Search in sources :

Example 11 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class RestSecurityBeanImpl method isTokenRegistrated.

@Override
public boolean isTokenRegistrated(String token, HttpSession session) {
    if (!StringHelper.containsNonWhitespace(token))
        return false;
    boolean registrated = tokenToIdentity.containsKey(token);
    if (!registrated) {
        List<Authentication> auths = securityManager.findAuthenticationByToken(REST_AUTH_PROVIDER, token);
        if (auths.size() == 1) {
            Authentication auth = auths.get(0);
            tokenToIdentity.put(token, auth.getIdentity().getKey());
            bindTokenToSession(token, session);
            registrated = true;
        }
    }
    return registrated;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Example 12 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class RestSecurityBeanImpl method removeTooOldRestToken.

@Override
public int removeTooOldRestToken() {
    Calendar cal = Calendar.getInstance();
    cal.setTime(new Date());
    cal.add(Calendar.MONTH, -1);
    Date limit = cal.getTime();
    List<Authentication> authentications = securityManager.findOldAuthentication(REST_AUTH_PROVIDER, limit);
    for (Authentication authentication : authentications) {
        String token = authentication.getCredential();
        if (tokenToIdentity.containsKey(token)) {
            // don't delete authentication in use
            continue;
        }
        securityManager.deleteAuthentication(authentication);
    }
    return authentications.size();
}
Also used : Authentication(org.olat.basesecurity.Authentication) Calendar(java.util.Calendar) Date(java.util.Date)

Example 13 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class RestSecurityBeanImpl method generateToken.

@Override
public String generateToken(Identity identity, HttpSession session) {
    String token = UUID.randomUUID().toString();
    tokenToIdentity.put(token, identity.getKey());
    bindTokenToSession(token, session);
    Authentication auth = securityManager.findAuthentication(identity, REST_AUTH_PROVIDER);
    if (auth == null) {
        securityManager.createAndPersistAuthentication(identity, REST_AUTH_PROVIDER, identity.getName(), token, null);
    } else {
        authenticationDao.updateCredential(auth, token);
    }
    return token;
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Example 14 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVPasswordController method toogleChangePassword.

private void toogleChangePassword(UserRequest ureq) {
    boolean visible = newButton.isVisible();
    newButton.setVisible(!visible);
    passwordStaticEl.setVisible(!visible);
    saveButton.setVisible(visible);
    cancelButton.setVisible(visible);
    passwordEl.setVisible(visible);
    confirmPasswordEl.setVisible(visible);
    Authentication auth = securityManager.findAuthentication(ureq.getIdentity(), WebDAVAuthManager.PROVIDER_WEBDAV);
    String passwordPlaceholderKey = auth == null ? "pwdav.password.not_set" : "pwdav.password.set";
    String passwordPlaceholder = getTranslator().translate(passwordPlaceholderKey);
    passwordStaticEl.setValue(passwordPlaceholder);
    String buttonPlaceholderKey = auth == null ? "pwdav.password.new" : "pwdav.password.change";
    newButton.setI18nKey(buttonPlaceholderKey);
    flc.setDirty(true);
}
Also used : Authentication(org.olat.basesecurity.Authentication)

Example 15 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserAuthenticationWebService method delete.

/**
 * Deletes an authentication from the system
 * @response.representation.200.doc The authentication successfully deleted
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @response.representation.404.doc The identity or the authentication not found
 * @param username The username of the user
 * @param authKey The authentication key identifier
 * @param request The HTTP request
 * @return <code>Response</code> object. The operation status (success or
 *         fail)
 */
@DELETE
@Path("{authKey}")
public Response delete(@PathParam("username") String username, @PathParam("authKey") Long authKey, @Context HttpServletRequest request) {
    if (!isUserManager(request)) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
    Identity identity = baseSecurity.findIdentityByName(username);
    if (identity == null) {
        return Response.serverError().status(Status.NOT_FOUND).build();
    }
    List<Authentication> authentications = baseSecurity.getAuthentications(identity);
    for (Authentication authentication : authentications) {
        if (authKey.equals(authentication.getKey())) {
            baseSecurity.deleteAuthentication(authentication);
            return Response.ok().build();
        }
    }
    return Response.serverError().status(Status.NOT_FOUND).build();
}
Also used : Authentication(org.olat.basesecurity.Authentication) RestSecurityHelper.getIdentity(org.olat.restapi.security.RestSecurityHelper.getIdentity) Identity(org.olat.core.id.Identity) BaseSecurity(org.olat.basesecurity.BaseSecurity) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4