clients, e.g. Microsoft-WebDAV-MiniRedir
                    log.debug("Verity::" + verity + " doesn't equals response::" + response);
                }
            }
        }
    }
    return null;
}
Also used : Authentication(org.olat.basesecurity.Authentication) ArrayList(java.util.ArrayList)

Example 80 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class LTIManagerImpl method createPersonSourceId.

/**
 * A comma-separated list of URN values for roles. If this list is non-empty,
 * it should contain at least one role from the LIS System Role, LIS
 * Institution Role, or LIS Context Role vocabularies (See Appendix A of
 * LTI_BasicLTI_Implementation_Guide_rev1.pdf).
 *
 * @param roles
 * @return
 */
/*private String setRoles(Identity identity, Roles roles, LTIContext context) {
		StringBuilder rolesStr;
		if (roles.isGuestOnly()) {
			rolesStr = new StringBuilder("Guest");
		} else {
			rolesStr = new StringBuilder("Learner");
			boolean coach = context.isCoach(identity);
			if (coach) {
				rolesStr.append(",").append("Instructor");
			}
			boolean admin = context.isAdmin(identity);
			if (roles.isOLATAdmin() || admin) {
				rolesStr.append(",").append("Administrator");
			}
		}

		return rolesStr.toString();
	}*/
private String createPersonSourceId(Identity identity) {
    // The person source ID is used as user identifier. The rule is as follows:
    // 1) if a shibboleth authentication token is availble, use the ShibbolethModule.getDefaultUIDAttribute()
    // 2) if a LDAP authentication token is available, use the LDAPConstants.LDAP_USER_IDENTIFYER
    // 3) as fallback use the system URL together with the identity username
    String personSourceId = null;
    // Use the shibboleth ID as person source identificator
    List<Authentication> authMethods = BaseSecurityManager.getInstance().getAuthentications(identity);
    for (Authentication method : authMethods) {
        String provider = method.getProvider();
        if (ShibbolethDispatcher.PROVIDER_SHIB.equals(provider)) {
            personSourceId = method.getAuthusername();
            // done, case 1)
            break;
        } else if (LDAPAuthenticationController.PROVIDER_LDAP.equals(provider)) {
            personSourceId = method.getAuthusername();
        // normally done, case 2). however, lets continue because we might still find a case 1)
        }
    // ignore all other authentication providers
    }
    if (!StringHelper.containsNonWhitespace(personSourceId)) {
        // fallback to the serverDomainName:identityId as case 3)
        personSourceId = Settings.getServerDomainName() + ":" + identity.getKey();
    }
    return personSourceId;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4