From 97d68245ff5e34efc9fd6362f99fed926bcce866 Mon Sep 17 00:00:00 2001
From: gnaegi <none@none>
Date: Wed, 24 Aug 2016 10:39:00 +0200
Subject: [PATCH] OO-2158

---
 .../olat/admin/user/SendTokenToUserForm.java   | 18 ++++++++++++++----
 .../user/_i18n/LocalStrings_de.properties      |  3 ++-
 .../user/_i18n/LocalStrings_en.properties      |  3 ++-
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/olat/admin/user/SendTokenToUserForm.java b/src/main/java/org/olat/admin/user/SendTokenToUserForm.java
index 36d28129f7d..89081c6588e 100644
--- a/src/main/java/org/olat/admin/user/SendTokenToUserForm.java
+++ b/src/main/java/org/olat/admin/user/SendTokenToUserForm.java
@@ -20,6 +20,7 @@
 
 package org.olat.admin.user;
 
+import java.util.List;
 import java.util.Locale;
 
 import org.olat.basesecurity.Authentication;
@@ -130,10 +131,18 @@ public class SendTokenToUserForm extends FormBasicController {
 	
 	private void sendToken(UserRequest ureq, String text) {
 		// mailer configuration
-		// check if user has an OLAT provider token, otherwhise a pwd change makes no sense
-		Authentication auth = BaseSecurityManager.getInstance().findAuthentication(user, BaseSecurityModule.getDefaultAuthProviderIdentifier());
-		if (auth == null) { 
-			showWarning("changeuserpwd.failed");
+		// We allow creation of password token when user has no password so far or when he as an OpenOLAT Password. 
+		// For other cases such as Shibboleth, LDAP, oAuth etc. we don't allow creation of token as this is most 
+		// likely not a desired action.
+		List<Authentication> authentications = BaseSecurityManager.getInstance().getAuthentications(user);
+		boolean isOOpwdAllowed = (authentications.size() == 0);
+		for (Authentication authentication : authentications) {
+			if (authentication.getProvider().equals(BaseSecurityModule.getDefaultAuthProviderIdentifier())) {
+				isOOpwdAllowed = true;
+			}			
+		}		
+		if (!isOOpwdAllowed) { 
+			showWarning("sendtoken.wrong.auth");
 			return;
 		}
 		
@@ -148,6 +157,7 @@ public class SendTokenToUserForm extends FormBasicController {
 		}
 		if(text.indexOf(dummyKey) < 0) {
 			showWarning("changeuserpwd.failed");
+			logWarn("Can not replace temporary registration token in change pwd mail token dialog, user probably changed temporary token in mai template", null);
 			return;
 		}
 		String body = text.replace(dummyKey, tk.getRegistrationKey());
diff --git a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
index 22156a273a2..a04fb3bc98c 100644
--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
@@ -43,7 +43,7 @@ form.password.new2=Passwort best\u00E4tigen
 form.please.enter.new=Bitte geben Sie das neue Passwort f\u00FCr diesen Benutzer ein.
 form.token.new.description=Mit Hilfe der Schaltfl\u00E4che "Passwortlink senden" erstellen Sie einen Passwortlink und senden diesen direkt per Mail an den Benutzer. Mit einem Klick darauf wird das alte Passwort zur\u00FCckgesetzt und der Benutzer kann ein neues Passwort eingeben.
 form.token.new.text=Nachricht
-form.token.new.title=Passwortlink senden
+form.token.new.title=Passwortlink senden f\u00FCr OpenOLAT Passwort
 form.username=Benutzername
 found.property=Property ausgew\u00E4hlt {0}
 header.autocompletion=Suche mit Autovervollst\u00E4ndigen
@@ -119,6 +119,7 @@ search.form.title.user=Einschr\u00E4nkung auf Benutzer
 search.form.userLoginAfterDate=Nutzer hat sich zuletzt angemeldet nach
 search.form.userLoginBeforeDate=Nutzer hat sich zuletzt angemeldet vor
 selectall=$org.olat.core.gui.components.table\:checkall
+sendtoken.wrong.auth=Dieser Benutzer verf\u00FCgt \u00FCber Authentifizierungsmethoden, welche nicht \u00FCber diesen Passwortlink ge\u00E4ndert werden k\u00F6nnen. Bitte pr\u00FCfen und l\u00F6schen Sie diese Authentifizierungsmethoden zuerst. 
 submit.cancel=Abbrechen
 submit.save=Speichern
 submit.search=Suchen
diff --git a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
index 35c7756ce4c..4e815f3b4e5 100644
--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
@@ -43,7 +43,7 @@ form.password.new2=Confirm password
 form.please.enter.new=Please enter a new password for this user
 form.token.new.description=By means of the button "Send password link" you can create a password link and send it via e-mail to your user. When clicking on it an old password will be reset allowing your user to set a new one.
 form.token.new.text=Message
-form.token.new.title=Send password link
+form.token.new.title=Send password link for OpenOLAT password
 form.username=User name
 found.property=Property selected {0}
 header.autocompletion=Search combined with auto-completion
@@ -119,6 +119,7 @@ search.form.title.user=User restrictions
 search.form.userLoginAfterDate=Last user login after
 search.form.userLoginBeforeDate=Last user login before
 selectall=$org.olat.core.gui.components.table\:checkall
+sendtoken.wrong.auth=This user has authentication tokens which can not be changed using this password link. Please review and delete this additional authentication tokens first. 
 submit.cancel=Cancel
 submit.save=Save
 submit.search=Search
-- 
GitLab