use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class ViteroManager method getVmsUserId.
protected GetUserInfo getVmsUserId(Identity identity, boolean create) throws VmsNotAvailableException {
int userId;
boolean created = false;
closeDBSessionSafely();
Authentication authentication = securityManager.findAuthentication(identity, VMS_PROVIDER);
if (authentication == null) {
if (create) {
created = true;
userId = createVmsUser(identity);
if (userId > 0) {
securityManager.createAndPersistAuthentication(identity, VMS_PROVIDER, Integer.toString(userId), null, null);
}
} else {
userId = -1;
}
} else {
userId = Integer.parseInt(authentication.getAuthusername());
}
closeDBSessionSafely();
return new GetUserInfo(created, userId);
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class WebDAVAuthManagerTest method updatePassword.
@Test
public void updatePassword() {
// create an identity
Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-1");
dbInstance.commitAndCloseSession();
Assert.assertNotNull(id);
id.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, "inst_" + id.getUser().getEmail());
userManager.updateUser(id.getUser());
dbInstance.commitAndCloseSession();
// update its password
webdavAuthManager.upgradePassword(id, id.getName(), "secret");
// check digest providers
Authentication ha1Authentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_EMAIL);
Assert.assertNotNull(ha1Authentication);
String digestEmailToken = Encoder.md5hash(id.getUser().getEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
Assert.assertEquals(digestEmailToken, ha1Authentication.getCredential());
Authentication ha1InstAuthentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
Assert.assertNotNull(ha1InstAuthentication);
String digestInstEmailToken = Encoder.md5hash(id.getUser().getInstitutionalEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
Assert.assertEquals(digestInstEmailToken, ha1InstAuthentication.getCredential());
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class WebDAVAuthManagerTest method updatePassword_duplicate.
/**
* Check the case of bad data quality and duplicate institutional email
* adresss.
*/
@Test
public void updatePassword_duplicate() {
// create an identity
Identity id1 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-2");
Identity id2 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-3");
dbInstance.commit();
String uuid = UUID.randomUUID().toString();
id1.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
id2.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
userManager.updateUser(id1.getUser());
userManager.updateUser(id2.getUser());
dbInstance.commitAndCloseSession();
// update password id 1
webdavAuthManager.upgradePassword(id1, id1.getName(), "secret");
dbInstance.commitAndCloseSession();
// update password id 2
// this one will have a problem to update the password, but it need to be silent
webdavAuthManager.upgradePassword(id2, id2.getName(), "secret");
// check the authentication
// check the connection is useable
Authentication ha1InstAuthentication1 = securityManager.findAuthentication(id1, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
Assert.assertNotNull(ha1InstAuthentication1);
Authentication ha1InstAuthentication2 = securityManager.findAuthentication(id2, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
Assert.assertNull(ha1InstAuthentication2);
// check the connection is clean
dbInstance.commit();
}
use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.
the class UserWebService method getUserListQuery.
/**
* Search users and return them in a simple form (without user properties). User properties
* can be added two the query parameters. If the authUsername and the authProvider are set,
* the search is made only with these two parameters because they are sufficient to return
* a single user.<br>
* The search with login and user properties are made default with wild cards. If an exact
* match is needed, the parameter msut be quoted:<br>
* users?login="username"<br>
* Don't forget the right escaping in the URL!<br>
* You can make a search with the user properties like this:<br>
* users?telMobile=39847592&login=test
* <br >/ The lookup is possible for authors, usermanagers and system administrators. Normal
* users are not allowed to use the lookup service.
*
* @response.representation.200.qname {http://www.example.com}userVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The list of all users in the OLAT system
* @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
* @response.representation.401.doc The roles of the authenticated user are not sufficient
* @param login The login (search with like)
* @param authProvider An authentication provider (optional)
* @param authUsername An specific username from the authentication provider
* @param uriInfo The URI infos
* @param httpRequest The HTTP request
* @return An array of users
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getUserListQuery(@QueryParam("login") String login, @QueryParam("authProvider") String authProvider, @QueryParam("authUsername") String authUsername, @QueryParam("statusVisibleLimit") String statusVisibleLimit, @Context UriInfo uriInfo, @Context HttpServletRequest httpRequest) {
// User lookup allowed for authors, usermanagers and admins. For
// usernamanger and up are considered "administrative" when it comes to
// lookup of the user properties
boolean isAdministrativeUser = isUserManager(httpRequest);
if (!isAdministrativeUser && !isAuthor(httpRequest)) {
return Response.serverError().status(Status.UNAUTHORIZED).build();
}
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
List<Identity> identities;
// make only a search by authUsername
if (StringHelper.containsNonWhitespace(authProvider) && StringHelper.containsNonWhitespace(authUsername)) {
Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(authUsername, authProvider);
if (auth == null) {
identities = Collections.emptyList();
} else {
identities = Collections.singletonList(auth.getIdentity());
}
} else {
String[] authProviders = null;
if (StringHelper.containsNonWhitespace(authProvider)) {
authProviders = new String[] { authProvider };
}
// retrieve and convert the parameters value
Map<String, String> userProps = new HashMap<String, String>();
if (!params.isEmpty()) {
UserManager um = UserManager.getInstance();
Locale locale = getLocale(httpRequest);
List<UserPropertyHandler> propertyHandlers = um.getUserPropertyHandlersFor(PROPERTY_HANDLER_IDENTIFIER, isAdministrativeUser);
for (UserPropertyHandler handler : propertyHandlers) {
if (!params.containsKey(handler.getName()))
continue;
List<String> values = params.get(handler.getName());
if (values.isEmpty())
continue;
String value = formatDbUserProperty(values.get(0), handler, locale);
userProps.put(handler.getName(), value);
}
}
Integer status = Identity.STATUS_VISIBLE_LIMIT;
if (isAdministrativeUser && "all".equalsIgnoreCase(statusVisibleLimit)) {
status = null;
}
identities = BaseSecurityManager.getInstance().getIdentitiesByPowerSearch(login, userProps, true, null, null, authProviders, null, null, null, null, status);
}
int count = 0;
UserVO[] userVOs = new UserVO[identities.size()];
for (Identity identity : identities) {
userVOs[count++] = get(identity);
}
return Response.ok(userVOs).build();
}
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class PersonalRSSServlet method getPersonalFeed.
/**
* Creates a personal RSS document
*
* @param pathInfo
* @return RssDocument
*/
private SyndFeed getPersonalFeed(String pathInfo) {
// pathInfo is like /personal/username/tokenid/olat.rss
int startIdName = PersonalRSSUtil.RSS_PREFIX_PERSONAL.length();
int startIdToken = pathInfo.indexOf("/", PersonalRSSUtil.RSS_PREFIX_PERSONAL.length());
String idName = pathInfo.substring(startIdName, startIdToken);
int startUselessUri = pathInfo.indexOf("/", startIdToken + 1);
String idToken = pathInfo.substring(startIdToken + 1, startUselessUri);
// ---- check integrity and user authentication ----
if (idName == null || idName.equals("")) {
return null;
}
Identity identity = BaseSecurityManager.getInstance().findIdentityByName(idName);
if (identity == null) {
// error - abort
return null;
}
// check if this is a valid authentication
Authentication auth = BaseSecurityManager.getInstance().findAuthentication(identity, PersonalRSSUtil.RSS_AUTH_PROVIDER);
if (auth == null) {
// auth provider will be generated on the fly
return null;
}
if (!auth.getCredential().equals(idToken)) {
// error - wrong authentication
return null;
}
// create rss feed for user notifications
return new PersonalRSSFeed(identity);
}
Aggregations