OO-2158

97d68245 · gnaegi · dbac5d71 · 97d68245 · 97d68245 · 97d68245
Commit 97d68245 authored 8 years ago by gnaegi
--- a/src/main/java/org/olat/admin/user/SendTokenToUserForm.java
+++ b/src/main/java/org/olat/admin/user/SendTokenToUserForm.java
@@ -20,6 +20,7 @@
 package org.olat.admin.user;
+import java.util.List;
 import java.util.Locale;
 import org.olat.basesecurity.Authentication;
@@ -130,10 +131,18 @@ public class SendTokenToUserForm extends FormBasicController {
 	private void sendToken(UserRequest ureq, String text) {
 		// mailer configuration
-		// check if user has an OLAT provider token, otherwhise a pwd change makes no sense
+		// We allow creation of password token when user has no password so far or when he as an OpenOLAT Password. 
-		Authentication auth = BaseSecurityManager.getInstance().findAuthentication(user, BaseSecurityModule.getDefaultAuthProviderIdentifier());
+		// For other cases such as Shibboleth, LDAP, oAuth etc. we don't allow creation of token as this is most 
-		if (auth == null) { 
+		// likely not a desired action.
-			showWarning("changeuserpwd.failed");
+		List<Authentication> authentications = BaseSecurityManager.getInstance().getAuthentications(user);
+		boolean isOOpwdAllowed = (authentications.size() == 0);
+		for (Authentication authentication : authentications) {
+			if (authentication.getProvider().equals(BaseSecurityModule.getDefaultAuthProviderIdentifier())) {
+				isOOpwdAllowed = true;
+			}			
+		}		
+		if (!isOOpwdAllowed) { 
+			showWarning("sendtoken.wrong.auth");
 			return;
 		}
@@ -148,6 +157,7 @@ public class SendTokenToUserForm extends FormBasicController {
 		}
 		if(text.indexOf(dummyKey) < 0) {
 			showWarning("changeuserpwd.failed");
+			logWarn("Can not replace temporary registration token in change pwd mail token dialog, user probably changed temporary token in mai template", null);
 			return;
 		}
 		String body = text.replace(dummyKey, tk.getRegistrationKey());

--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
@@ -43,7 +43,7 @@ form.password.new2=Passwort best\u00E4tigen
 form.please.enter.new=Bitte geben Sie das neue Passwort f\u00FCr diesen Benutzer ein.
 form.token.new.description=Mit Hilfe der Schaltfl\u00E4che "Passwortlink senden" erstellen Sie einen Passwortlink und senden diesen direkt per Mail an den Benutzer. Mit einem Klick darauf wird das alte Passwort zur\u00FCckgesetzt und der Benutzer kann ein neues Passwort eingeben.
 form.token.new.text=Nachricht
-form.token.new.title=Passwortlink senden
+form.token.new.title=Passwortlink senden f\u00FCr OpenOLAT Passwort
 form.username=Benutzername
 found.property=Property ausgew\u00E4hlt {0}
 header.autocompletion=Suche mit Autovervollst\u00E4ndigen
@@ -119,6 +119,7 @@ search.form.title.user=Einschr\u00E4nkung auf Benutzer
 search.form.userLoginAfterDate=Nutzer hat sich zuletzt angemeldet nach
 search.form.userLoginBeforeDate=Nutzer hat sich zuletzt angemeldet vor
 selectall=$org.olat.core.gui.components.table\:checkall
+sendtoken.wrong.auth=Dieser Benutzer verf\u00FCgt \u00FCber Authentifizierungsmethoden, welche nicht \u00FCber diesen Passwortlink ge\u00E4ndert werden k\u00F6nnen. Bitte pr\u00FCfen und l\u00F6schen Sie diese Authentifizierungsmethoden zuerst. 
 submit.cancel=Abbrechen
 submit.save=Speichern
 submit.search=Suchen

--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
@@ -43,7 +43,7 @@ form.password.new2=Confirm password
 form.please.enter.new=Please enter a new password for this user
 form.token.new.description=By means of the button "Send password link" you can create a password link and send it via e-mail to your user. When clicking on it an old password will be reset allowing your user to set a new one.
 form.token.new.text=Message
-form.token.new.title=Send password link
+form.token.new.title=Send password link for OpenOLAT password
 form.username=User name
 found.property=Property selected {0}
 header.autocompletion=Search combined with auto-completion
@@ -119,6 +119,7 @@ search.form.title.user=User restrictions
 search.form.userLoginAfterDate=Last user login after
 search.form.userLoginBeforeDate=Last user login before
 selectall=$org.olat.core.gui.components.table\:checkall
+sendtoken.wrong.auth=This user has authentication tokens which can not be changed using this password link. Please review and delete this additional authentication tokens first. 
 submit.cancel=Cancel
 submit.save=Save
 submit.search=Search