Merge OpenOLAT 10.0 to OpenOLAT default branch with 6692dd492e95637f29e8956b5306dc48e0c6db6d

78095bec · srosse · 8b284dde · d9bba26a · 78095bec · 78095bec
Commit 78095bec authored 10 years ago by srosse
--- a/src/main/java/org/olat/course/nodes/CheckListCourseNode.java
+++ b/src/main/java/org/olat/course/nodes/CheckListCourseNode.java
@@ -686,7 +686,7 @@ public class CheckListCourseNode extends AbstractAccessableCourseNode implements
 		Boolean manualCorrection = (Boolean)config.get(CheckListCourseNode.CONFIG_KEY_PASSED_MANUAL_CORRECTION);
 		if(manualCorrection == null || !manualCorrection.booleanValue()) {
 			//update passed
-			if((currentPassed == null && updatedPassed != null && updatedScore.floatValue() > 0f)
+			if((currentPassed == null && updatedPassed != null && updatedScore != null && updatedScore.floatValue() > 0f)
 					|| (currentPassed != null && updatedPassed == null)
 					|| (currentPassed != null && !currentPassed.equals(updatedPassed))) {
 				needUpdate = true;	

--- a/src/main/java/org/olat/login/auth/OLATAuthManager.java
+++ b/src/main/java/org/olat/login/auth/OLATAuthManager.java
@@ -104,12 +104,12 @@ public class OLATAuthManager extends BasicManager implements AuthenticationSPI {
 			// check for email instead of username if ident is null
 			if(LoginModule.allowLoginUsingEmail()) {
 				if (MailHelper.isValidEmailAddress(login)){
-	  	 	 	ident = userManager.findIdentityByEmail(login);
-	  	 	 	// check for email changed with verification workflow
+					ident = userManager.findIdentityByEmail(login);
+					// check for email changed with verification workflow
 					if (ident == null) {
 						ident = findIdentInChangingEmailWorkflow(login);
 					}
-	  	 	}
+				}
 			} 
 			
 			if(ident == null) {

--- a/src/main/java/org/olat/modules/fo/FilterForUserController.java
+++ b/src/main/java/org/olat/modules/fo/FilterForUserController.java
@@ -81,6 +81,7 @@ import org.olat.core.util.vfs.filters.VFSItemExcludePrefixFilter;
 import org.olat.user.DisplayPortraitController;
 import org.olat.user.UserInfoMainController;
 import org.olat.user.UserManager;
+import org.springframework.beans.factory.annotation.Autowired;

 /**
 * 
@@ -119,12 +120,15 @@ public class FilterForUserController extends BasicController {
 	
 	private final OLATResourceable forumOres;
 	private final String thumbMapper;
+	
+	@Autowired
+	private ForumManager forumManager;

 	public FilterForUserController(UserRequest ureq, WindowControl wControl, Forum forum) {
 		super(ureq, wControl);
 		this.forum = forum;
 		
-		msgs = ForumManager.getInstance().getMessagesByForum(forum);
+		msgs = forumManager.getMessagesByForum(forum);
 		forumOres = OresHelper.createOLATResourceableInstance(Forum.class,forum.getKey());
 		
 		mainVC = createVelocityContainer("filter_for_user");
@@ -300,7 +304,7 @@ public class FilterForUserController extends BasicController {
 			Map<String, Object> messageMap = getMessageMapFromCommand(ureq.getIdentity(), command);
 			Long messageId = (Long) messageMap.get("id");
 			
-			Message selectedMessage = ForumManager.getInstance().findMessage(messageId);
+			Message selectedMessage = forumManager.loadMessage(messageId);
 			if (selectedMessage != null) {
 				if (command.startsWith("open_in_thread_")) {
 					fireEvent(ureq, new OpenMessageInThreadEvent(selectedMessage));

--- a/src/main/java/org/olat/modules/fo/ForumController.java
+++ b/src/main/java/org/olat/modules/fo/ForumController.java
@@ -330,7 +330,7 @@ public class ForumController extends BasicController implements GenericEventList
 			Long resId = ores.getResourceableId();
 			if (resId.longValue() != 0) {
 				if (isLogDebugEnabled()) logDebug("messageId=" , ores.getResourceableId().toString());
-				currentMsg = fm.findMessage(ores.getResourceableId());
+				currentMsg = fm.loadMessage(ores.getResourceableId());
 				if (currentMsg != null) {
 					showThreadView(ureq, currentMsg, null);
 					scrollToCurrentMessage();					
@@ -399,7 +399,7 @@ public class ForumController extends BasicController implements GenericEventList
 		
 		Long resId = entries.get(0).getOLATResourceable().getResourceableId();
 		if (resId.longValue() != 0) {
-			currentMsg = fm.findMessage(resId);
+			currentMsg = fm.loadMessage(resId);
 			if (currentMsg != null) {
 				showThreadView(ureq, currentMsg, null);
 				scrollToCurrentMessage();					
@@ -472,7 +472,7 @@ public class ForumController extends BasicController implements GenericEventList
 			Map<String, Object> messageMap = getMessageMapFromCommand(ureq.getIdentity(), command);
 			Long messageId = (Long) messageMap.get("id");
 			
-			Message updatedMessage = fm.findMessage(messageId);
+			Message updatedMessage = fm.loadMessage(messageId);
 			if (updatedMessage!=null) {
 				currentMsg = updatedMessage;
 				// now dispatch the commands
@@ -584,7 +584,7 @@ public class ForumController extends BasicController implements GenericEventList
 					msgEditCtr.persistTempUploadedFiles(currentMsg);
 				} else if (msgEditCtr.getLastEditModus().equals(MessageEditController.EDITMODE_EDITMSG)){
 					// edit done -> save 
-					Message updatedMessage = fm.findMessage(currentMsg.getKey());
+					Message updatedMessage = fm.loadMessage(currentMsg.getKey());
 					if(updatedMessage!=null) {
 					  doEditMessage(ureq);
 					  //file persisting is done already, as a msg-key was known during edit.
@@ -593,7 +593,7 @@ public class ForumController extends BasicController implements GenericEventList
 					}
 				} else if (msgEditCtr.getLastEditModus().equals(MessageEditController.EDITMODE_REPLYMSG)){
 					// reply done -> save
-					Message updatedMessage = fm.findMessage(currentMsg.getKey());
+					Message updatedMessage = fm.loadMessage(currentMsg.getKey());
 				  if(updatedMessage!=null) {	
 					  doReplyMessage(ureq);
 					  msgEditCtr.persistTempUploadedFiles(currentMsg);

--- a/src/main/java/org/olat/modules/fo/ForumManager.java
+++ b/src/main/java/org/olat/modules/fo/ForumManager.java
@@ -395,13 +395,13 @@ public class ForumManager extends BasicManager {
 	 * @return the message with the given messageKey
 	 */
 	public Message loadMessage(Long messageKey) {
-		Message msg = doloadMessage(messageKey);
-		return msg;
-	}
-
-	private Message doloadMessage(Long messageKey) {
-		Message msg = DBFactory.getInstance().loadObject(MessageImpl.class, messageKey);
-		return msg;
+		StringBuilder sb = new StringBuilder();
+		sb.append("select msg from ").append(MessageImpl.class.getName()).append(" msg where msg.key=:messageKey");
+		List<Message> messages = dbInstance.getCurrentEntityManager()
+				.createQuery(sb.toString(), Message.class)
+				.setParameter("messageKey", messageKey)
+				.getResultList();
+		return messages == null || messages.isEmpty() ? null : messages.get(0);
 	}

 	private void saveMessage(Message m) {
@@ -576,10 +576,6 @@ public class ForumManager extends BasicManager {
 		return fContainer;
 	}
 	
-	public Message findMessage(Long messageId) {
-		return DBFactory.getInstance().findObject(MessageImpl.class, messageId);
-	}
-	
 	/**
 	 * Splits the current thread starting from the current message.
 	 * It updates the messages of the selected subthread by setting the Parent and the Threadtop.
@@ -710,7 +706,7 @@ public class ForumManager extends BasicManager {
 	 */
 	public void markAsRead(Identity identity,Message msg) {		
 		//Check if the message was not already deleted
-		Message retrievedMessage = findMessage(msg.getKey());
+		Message retrievedMessage = loadMessage(msg.getKey());
 		if(retrievedMessage!=null) {
 			ReadMessageImpl readMessage = new ReadMessageImpl();
 			readMessage.setIdentity(identity);

--- a/src/main/java/org/olat/user/restapi/UserAuthenticationWebService.java
+++ b/src/main/java/org/olat/user/restapi/UserAuthenticationWebService.java
@@ -19,11 +19,16 @@
 */
 package org.olat.user.restapi;

+import static org.olat.restapi.security.RestSecurityHelper.getIdentity;
+import static org.olat.restapi.security.RestSecurityHelper.isAdmin;
+import static org.olat.restapi.security.RestSecurityHelper.isUserManager;
+
 import java.util.List;

 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
+import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
@@ -38,9 +43,11 @@ import javax.ws.rs.core.Response.Status;
 import org.olat.basesecurity.Authentication;
 import org.olat.basesecurity.BaseSecurity;
 import org.olat.basesecurity.BaseSecurityManager;
+import org.olat.core.CoreSpringFactory;
 import org.olat.core.id.Identity;
 import org.olat.core.logging.OLog;
 import org.olat.core.logging.Tracing;
+import org.olat.login.auth.OLATAuthManager;
 import org.olat.restapi.security.RestSecurityHelper;
 import org.olat.restapi.support.ObjectFactory;
 import org.olat.restapi.support.vo.AuthenticationVO;
@@ -59,9 +66,9 @@ public class UserAuthenticationWebService {
 	
 	/**
 	 * The version of the User Authentication Web Service
-   * @response.representation.200.mediaType text/plain
-   * @response.representation.200.doc The version of this specific Web Service
-   * @response.representation.200.example 1.0
+	 * @response.representation.200.mediaType text/plain
+	 * @response.representation.200.doc The version of this specific Web Service
+	 * @response.representation.200.example 1.0
 	 * @return The version number
 	 */
 	@GET
@@ -74,19 +81,19 @@ public class UserAuthenticationWebService {
 	/**
 	 * Returns all user authentications
 	 * @response.representation.200.qname {http://www.example.com}authenticationVO
-   * @response.representation.200.mediaType application/xml, application/json
-   * @response.representation.200.doc The list of all users in the OLAT system
-   * @response.representation.200.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVOes}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The list of all users in the OLAT system
+	 * @response.representation.200.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVOes}
 	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
-   * @response.representation.404.doc The identity not found
-   * @param username The username of the user to retrieve authentication
-   * @param request The HTTP request
+	 * @response.representation.404.doc The identity not found
+	 * @param username The username of the user to retrieve authentication
+	 * @param request The HTTP request
 	 * @return
 	 */
 	@GET
 	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
 	public Response getAuthenticationTokenList(@PathParam("username") String username, @Context HttpServletRequest request) {
-		if(!RestSecurityHelper.isUserManager(request)) {
+		if(!isUserManager(request)) {
 			return Response.serverError().status(Status.UNAUTHORIZED).build();
 		}
 		
@@ -107,15 +114,15 @@ public class UserAuthenticationWebService {
 	/**
 	 * Creates and persists an authentication
 	 * @response.representation.qname {http://www.example.com}authenticationVO
-   * @response.representation.mediaType application/xml, application/json
-   * @response.representation.doc An authentication to save
-   * @response.representation.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc An authentication to save
+	 * @response.representation.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
 	 * @response.representation.200.qname {http://www.example.com}authenticationVO
-   * @response.representation.200.mediaType application/xml, application/json
-   * @response.representation.200.doc The saved authentication
-   * @response.representation.200.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The saved authentication
+	 * @response.representation.200.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
 	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
-   * @response.representation.404.doc The identity not found
+	 * @response.representation.404.doc The identity not found
 	 * @param username The username of the user
 	 * @param authenticationVO The authentication object to persist
 	 * @param request The HTTP request
@@ -149,37 +156,12 @@ public class UserAuthenticationWebService {
 		AuthenticationVO savedAuth = ObjectFactory.get(authentication, true);
 		return Response.ok(savedAuth).build();
 	}
-	
-	/**
-	 * Fallback method for browsers
-	 * @response.representation.qname {http://www.example.com}authenticationVO
-   * @response.representation.mediaType application/xml, application/json
-   * @response.representation.doc An authentication to save
-   * @response.representation.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
-	 * @response.representation.200.qname {http://www.example.com}authenticationVO
-   * @response.representation.200.mediaType application/xml, application/json
-   * @response.representation.200.doc The saved authentication
-   * @response.representation.200.example {@link org.olat.restapi.support.vo.Examples#SAMPLE_AUTHVO}
-	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
-   * @response.representation.404.doc The identity not found
-	 * @param username The username of the user
-	 * @param authenticationVO The authentication object to persist
-	 * @param request The HTTP request
-	 * @return the saved authentication
-	 */
-	@POST
-	@Path("new")
-	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
-	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
-	public Response createPost(@PathParam("username") String username, AuthenticationVO authenticationVO, @Context HttpServletRequest request) {
-		return create(username, authenticationVO, request);
-	}

 	/**
 	 * Deletes an authentication from the system
-   * @response.representation.200.doc The authentication successfully deleted
+	 * @response.representation.200.doc The authentication successfully deleted
 	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
-   * @response.representation.404.doc The identity or the authentication not found
+	 * @response.representation.404.doc The identity or the authentication not found
 	 * @param username The username of the user
 	 * @param authKey The authentication key identifier
 	 * @param request The HTTP request
@@ -189,7 +171,7 @@ public class UserAuthenticationWebService {
 	@DELETE
 	@Path("{authKey}")
 	public Response delete(@PathParam("username") String username, @PathParam("authKey") Long authKey, @Context HttpServletRequest request) {
-		if(!RestSecurityHelper.isUserManager(request)) {
+		if(!isUserManager(request)) {
 			return Response.serverError().status(Status.UNAUTHORIZED).build();
 		}
 		BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
@@ -208,19 +190,37 @@ public class UserAuthenticationWebService {
 	}
 	
 	/**
-	 * Fallback method for browsers
-	 * @response.representation.200.doc The authentication successfully deleted
+	 * Change the password of a user.
+	 * 
+	 * @response.representation.200.doc The password successfully changed
+	 * @response.representation.304.doc The password was not changed
 	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
-   * @response.representation.404.doc The identity or the authentication not found
-	 * @param username The username of the user
-	 * @param authKey The authentication key identifier
+	 * @response.representation.404.doc The identity or the authentication not found
+	 * @param username The username of the user to change the password
+	 * @param newPassword The new password
 	 * @param request The HTTP request
-	 * @return <code>Response</code> object. The operation status (success or
-	 *         fail)
+	 * @return <code>Response</code> object. The operation status (success or fail)
 	 */
 	@POST
-	@Path("{authKey}/delete")
-	public Response deletePost(@PathParam("username") String username, @PathParam("authKey") Long authKey, @Context HttpServletRequest request) {
-		return delete(username, authKey, request);
+	@Path("password")
+	public Response changePassword(@PathParam("username") String username, @FormParam("newPassword") String newPassword,
+			@Context HttpServletRequest request) {
+		if(!isAdmin(request)) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		Identity doer = getIdentity(request);
+		if(doer == null) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		
+		BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
+		Identity identity = baseSecurity.findIdentityByName(username);
+		if(identity == null) {
+			return Response.serverError().status(Status.NOT_FOUND).build();
+		}
+		
+		OLATAuthManager authManager = CoreSpringFactory.getImpl(OLATAuthManager.class);
+		boolean ok = authManager.changePassword(doer, identity, newPassword);
+		return (ok ? Response.ok() : Response.notModified()).build();
 	}
 }
--- a/src/test/java/org/olat/restapi/UserAuthenticationMgmtTest.java
+++ b/src/test/java/org/olat/restapi/UserAuthenticationMgmtTest.java
@@ -41,23 +41,32 @@ import java.util.List;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriBuilder;

+import junit.framework.Assert;
+
 import org.apache.http.HttpResponse;
 import org.apache.http.client.methods.HttpDelete;
 import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpPut;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.codehaus.jackson.map.ObjectMapper;
 import org.codehaus.jackson.type.TypeReference;
-import org.junit.After;
-import org.junit.Before;
 import org.junit.Test;
 import org.olat.basesecurity.Authentication;
 import org.olat.basesecurity.BaseSecurity;
 import org.olat.basesecurity.BaseSecurityManager;
+import org.olat.core.commons.persistence.DB;
 import org.olat.core.commons.persistence.DBFactory;
 import org.olat.core.id.Identity;
+import org.olat.core.logging.OLog;
+import org.olat.core.logging.Tracing;
 import org.olat.core.util.Encoder;
+import org.olat.login.auth.OLATAuthManager;
 import org.olat.restapi.support.vo.AuthenticationVO;
+import org.olat.test.JunitTestHelper;
 import org.olat.test.OlatJerseyTestCase;
+import org.springframework.beans.factory.annotation.Autowired;

 /**
 * 
@@ -70,27 +79,17 @@ import org.olat.test.OlatJerseyTestCase;
 */
 public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 	
-	private RestConnection conn;
+	private static final OLog log = Tracing.createLoggerFor(UserAuthenticationMgmtTest.class);
 	
-	@Before
-	public void startup() {
-		conn = new RestConnection();
-	}
+	@Autowired
+	private DB dbInstance;
+	@Autowired
+	private OLATAuthManager authManager;
 	
-  @After
-	public void tearDown() throws Exception {
-		try {
-			if(conn != null) {
-				conn.shutdown();
-			}
-		} catch (Exception e) {
-      e.printStackTrace();
-      throw e;
-		}
-	}
 	
 	@Test
-	public void testGetAuthentications() throws IOException, URISyntaxException {
+	public void getAuthentications() throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
 		assertTrue(conn.login("administrator", "openolat"));
 		
 		URI request = UriBuilder.fromUri(getContextURI()).path("/users/administrator/auth").build();
@@ -101,11 +100,13 @@ public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 		List<AuthenticationVO> vos = parseAuthenticationArray(body);
 		assertNotNull(vos);
 		assertFalse(vos.isEmpty());
-		
+
+		conn.shutdown();
 	}
 	
 	@Test
-	public void testCreateAuthentications() throws IOException, URISyntaxException {
+	public void createAuthentications() throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
 		BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
 		Identity adminIdent = baseSecurity.findIdentityByName("administrator");
 		try {
@@ -130,11 +131,10 @@ public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
 		conn.addJsonEntity(method, vo);

-    HttpResponse response = conn.execute(method);
-    assertTrue(response.getStatusLine().getStatusCode() == 200 || response.getStatusLine().getStatusCode() == 201);
-    AuthenticationVO savedAuth = conn.parse(response, AuthenticationVO.class);
-    Authentication refAuth = baseSecurity.findAuthentication(adminIdent, "REST-API");
-    
+		HttpResponse response = conn.execute(method);
+		assertTrue(response.getStatusLine().getStatusCode() == 200 || response.getStatusLine().getStatusCode() == 201);
+		AuthenticationVO savedAuth = conn.parse(response, AuthenticationVO.class);
+		Authentication refAuth = baseSecurity.findAuthentication(adminIdent, "REST-API");

 		assertNotNull(refAuth);
 		assertNotNull(refAuth.getKey());
@@ -147,10 +147,13 @@ public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 		assertEquals(refAuth.getIdentity().getKey(), savedAuth.getIdentityKey());
 		assertEquals(refAuth.getProvider(), savedAuth.getProvider());
 		assertEquals(refAuth.getCredential(), savedAuth.getCredential());
+		
+		conn.shutdown();
 	}
 	
 	@Test
-	public void testDeleteAuthentications() throws IOException, URISyntaxException {
+	public void deleteAuthentications() throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
 		assertTrue(conn.login("administrator", "openolat"));
 		
 		//create an authentication token
@@ -165,10 +168,36 @@ public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 		HttpDelete method = conn.createDelete(request, MediaType.APPLICATION_XML);
 		HttpResponse response = conn.execute(method);
 		assertEquals(200, response.getStatusLine().getStatusCode());
-		
+		EntityUtils.consume(response.getEntity());
 		
 		Authentication refAuth = baseSecurity.findAuthentication(adminIdent, "REST-A-2");
 		assertNull(refAuth);
+		
+		conn.shutdown();
+	}
+	
+	@Test
+	public void changePassword() throws IOException, URISyntaxException {
+		Identity user = JunitTestHelper.createAndPersistIdentityAsRndUser("rest-chg-pwd");
+		dbInstance.commitAndCloseSession();
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+
+		URI request = UriBuilder.fromUri(getContextURI())
+				.path("users").path(user.getName()).path("auth").path("password")
+				.build();
+		HttpPost method = conn.createPost(request, "*/*");
+		conn.addEntity(method, new BasicNameValuePair("newPassword", "top-secret"));
+		HttpResponse response = conn.execute(method);
+		Assert.assertNotNull(response);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		EntityUtils.consume(response.getEntity());
+		
+		//check
+		Identity reloadedUser = authManager.authenticate(user, user.getName(), "top-secret");
+		Assert.assertNotNull(reloadedUser);
+		Assert.assertEquals(user, reloadedUser);
 	}
 	
 	private List<AuthenticationVO> parseAuthenticationArray(InputStream body) {
@@ -176,7 +205,7 @@ public class UserAuthenticationMgmtTest extends OlatJerseyTestCase {
 			ObjectMapper mapper = new ObjectMapper(jsonFactory); 
 			return mapper.readValue(body, new TypeReference<List<AuthenticationVO>>(){/* */});
 		} catch (Exception e) {
-			e.printStackTrace();
+			log.error("Cannot parse an array of AuthenticationVO", e);
 			return null;
 		}
 	}