Examples with Authentication org.olat.basesecurity.Authentication used on opensource projects

Example 21 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class ViteroManager method getVmsUserId.

protected GetUserInfo getVmsUserId(Identity identity, boolean create) throws VmsNotAvailableException {
    int userId;
    boolean created = false;
    closeDBSessionSafely();
    Authentication authentication = securityManager.findAuthentication(identity, VMS_PROVIDER);
    if (authentication == null) {
        if (create) {
            created = true;
            userId = createVmsUser(identity);
            if (userId > 0) {
                securityManager.createAndPersistAuthentication(identity, VMS_PROVIDER, Integer.toString(userId), null, null);
            }
        } else {
            userId = -1;
        }
    } else {
        userId = Integer.parseInt(authentication.getAuthusername());
    }
    closeDBSessionSafely();
    return new GetUserInfo(created, userId);
}

Example 22 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManagerTest method updatePassword.

@Test
public void updatePassword() {
    // create an identity
    Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-1");
    dbInstance.commitAndCloseSession();
    Assert.assertNotNull(id);
    id.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, "inst_" + id.getUser().getEmail());
    userManager.updateUser(id.getUser());
    dbInstance.commitAndCloseSession();
    // update its password
    webdavAuthManager.upgradePassword(id, id.getName(), "secret");
    // check digest providers
    Authentication ha1Authentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_EMAIL);
    Assert.assertNotNull(ha1Authentication);
    String digestEmailToken = Encoder.md5hash(id.getUser().getEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
    Assert.assertEquals(digestEmailToken, ha1Authentication.getCredential());
    Authentication ha1InstAuthentication = securityManager.findAuthentication(id, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNotNull(ha1InstAuthentication);
    String digestInstEmailToken = Encoder.md5hash(id.getUser().getInstitutionalEmail() + ":" + WebDAVManagerImpl.BASIC_AUTH_REALM + ":secret");
    Assert.assertEquals(digestInstEmailToken, ha1InstAuthentication.getCredential());
}

Example 23 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class WebDAVAuthManagerTest method updatePassword_duplicate.

/**
 * Check the case of bad data quality and duplicate institutional email
 * adresss.
 */
@Test
public void updatePassword_duplicate() {
    // create an identity
    Identity id1 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-2");
    Identity id2 = JunitTestHelper.createAndPersistIdentityAsRndUser("update-wedbav-3");
    dbInstance.commit();
    String uuid = UUID.randomUUID().toString();
    id1.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
    id2.getUser().setProperty(UserConstants.INSTITUTIONALEMAIL, uuid);
    userManager.updateUser(id1.getUser());
    userManager.updateUser(id2.getUser());
    dbInstance.commitAndCloseSession();
    // update  password id 1
    webdavAuthManager.upgradePassword(id1, id1.getName(), "secret");
    dbInstance.commitAndCloseSession();
    // update  password id 2
    // this one will have a problem to update the password, but it need to be silent
    webdavAuthManager.upgradePassword(id2, id2.getName(), "secret");
    // check the authentication
    // check the connection is useable
    Authentication ha1InstAuthentication1 = securityManager.findAuthentication(id1, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNotNull(ha1InstAuthentication1);
    Authentication ha1InstAuthentication2 = securityManager.findAuthentication(id2, WebDAVAuthManager.PROVIDER_HA1_INSTITUTIONAL_EMAIL);
    Assert.assertNull(ha1InstAuthentication2);
    // check the connection is clean
    dbInstance.commit();
}

Example 24 with Authentication

use of org.olat.basesecurity.Authentication in project OpenOLAT by OpenOLAT.

the class UserWebService method getUserListQuery.

/**
 * Search users and return them in a simple form (without user properties). User properties
 * can be added two the query parameters. If the authUsername and the authProvider are set,
 * the search is made only with these two parameters because they are sufficient to return
 * a single user.<br>
 * The search with login and user properties are made default with wild cards. If an exact
 * match is needed, the parameter msut be quoted:<br>
 * users?login="username"<br>
 * Don't forget the right escaping in the URL!<br>
 * You can make a search with the user properties like this:<br>
 * users?telMobile=39847592&login=test
 * <br >/ The lookup is possible for authors, usermanagers and system administrators. Normal
 * users are not allowed to use the lookup service.
 *
 * @response.representation.200.qname {http://www.example.com}userVO
 * @response.representation.200.mediaType application/xml, application/json
 * @response.representation.200.doc The list of all users in the OLAT system
 * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVOes}
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @param login The login (search with like)
 * @param authProvider An authentication provider (optional)
 * @param authUsername An specific username from the authentication provider
 * @param uriInfo The URI infos
 * @param httpRequest The HTTP request
 * @return An array of users
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getUserListQuery(@QueryParam("login") String login, @QueryParam("authProvider") String authProvider, @QueryParam("authUsername") String authUsername, @QueryParam("statusVisibleLimit") String statusVisibleLimit, @Context UriInfo uriInfo, @Context HttpServletRequest httpRequest) {
    // User lookup allowed for authors, usermanagers and admins. For
    // usernamanger and up are considered "administrative" when it comes to
    // lookup of the user properties
    boolean isAdministrativeUser = isUserManager(httpRequest);
    if (!isAdministrativeUser && !isAuthor(httpRequest)) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
    List<Identity> identities;
    // make only a search by authUsername
    if (StringHelper.containsNonWhitespace(authProvider) && StringHelper.containsNonWhitespace(authUsername)) {
        Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(authUsername, authProvider);
        if (auth == null) {
            identities = Collections.emptyList();
        } else {
            identities = Collections.singletonList(auth.getIdentity());
        }
    } else {
        String[] authProviders = null;
        if (StringHelper.containsNonWhitespace(authProvider)) {
            authProviders = new String[] { authProvider };
        }
        // retrieve and convert the parameters value
        Map<String, String> userProps = new HashMap<String, String>();
        if (!params.isEmpty()) {
            UserManager um = UserManager.getInstance();
            Locale locale = getLocale(httpRequest);
            List<UserPropertyHandler> propertyHandlers = um.getUserPropertyHandlersFor(PROPERTY_HANDLER_IDENTIFIER, isAdministrativeUser);
            for (UserPropertyHandler handler : propertyHandlers) {
                if (!params.containsKey(handler.getName()))
                    continue;
                List<String> values = params.get(handler.getName());
                if (values.isEmpty())
                    continue;
                String value = formatDbUserProperty(values.get(0), handler, locale);
                userProps.put(handler.getName(), value);
            }
        }
        Integer status = Identity.STATUS_VISIBLE_LIMIT;
        if (isAdministrativeUser && "all".equalsIgnoreCase(statusVisibleLimit)) {
            status = null;
        }
        identities = BaseSecurityManager.getInstance().getIdentitiesByPowerSearch(login, userProps, true, null, null, authProviders, null, null, null, null, status);
    }
    int count = 0;
    UserVO[] userVOs = new UserVO[identities.size()];
    for (Identity identity : identities) {
        userVOs[count++] = get(identity);
    }
    return Response.ok(userVOs).build();
}

Example 25 with Authentication

use of org.olat.basesecurity.Authentication in project openolat by klemens.

the class PersonalRSSServlet method getPersonalFeed.

/**
 * Creates a personal RSS document
 *
 * @param pathInfo
 * @return RssDocument
 */
private SyndFeed getPersonalFeed(String pathInfo) {
    // pathInfo is like /personal/username/tokenid/olat.rss
    int startIdName = PersonalRSSUtil.RSS_PREFIX_PERSONAL.length();
    int startIdToken = pathInfo.indexOf("/", PersonalRSSUtil.RSS_PREFIX_PERSONAL.length());
    String idName = pathInfo.substring(startIdName, startIdToken);
    int startUselessUri = pathInfo.indexOf("/", startIdToken + 1);
    String idToken = pathInfo.substring(startIdToken + 1, startUselessUri);
    // ---- check integrity and user authentication ----
    if (idName == null || idName.equals("")) {
        return null;
    }
    Identity identity = BaseSecurityManager.getInstance().findIdentityByName(idName);
    if (identity == null) {
        // error - abort
        return null;
    }
    // check if this is a valid authentication
    Authentication auth = BaseSecurityManager.getInstance().findAuthentication(identity, PersonalRSSUtil.RSS_AUTH_PROVIDER);
    if (auth == null) {
        // auth provider will be generated on the fly
        return null;
    }
    if (!auth.getCredential().equals(idToken)) {
        // error - wrong authentication
        return null;
    }
    // create rss feed for user notifications
    return new PersonalRSSFeed(identity);
}