Search in sources :

Example 66 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class OAuthDispatcher method execute.

@Override
public void execute(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String uri = request.getRequestURI();
    try {
        uri = URLDecoder.decode(uri, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        throw new AssertException("UTF-8 encoding not supported!!!!");
    }
    String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
    uri = uri.substring(uriPrefix.length());
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(uriPrefix, request, response);
    } catch (NumberFormatException nfe) {
        if (log.isDebug()) {
            log.debug("Bad Request " + request.getPathInfo());
        }
        DispatcherModule.sendBadRequest(request.getPathInfo(), response);
        return;
    }
    String error = request.getParameter("error");
    if (null != error) {
        error(ureq, translateOauthError(ureq, error));
        return;
    }
    String problem = request.getParameter("oauth_problem");
    if (problem != null && "token_rejected".equals(problem.trim())) {
        error(ureq, translateOauthError(ureq, error));
        return;
    }
    try {
        HttpSession sess = request.getSession();
        // OAuth 2.0 hasn't any request token
        Token requestToken = (Token) sess.getAttribute(OAuthConstants.REQUEST_TOKEN);
        OAuthService service = (OAuthService) sess.getAttribute(OAuthConstants.OAUTH_SERVICE);
        OAuthSPI provider = (OAuthSPI) sess.getAttribute(OAuthConstants.OAUTH_SPI);
        Token accessToken;
        if (provider == null) {
            log.audit("OAuth Login failed, no provider in request");
            DispatcherModule.redirectToDefaultDispatcher(response);
            return;
        } else if (provider.isImplicitWorkflow()) {
            String idToken = ureq.getParameter("id_token");
            if (idToken == null) {
                redirectImplicitWorkflow(ureq);
                return;
            } else {
                Verifier verifier = OpenIDVerifier.create(ureq, sess);
                accessToken = service.getAccessToken(requestToken, verifier);
            }
        } else {
            String requestVerifier = request.getParameter("oauth_verifier");
            if (requestVerifier == null) {
                // OAuth 2.0 as a code
                requestVerifier = request.getParameter("code");
            }
            accessToken = service.getAccessToken(requestToken, new Verifier(requestVerifier));
        }
        OAuthUser infos = provider.getUser(service, accessToken);
        if (infos == null || !StringHelper.containsNonWhitespace(infos.getId())) {
            error(ureq, translate(ureq, "error.no.id"));
            log.error("OAuth Login failed, no infos extracted from access token: " + accessToken);
            return;
        }
        OAuthRegistration registration = new OAuthRegistration(provider.getProviderName(), infos);
        login(infos, registration);
        if (provider instanceof OAuthUserCreator) {
            Identity newIdentity;
            OAuthUserCreator userCreator = (OAuthUserCreator) provider;
            if (registration.getIdentity() == null) {
                newIdentity = userCreator.createUser(infos);
            } else {
                newIdentity = userCreator.updateUser(infos, registration.getIdentity());
            }
            if (newIdentity != null) {
                registration.setIdentity(newIdentity);
            }
        }
        if (registration.getIdentity() == null) {
            if (CoreSpringFactory.getImpl(OAuthLoginModule.class).isAllowUserCreation()) {
                register(request, response, registration);
            } else {
                error(ureq, translate(ureq, "error.account.creation"));
                log.error("OAuth Login ok but the user has not an account on OpenOLAT: " + infos);
            }
        } else {
            if (ureq.getUserSession() != null) {
                // re-init the activity logger
                ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
            }
            Identity identity = registration.getIdentity();
            int loginStatus = AuthHelper.doLogin(identity, provider.getProviderName(), ureq);
            if (loginStatus != AuthHelper.LOGIN_OK) {
                if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
                    DispatcherModule.redirectToServiceNotAvailable(response);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            } else {
                // update last login date and register active user
                UserDeletionManager.getInstance().setIdentityAsActiv(identity);
                MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
                if (mr instanceof RedirectMediaResource) {
                    RedirectMediaResource rmr = (RedirectMediaResource) mr;
                    rmr.prepare(response);
                } else {
                    // error, redirect to login screen
                    DispatcherModule.redirectToDefaultDispatcher(response);
                }
            }
        }
    } catch (Exception e) {
        log.error("Unexpected error", e);
        error(ureq, translate(ureq, "error.generic"));
    }
}
Also used : AssertException(org.olat.core.logging.AssertException) HttpSession(javax.servlet.http.HttpSession) UnsupportedEncodingException(java.io.UnsupportedEncodingException) Token(org.scribe.model.Token) OpenIDVerifier(org.olat.login.oauth.spi.OpenIDVerifier) Verifier(org.scribe.model.Verifier) AssertException(org.olat.core.logging.AssertException) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) OAuthService(org.scribe.oauth.OAuthService) OAuthUser(org.olat.login.oauth.model.OAuthUser) OAuthRegistration(org.olat.login.oauth.model.OAuthRegistration) RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource) MediaResource(org.olat.core.gui.media.MediaResource) RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource) Identity(org.olat.core.id.Identity) UserRequest(org.olat.core.gui.UserRequest) UserRequestImpl(org.olat.core.gui.UserRequestImpl)

Example 67 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class LDAPAdminController method event.

/**
 * @see org.olat.core.gui.control.DefaultController#event(org.olat.core.gui.UserRequest,
 *      org.olat.core.gui.components.Component,
 *      org.olat.core.gui.control.Event)
 */
@Override
protected void event(UserRequest ureq, Component source, Event event) {
    if (source == syncStartLink) {
        // Start sync job
        // Disable start link during sync
        syncStartLink.setEnabled(false);
        LDAPEvent ldapEvent = new LDAPEvent(LDAPEvent.DO_SYNCHING);
        CoordinatorManager.getInstance().getCoordinator().getEventBus().fireEventToListenersOf(ldapEvent, LDAPLoginManager.ldapSyncLockOres);
        showInfo("admin.synchronize.started");
    } else if (source == syncOneUserLink) {
        userSearchCtrl = new UserSearchController(ureq, getWindowControl(), false);
        listenTo(userSearchCtrl);
        calloutCtr = new CloseableCalloutWindowController(ureq, getWindowControl(), userSearchCtrl.getInitialComponent(), syncOneUserLink, null, true, null);
        calloutCtr.addDisposableChildController(userSearchCtrl);
        calloutCtr.activate();
        listenTo(calloutCtr);
    } else if (source == deletStartLink) {
        // cancel if some one else is making sync or delete job
        if (!ldapLoginManager.acquireSyncLock()) {
            showError("delete.error.lock");
        } else {
            deletStartLink.setEnabled(false);
            // check and get LDAP connection
            LdapContext ctx = ldapLoginManager.bindSystem();
            if (ctx == null) {
                showError("delete.error.connection");
                return;
            }
            // get deleted users
            identitiesToDelete = ldapLoginManager.getIdentitysDeletedInLdap(ctx);
            try {
                ctx.close();
            } catch (NamingException e) {
                showError("delete.error.connection.close");
                logError("Could not close LDAP connection on manual delete sync", e);
            }
            if (identitiesToDelete != null && identitiesToDelete.size() != 0) {
                hasIdentitiesToDelete = true;
                /*
					 * start step which spawns the whole wizard
					 */
                Step start = new DeletStep00(ureq, hasIdentitiesToDelete, identitiesToDelete);
                /*
					 * wizard finish callback called after "finish" is called
					 */
                StepRunnerCallback finishCallback = new StepRunnerCallback() {

                    public Step execute(UserRequest uureq, WindowControl control, StepsRunContext runContext) {
                        hasIdentitiesToDeleteAfterRun = ((Boolean) runContext.get("hasIdentitiesToDelete")).booleanValue();
                        if (hasIdentitiesToDeleteAfterRun) {
                            @SuppressWarnings("unchecked") List<Identity> idToDelete = (List<Identity>) runContext.get("identitiesToDelete");
                            amountUsersToDelete = idToDelete.size();
                            // Delete all identities now and tell everybody that
                            // we are finished
                            ldapLoginManager.deletIdentities(idToDelete);
                            return StepsMainRunController.DONE_MODIFIED;
                        } else {
                            return StepsMainRunController.DONE_UNCHANGED;
                        }
                    // otherwise return without deleting anything
                    }
                };
                deleteStepController = new StepsMainRunController(ureq, getWindowControl(), start, finishCallback, null, translate("admin.deleteUser.title"), "o_sel_ldap_delete_user_wizard");
                listenTo(deleteStepController);
                getWindowControl().pushAsModalDialog(deleteStepController.getInitialComponent());
            } else {
                hasIdentitiesToDelete = false;
                showInfo("delete.step.noUsers");
                deletStartLink.setEnabled(true);
                ldapLoginManager.freeSyncLock();
            }
        }
    } else if (source == removeFallBackAuthsLink) {
        removeFallBackAuthsLink.setEnabled(false);
        ldapLoginManager.removeFallBackAuthentications();
        showInfo("opsuccess");
    }
}
Also used : CloseableCalloutWindowController(org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController) Step(org.olat.core.gui.control.generic.wizard.Step) UserSearchController(org.olat.admin.user.UserSearchController) WindowControl(org.olat.core.gui.control.WindowControl) StepsRunContext(org.olat.core.gui.control.generic.wizard.StepsRunContext) LDAPEvent(org.olat.ldap.LDAPEvent) NamingException(javax.naming.NamingException) List(java.util.List) StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController) Identity(org.olat.core.id.Identity) LdapContext(javax.naming.ldap.LdapContext) StepRunnerCallback(org.olat.core.gui.control.generic.wizard.StepRunnerCallback) UserRequest(org.olat.core.gui.UserRequest)

Example 68 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class BlogHandler method createLaunchController.

/**
 * @see org.olat.repository.handlers.RepositoryHandler#getLaunchController(org.olat.core.id.OLATResourceable,
 *      java.lang.String, org.olat.core.gui.UserRequest,
 *      org.olat.core.gui.control.WindowControl)
 */
@Override
public MainLayoutController createLaunchController(final RepositoryEntry re, RepositoryEntrySecurity reSecurity, UserRequest ureq, WindowControl wControl) {
    boolean isAdmin = ureq.getUserSession().getRoles().isOLATAdmin();
    boolean isOwner = RepositoryManager.getInstance().isOwnerOfRepositoryEntry(ureq.getIdentity(), re);
    final FeedSecurityCallback callback = new FeedResourceSecurityCallback(isAdmin, isOwner);
    SubscriptionContext subsContext = new SubscriptionContext(re.getOlatResource(), re.getSoftkey());
    callback.setSubscriptionContext(subsContext);
    return new FeedRuntimeController(ureq, wControl, re, reSecurity, new RuntimeControllerCreator() {

        @Override
        public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry entry, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
            CoreSpringFactory.getImpl(UserCourseInformationsManager.class).updateUserCourseInformations(entry.getOlatResource(), uureq.getIdentity());
            return new FeedMainController(entry.getOlatResource(), uureq, wwControl, null, null, BlogUIFactory.getInstance(uureq.getLocale()), callback, null);
        }
    });
}
Also used : TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel) AssessmentMode(org.olat.course.assessment.AssessmentMode) FeedMainController(org.olat.modules.webFeed.ui.FeedMainController) FeedSecurityCallback(org.olat.modules.webFeed.FeedSecurityCallback) RepositoryEntry(org.olat.repository.RepositoryEntry) FeedResourceSecurityCallback(org.olat.modules.webFeed.FeedResourceSecurityCallback) WindowControl(org.olat.core.gui.control.WindowControl) FeedMainController(org.olat.modules.webFeed.ui.FeedMainController) StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController) MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController) Controller(org.olat.core.gui.control.Controller) FeedRuntimeController(org.olat.modules.webFeed.ui.FeedRuntimeController) FeedRuntimeController(org.olat.modules.webFeed.ui.FeedRuntimeController) RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) SubscriptionContext(org.olat.core.commons.services.notifications.SubscriptionContext) UserRequest(org.olat.core.gui.UserRequest)

Example 69 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class WikiHandler method createLaunchController.

@Override
public MainLayoutController createLaunchController(RepositoryEntry re, RepositoryEntrySecurity reSecurity, UserRequest ureq, WindowControl wControl) {
    // first handle special case: disabled wiki for security (XSS Attacks) reasons
    BaseSecurityModule securityModule = CoreSpringFactory.getImpl(BaseSecurityModule.class);
    if (!securityModule.isWikiEnabled()) {
        return RepositoyUIFactory.createRepoEntryDisabledDueToSecurityMessageController(ureq, wControl);
    }
    // check role
    boolean isOLatAdmin = ureq.getUserSession().getRoles().isOLATAdmin();
    boolean isGuestOnly = ureq.getUserSession().getRoles().isGuestOnly();
    boolean isResourceOwner = false;
    if (isOLatAdmin) {
        isResourceOwner = true;
    } else {
        isResourceOwner = reSecurity.isOwner();
    }
    OLATResource res = re.getOlatResource();
    BusinessControl bc = wControl.getBusinessControl();
    final ContextEntry ce = bc.popLauncherContextEntry();
    SubscriptionContext subsContext = new SubscriptionContext(res, WikiManager.WIKI_RESOURCE_FOLDER_NAME);
    final WikiSecurityCallback callback = new WikiSecurityCallbackImpl(null, isOLatAdmin, isGuestOnly, false, isResourceOwner, subsContext);
    RepositoryEntryRuntimeController runtime = new RepositoryEntryRuntimeController(ureq, wControl, re, reSecurity, new RuntimeControllerCreator() {

        @Override
        public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry entry, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
            CoreSpringFactory.getImpl(UserCourseInformationsManager.class).updateUserCourseInformations(entry.getOlatResource(), uureq.getIdentity());
            Controller controller;
            if (ce != null) {
                // jump to a certain context
                OLATResourceable ores = ce.getOLATResourceable();
                String typeName = ores.getResourceableTypeName();
                String page = typeName.substring("page=".length());
                controller = new WikiMainController(uureq, wwControl, entry.getOlatResource(), callback, page);
            } else {
                controller = new WikiMainController(uureq, wwControl, entry.getOlatResource(), callback, null);
            }
            return new OLATResourceableListeningWrapperController(uureq, wwControl, entry.getOlatResource(), controller, null, uureq.getIdentity());
        }
    });
    return runtime;
}
Also used : TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel) AssessmentMode(org.olat.course.assessment.AssessmentMode) OLATResourceable(org.olat.core.id.OLATResourceable) WikiMainController(org.olat.modules.wiki.WikiMainController) BusinessControl(org.olat.core.id.context.BusinessControl) BaseSecurityModule(org.olat.basesecurity.BaseSecurityModule) OLATResource(org.olat.resource.OLATResource) RepositoryEntry(org.olat.repository.RepositoryEntry) WindowControl(org.olat.core.gui.control.WindowControl) OLATResourceableListeningWrapperController(org.olat.core.util.controller.OLATResourceableListeningWrapperController) StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController) MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController) RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController) Controller(org.olat.core.gui.control.Controller) WikiMainController(org.olat.modules.wiki.WikiMainController) ContextEntry(org.olat.core.id.context.ContextEntry) RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController) RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator) WikiSecurityCallbackImpl(org.olat.modules.wiki.WikiSecurityCallbackImpl) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) OLATResourceableListeningWrapperController(org.olat.core.util.controller.OLATResourceableListeningWrapperController) SubscriptionContext(org.olat.core.commons.services.notifications.SubscriptionContext) WikiSecurityCallback(org.olat.modules.wiki.WikiSecurityCallback) UserRequest(org.olat.core.gui.UserRequest)

Example 70 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class CourseHandler method createWizardController.

@Override
public StepsMainRunController createWizardController(OLATResourceable res, UserRequest ureq, WindowControl wControl) {
    // load the course structure
    final RepositoryEntry repoEntry = (RepositoryEntry) res;
    ICourse course = CourseFactory.loadCourse(repoEntry);
    Translator cceTranslator = Util.createPackageTranslator(CourseCreationHelper.class, ureq.getLocale());
    final CourseCreationConfiguration courseConfig = new CourseCreationConfiguration(course.getCourseTitle(), Settings.getServerContextPathURI() + "/url/RepositoryEntry/" + repoEntry.getKey());
    // wizard finish callback called after "finish" is called
    final CourseCreationHelper ccHelper = new CourseCreationHelper(ureq.getLocale(), repoEntry, courseConfig, course);
    StepRunnerCallback finishCallback = new StepRunnerCallback() {

        public Step execute(UserRequest uureq, WindowControl control, StepsRunContext runContext) {
            // retrieve access and properties
            CourseAccessAndProperties accessAndProps = (CourseAccessAndProperties) runContext.get("accessAndProperties");
            courseConfig.setAccessAndProperties(accessAndProps);
            // here goes the code which reads out the wizards data from the runContext and then does some wizardry
            ccHelper.finalizeWorkflow(uureq);
            control.setInfo(CourseCreationMailHelper.getSuccessMessageString(uureq));
            // send notification mail
            final MailerResult mr = CourseCreationMailHelper.sentNotificationMail(uureq, ccHelper.getConfiguration());
            MailHelper.printErrorsAndWarnings(mr, control, uureq.getUserSession().getRoles().isOLATAdmin(), uureq.getLocale());
            return StepsMainRunController.DONE_MODIFIED;
        }
    };
    Step start = new CcStep00(ureq, courseConfig, repoEntry);
    StepsMainRunController ccSMRC = new StepsMainRunController(ureq, wControl, start, finishCallback, null, cceTranslator.translate("coursecreation.title"), "o_sel_course_create_wizard");
    return ccSMRC;
}
Also used : CcStep00(de.tuchemnitz.wizard.workflows.coursecreation.steps.CcStep00) MailerResult(org.olat.core.util.mail.MailerResult) CourseCreationHelper(de.tuchemnitz.wizard.workflows.coursecreation.CourseCreationHelper) ICourse(org.olat.course.ICourse) RepositoryEntry(org.olat.repository.RepositoryEntry) Step(org.olat.core.gui.control.generic.wizard.Step) WindowControl(org.olat.core.gui.control.WindowControl) StepsRunContext(org.olat.core.gui.control.generic.wizard.StepsRunContext) CourseAccessAndProperties(org.olat.course.editor.CourseAccessAndProperties) Translator(org.olat.core.gui.translator.Translator) CourseCreationConfiguration(de.tuchemnitz.wizard.workflows.coursecreation.model.CourseCreationConfiguration) StepsMainRunController(org.olat.core.gui.control.generic.wizard.StepsMainRunController) StepRunnerCallback(org.olat.core.gui.control.generic.wizard.StepRunnerCallback) UserRequest(org.olat.core.gui.UserRequest)

Aggregations

UserRequest (org.olat.core.gui.UserRequest)314 WindowControl (org.olat.core.gui.control.WindowControl)154 Identity (org.olat.core.id.Identity)92 ControllerCreator (org.olat.core.gui.control.creator.ControllerCreator)74 RestSecurityHelper.getUserRequest (org.olat.restapi.security.RestSecurityHelper.getUserRequest)68 Path (javax.ws.rs.Path)64 StepsMainRunController (org.olat.core.gui.control.generic.wizard.StepsMainRunController)64 Controller (org.olat.core.gui.control.Controller)62 RepositoryEntry (org.olat.repository.RepositoryEntry)58 Step (org.olat.core.gui.control.generic.wizard.Step)56 StepRunnerCallback (org.olat.core.gui.control.generic.wizard.StepRunnerCallback)56 StepsRunContext (org.olat.core.gui.control.generic.wizard.StepsRunContext)56 ArrayList (java.util.ArrayList)46 ICourse (org.olat.course.ICourse)44 Produces (javax.ws.rs.Produces)40 List (java.util.List)36 LayoutMain3ColsController (org.olat.core.commons.fullWebApp.LayoutMain3ColsController)36 PUT (javax.ws.rs.PUT)32 UserRequestImpl (org.olat.core.gui.UserRequestImpl)30 RestSecurityHelper.getIdentity (org.olat.restapi.security.RestSecurityHelper.getIdentity)30