Examples with Authentication - org.olat.basesecurity.Authentication

Example 81 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class LDAPLoginManagerImpl method findIdentityByLdapAuthentication.

/**
 * Searches for Identity in OLAT.
 *
 * @param uid Name of Identity
 * @param errors LDAPError Object if user exits but not member of
 *          LDAPSecurityGroup
 *
 * @return Identity if it's found and member of LDAPSecurityGroup, null
 *         otherwise (if user exists but not managed by LDAP, error Object is
 *         modified)
 */
@Override
public Identity findIdentityByLdapAuthentication(Attributes attrs, LDAPError errors) {
    if (attrs == null) {
        errors.insert("findIdentyByLdapAuthentication: attrs::null");
        return null;
    }
    String uid = getAttributeValue(attrs.get(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER)));
    String token = getAttributeValue(attrs.get(syncConfiguration.getLdapUserLoginAttribute()));
    Identity identity = securityManager.findIdentityByNameCaseInsensitive(uid);
    if (identity == null) {
        return null;
    } else {
        SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
        if (ldapGroup == null) {
            log.error("Error getting user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
            return null;
        }
        boolean inSecurityGroup = securityManager.isIdentityInSecurityGroup(identity, ldapGroup);
        if (inSecurityGroup) {
            Authentication ldapAuth = securityManager.findAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP);
            if (ldapAuth == null) {
                // BUG Fixe: update the user and test if it has a ldap provider
                securityManager.createAndPersistAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP, token, null, null);
            } else if (StringHelper.containsNonWhitespace(token) && !token.equals(ldapAuth.getAuthusername())) {
                ldapAuth.setAuthusername(token);
                ldapAuth = securityManager.updateAuthentication(ldapAuth);
            }
            return identity;
        } else if (ldapLoginModule.isConvertExistingLocalUsersToLDAPUsers()) {
            // Add user to LDAP security group and add the ldap provider
            securityManager.createAndPersistAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP, token, null, null);
            securityManager.addIdentityToSecurityGroup(identity, ldapGroup);
            log.info("Found identity by LDAP username that was not yet in LDAP security group. Converted user::" + uid + " to be an LDAP managed user");
            return identity;
        } else {
            errors.insert("findIdentyByLdapAuthentication: User with username::" + uid + " exist but not Managed by LDAP");
            return null;
        }
    }
}

Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity) SecurityGroup(org.olat.basesecurity.SecurityGroup)

Example 82 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class OLATAuthManager method synchronizeOlatPasswordAndUsername.

public boolean synchronizeOlatPasswordAndUsername(Identity doer, Identity identity, String username, String newPwd) {
    Authentication auth = securityManager.findAuthentication(identity, "OLAT");
    if (auth == null) {
        // create new authentication for provider OLAT
        auth = securityManager.createAndPersistAuthentication(identity, "OLAT", username, newPwd, loginModule.getDefaultHashAlgorithm());
        log.audit(doer.getName() + " created new authenticatin for identity: " + identity.getName());
    } else {
        // update credentials
        if (!securityManager.checkCredentials(auth, newPwd)) {
            auth = securityManager.updateCredentials(auth, newPwd, loginModule.getDefaultHashAlgorithm());
        }
        if (!username.equals(auth.getAuthusername())) {
            auth.setAuthusername(username);
            auth = securityManager.updateAuthentication(auth);
        }
        log.audit(doer.getName() + " set new password for identity: " + identity.getName());
    }
    if (identity != null && StringHelper.containsNonWhitespace(username) && webDAVAuthManager != null) {
        webDAVAuthManager.changeDigestPassword(doer, identity, newPwd);
    }
    return true;
}

Also used : Authentication(org.olat.basesecurity.Authentication)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4