Search in sources :

Example 21 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class ViteroManager method getVmsUserId.

protected GetUserInfo getVmsUserId(Identity identity, boolean create) throws VmsNotAvailableException {
    int userId;
    boolean created = false;
    closeDBSessionSafely();
    Authentication authentication = securityManager.findAuthentication(identity, VMS_PROVIDER);
    if (authentication == null) {
        if (create) {
            created = true;
            userId = createVmsUser(identity);
            if (userId > 0) {
                securityManager.createAndPersistAuthentication(identity, VMS_PROVIDER, Integer.toString(userId), null, null);
            }
        } else {
            userId = -1;
        }
    } else {
        userId = Integer.parseInt(authentication.getAuthusername());
    }
    closeDBSessionSafely();
    return new GetUserInfo(created, userId);
}
Also used : GetUserInfo(org.olat.modules.vitero.model.GetUserInfo) Authentication(org.olat.basesecurity.Authentication)

Example 22 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManagerTest method updatePassword.

@Test
public void updatePassword() {
    // create an identity
    Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-1");
    dbInstance.commitAndCloseSession();
    Assert.assertNotNull(id);
    id.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, "inst_" + id.getUser().getEmail());
    userManager.updateUser(id.getUser());
    dbInstance.commitAndCloseSession();
    // update its password
    webdavAuthManager.upgradePassword(id, id.getName(), "secret");
    // check digest providers
    Authentication ha1Authentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_EMAIL);
    Assert.assertNotNull(ha1Authentication);
    String digestEmailToken = Encoder.md5hash(id.getUser().getEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
    Assert.assertEquals(digestEmailToken, ha1Authentication.getCredential());
    Authentication ha1InstAuthentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNotNull(ha1InstAuthentication);
    String digestInstEmailToken = Encoder.md5hash(id.getUser().getInstitutionalEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
    Assert.assertEquals(digestInstEmailToken, ha1InstAuthentication.getCredential());
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity) Test(org.junit.Test)

Example 23 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManagerTest method updatePassword_duplicate.

/**
 * Check the case of bad data quality and duplicate institutional email
 * adresss.
 */
@Test
public void updatePassword_duplicate() {
    // create an identity
    Identity id1 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-2");
    Identity id2 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-3");
    dbInstance.commit();
    String uuid = UUID.randomUUID().toString();
    id1.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
    id2.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
    userManager.updateUser(id1.getUser());
    userManager.updateUser(id2.getUser());
    dbInstance.commitAndCloseSession();
    // update  password id 1
    webdavAuthManager.upgradePassword(id1, id1.getName(), "secret");
    dbInstance.commitAndCloseSession();
    // update  password id 2
    // this one will have a problem to update the password, but it need to be silent
    webdavAuthManager.upgradePassword(id2, id2.getName(), "secret");
    // check the authentication
    // check the connection is useable
    Authentication ha1InstAuthentication1 = securityManager.findAuthentication(id1, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNotNull(ha1InstAuthentication1);
    Authentication ha1InstAuthentication2 = securityManager.findAuthentication(id2, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNull(ha1InstAuthentication2);
    // check the connection is clean
    dbInstance.commit();
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity) Test(org.junit.Test)

Example 24 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserWebService method getUserListQuery.

/**
 * Search users and return them in a simple form (without user properties). User properties
 * can be added two the query parameters. If the authUsername and the authProvider are set,
 * the search is made only with these two parameters because they are sufficient to return
 * a single user.<br>
 * The search with login and user properties are made default with wild cards. If an exact
 * match is needed, the parameter msut be quoted:<br>
 * users?login="username"<br>
 * Don't forget the right escaping in the URL!<br>
 * You can make a search with the user properties like this:<br>
 * users?telMobile=39847592&login=test
 * <br >/ The lookup is possible for authors, usermanagers and system administrators. Normal
 * users are not allowed to use the lookup service.
 *
 * @response.representation.200.qname {http://www.example.com}userVO
 * @response.representation.200.mediaType application/xml, application/json
 * @response.representation.200.doc The list of all users in the OLAT system
 * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @param login The login (search with like)
 * @param authProvider An authentication provider (optional)
 * @param authUsername An specific username from the authentication provider
 * @param uriInfo The URI infos
 * @param httpRequest The HTTP request
 * @return An array of users
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getUserListQuery(@QueryParam("login") String login, @QueryParam("authProvider") String authProvider, @QueryParam("authUsername") String authUsername, @QueryParam("statusVisibleLimit") String statusVisibleLimit, @Context UriInfo uriInfo, @Context HttpServletRequest httpRequest) {
    // User lookup allowed for authors, usermanagers and admins. For
    // usernamanger and up are considered "administrative" when it comes to
    // lookup of the user properties
    boolean isAdministrativeUser = isUserManager(httpRequest);
    if (!isAdministrativeUser && !isAuthor(httpRequest)) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
    List<Identity> identities;
    // make only a search by authUsername
    if (StringHelper.containsNonWhitespace(authProvider) && StringHelper.containsNonWhitespace(authUsername)) {
        Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(authUsername, authProvider);
        if (auth == null) {
            identities = Collections.emptyList();
        } else {
            identities = Collections.singletonList(auth.getIdentity());
        }
    } else {
        String[] authProviders = null;
        if (StringHelper.containsNonWhitespace(authProvider)) {
            authProviders = new String[] { authProvider };
        }
        // retrieve and convert the parameters value
        Map<String, String> userProps = new HashMap<String, String>();
        if (!params.isEmpty()) {
            UserManager um = UserManager.getInstance();
            Locale locale = getLocale(httpRequest);
            List<UserPropertyHandler> propertyHandlers = um.getUserPropertyHandlersFor(PROPERTY_HANDLER_IDENTIFIER, isAdministrativeUser);
            for (UserPropertyHandler handler : propertyHandlers) {
                if (!params.containsKey(handler.getName()))
                    continue;
                List<String> values = params.get(handler.getName());
                if (values.isEmpty())
                    continue;
                String value = formatDbUserProperty(values.get(0), handler, locale);
                userProps.put(handler.getName(), value);
            }
        }
        Integer status = Identity.STATUS_VISIBLE_LIMIT;
        if (isAdministrativeUser && "all".equalsIgnoreCase(statusVisibleLimit)) {
            status = null;
        }
        identities = BaseSecurityManager.getInstance().getIdentitiesByPowerSearch(login, userProps, true, null, null, authProviders, null, null, null, null, status);
    }
    int count = 0;
    UserVO[] userVOs = new UserVO[identities.size()];
    for (Identity identity : identities) {
        userVOs[count++] = get(identity);
    }
    return Response.ok(userVOs).build();
}
Also used : Locale(java.util.Locale) RestSecurityHelper.getLocale(org.olat.restapi.security.RestSecurityHelper.getLocale) HashMap(java.util.HashMap) Authentication(org.olat.basesecurity.Authentication) UserManager(org.olat.user.UserManager) RestSecurityHelper.isUserManager(org.olat.restapi.security.RestSecurityHelper.isUserManager) Identity(org.olat.core.id.Identity) RestSecurityHelper.getIdentity(org.olat.restapi.security.RestSecurityHelper.getIdentity) UserPropertyHandler(org.olat.user.propertyhandlers.UserPropertyHandler) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 25 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class PersonalRSSServlet method getPersonalFeed.

/**
 * Creates a personal RSS document
 *
 * @param pathInfo
 * @return RssDocument
 */
private SyndFeed getPersonalFeed(String pathInfo) {
    // pathInfo is like /personal/username/tokenid/olat.rss
    int startIdName = PersonalRSSUtil.RSS_PREFIX_PERSONAL.length();
    int startIdToken = pathInfo.indexOf("/", PersonalRSSUtil.RSS_PREFIX_PERSONAL.length());
    String idName = pathInfo.substring(startIdName, startIdToken);
    int startUselessUri = pathInfo.indexOf("/", startIdToken + 1);
    String idToken = pathInfo.substring(startIdToken + 1, startUselessUri);
    // ---- check integrity and user authentication ----
    if (idName == null || idName.equals("")) {
        return null;
    }
    Identity identity = BaseSecurityManager.getInstance().findIdentityByName(idName);
    if (identity == null) {
        // error - abort
        return null;
    }
    // check if this is a valid authentication
    Authentication auth = BaseSecurityManager.getInstance().findAuthentication(identity, PersonalRSSUtil.RSS_AUTH_PROVIDER);
    if (auth == null) {
        // auth provider will be generated on the fly
        return null;
    }
    if (!auth.getCredential().equals(idToken)) {
        // error - wrong authentication
        return null;
    }
    // create rss feed for user notifications
    return new PersonalRSSFeed(identity);
}
Also used : Authentication(org.olat.basesecurity.Authentication) Identity(org.olat.core.id.Identity)

Aggregations

Authentication (org.olat.basesecurity.Authentication)82 Identity (org.olat.core.id.Identity)46 BaseSecurity (org.olat.basesecurity.BaseSecurity)16 Test (org.junit.Test)10 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8 AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8 URI (java.net.URI)6 ArrayList (java.util.ArrayList)6 Produces (javax.ws.rs.Produces)6 HttpResponse (org.apache.http.HttpResponse)6 SecurityGroup (org.olat.basesecurity.SecurityGroup)6 Locale (java.util.Locale)4 GET (javax.ws.rs.GET)4 HttpPut (org.apache.http.client.methods.HttpPut)4 AssertException (org.olat.core.logging.AssertException)4 DBRuntimeException (org.olat.core.logging.DBRuntimeException)4 Algorithm (org.olat.core.util.Encoder.Algorithm)4 TemporaryKey (org.olat.registration.TemporaryKey)4 ErrorVO (org.olat.restapi.support.vo.ErrorVO)4 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4