Example 41 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class LDAPLoginManagerImpl method removeFallBackAuthentications.
/**
* remove all cached authentications for fallback-login. useful if users logged in first with a default pw and changed it outside in AD/LDAP, but OLAT doesn't know about.
* removing fallback-auths means login is only possible by AD/LDAP and if server is reachable!
* see FXOLAT-284
*/
@Override
public void removeFallBackAuthentications() {
if (ldapLoginModule.isCacheLDAPPwdAsOLATPwdOnLogin()) {
SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
if (ldapGroup == null) {
log.error("Cannot get user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
}
List<Identity> ldapIdents = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
log.info("found " + ldapIdents.size() + " identies in ldap security group");
int count = 0;
for (Identity identity : ldapIdents) {
Authentication auth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
if (auth != null) {
securityManager.deleteAuthentication(auth);
count++;
}
if (count % 20 == 0) {
dbInstance.intermediateCommit();
}
}
log.info("removed cached authentications (fallback login provider: " + BaseSecurityModule.getDefaultAuthProviderIdentifier() + ") for " + count + " users.");
}
}
Also used :
Authentication(org.olat.basesecurity.Authentication)
SecurityGroup(org.olat.basesecurity.SecurityGroup)
Identity(org.olat.core.id.Identity)
Example 42 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class OLATAuthManager method authenticate.
/**
* @param identity
* @param password
* @param provider
* @return
*/
@Override
public Identity authenticate(Identity ident, String login, String password) {
Authentication authentication;
if (ident == null) {
// check for email instead of username if ident is null
if (loginModule.isAllowLoginUsingEmail()) {
if (MailHelper.isValidEmailAddress(login)) {
List<Identity> identities = userManager.findIdentitiesByEmail(Collections.singletonList(login));
// check for email changed with verification workflow
if (identities.size() == 1) {
ident = identities.get(0);
} else if (identities.size() > 1) {
logError("more than one identity found with email::" + login, null);
}
if (ident == null) {
ident = findIdentInChangingEmailWorkflow(login);
}
}
}
if (ident == null) {
authentication = securityManager.findAuthenticationByAuthusername(login, "OLAT");
} else {
authentication = securityManager.findAuthentication(ident, "OLAT");
}
} else {
authentication = securityManager.findAuthentication(ident, "OLAT");
}
if (authentication == null) {
log.audit("Cannot authenticate user " + login + " via provider OLAT", OLATAuthenticationController.class.getName());
return null;
}
// find OLAT authentication provider
if (securityManager.checkCredentials(authentication, password)) {
Algorithm algorithm = Algorithm.find(authentication.getAlgorithm());
if (Algorithm.md5.equals(algorithm)) {
Algorithm defAlgorithm = loginModule.getDefaultHashAlgorithm();
authentication = securityManager.updateCredentials(authentication, password, defAlgorithm);
}
Identity identity = authentication.getIdentity();
if (identity != null && webDAVAuthManager != null) {
webDAVAuthManager.upgradePassword(identity, login, password);
}
return identity;
}
log.audit("Cannot authenticate user " + login + " via provider OLAT", OLATAuthenticationController.class.getName());
return null;
}
Also used :
OLATAuthenticationController(org.olat.login.OLATAuthenticationController)
Authentication(org.olat.basesecurity.Authentication)
Identity(org.olat.core.id.Identity)
Algorithm(org.olat.core.util.Encoder.Algorithm)
Example 43 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class OLATAuthManager method changePassword.
/**
* Change the password of an identity. if the given identity is a LDAP-User,
* the pw-change is propagated to LDAP (according to config) NOTE: caller of
* this method should check if identity is allowed to change it's own pw [
* UserModule.isPwdchangeallowed(Identity ident) ], applies only if doer
* equals identity
*
* @param doer
* Identity who is changing the password
* @param identity
* Identity who's password is beeing changed.
* @param newPwd
* New password.
* @return True upon success.
*/
public boolean changePassword(Identity doer, Identity identity, String newPwd) {
if (doer == null)
throw new AssertException("password changing identity cannot be undefined!");
if (identity.getKey() == null)
throw new AssertException("cannot change password on a nonpersisted identity");
// o_clusterREVIEW
identity = securityManager.loadIdentityByKey(identity.getKey());
boolean allOk = false;
Authentication ldapAuth = securityManager.findAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP);
if (ldapAuth != null) {
if (ldapLoginModule.isPropagatePasswordChangedOnLdapServer()) {
LDAPError ldapError = new LDAPError();
ldapLoginManager.changePassword(identity, newPwd, ldapError);
log.audit(doer.getName() + " change the password on the LDAP server for identity: " + identity.getName());
allOk = ldapError.isEmpty();
if (allOk && ldapLoginModule.isCacheLDAPPwdAsOLATPwdOnLogin()) {
allOk &= changeOlatPassword(doer, identity, identity.getName(), newPwd);
}
}
} else {
allOk = changeOlatPassword(doer, identity, identity.getName(), newPwd);
}
if (allOk) {
sendConfirmationEmail(doer, identity);
// remove
try {
loginModule.clearFailedLoginAttempts(identity.getName());
loginModule.clearFailedLoginAttempts(identity.getUser().getEmail());
} catch (Exception e) {
log.error("", e);
}
}
return allOk;
}
Also used :
AssertException(org.olat.core.logging.AssertException)
Authentication(org.olat.basesecurity.Authentication)
LDAPError(org.olat.ldap.LDAPError)
AssertException(org.olat.core.logging.AssertException)
Example 44 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class OLATAuthManager method changeOlatPassword.
/**
* This update the OLAT and the HA1 passwords
* @param doer
* @param identity
* @param newPwd
* @return
*/
public boolean changeOlatPassword(Identity doer, Identity identity, String username, String newPwd) {
Authentication auth = securityManager.findAuthentication(identity, "OLAT");
if (auth == null) {
// create new authentication for provider OLAT
auth = securityManager.createAndPersistAuthentication(identity, "OLAT", identity.getName(), newPwd, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " created new authenticatin for identity: " + identity.getName());
} else {
auth = securityManager.updateCredentials(auth, newPwd, loginModule.getDefaultHashAlgorithm());
log.audit(doer.getName() + " set new password for identity: " + identity.getName());
}
if (identity != null && StringHelper.containsNonWhitespace(username) && webDAVAuthManager != null) {
webDAVAuthManager.changeDigestPassword(doer, identity, newPwd);
}
return true;
}
Also used :
Authentication(org.olat.basesecurity.Authentication)
Example 45 with Authentication
use of org.olat.basesecurity.Authentication in project openolat by klemens.
the class OAuthDispatcher method login.
private void login(OAuthUser infos, OAuthRegistration registration) {
String id = infos.getId();
// has an identifier
Authentication auth = null;
if (StringHelper.containsNonWhitespace(id)) {
auth = securityManager.findAuthenticationByAuthusername(id, registration.getAuthProvider());
if (auth == null) {
String email = infos.getEmail();
if (StringHelper.containsNonWhitespace(email)) {
Identity identity = userManager.findUniqueIdentityByEmail(email);
if (identity == null) {
identity = securityManager.findIdentityByName(id);
}
if (identity != null) {
auth = securityManager.createAndPersistAuthentication(identity, registration.getAuthProvider(), id, null, null);
registration.setIdentity(identity);
} else {
log.error("OAuth Login failed, user with user name " + email + " not found.");
}
}
} else {
registration.setIdentity(auth.getIdentity());
}
}
}
Also used :
Authentication(org.olat.basesecurity.Authentication)
Identity(org.olat.core.id.Identity)
Aggregations
Authentication (org.olat.basesecurity.Authentication)82
Identity (org.olat.core.id.Identity)46
BaseSecurity (org.olat.basesecurity.BaseSecurity)16
Test (org.junit.Test)10
RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)8
AuthenticationVO (org.olat.restapi.support.vo.AuthenticationVO)8
URI (java.net.URI)6
ArrayList (java.util.ArrayList)6
Produces (javax.ws.rs.Produces)6
HttpResponse (org.apache.http.HttpResponse)6
SecurityGroup (org.olat.basesecurity.SecurityGroup)6
Locale (java.util.Locale)4
GET (javax.ws.rs.GET)4
HttpPut (org.apache.http.client.methods.HttpPut)4
AssertException (org.olat.core.logging.AssertException)4
DBRuntimeException (org.olat.core.logging.DBRuntimeException)4
Algorithm (org.olat.core.util.Encoder.Algorithm)4
TemporaryKey (org.olat.registration.TemporaryKey)4
ErrorVO (org.olat.restapi.support.vo.ErrorVO)4
UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)4
