From c133864f455afacf9abc097efa6ba39ce745464d Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Mon, 17 Aug 2020 20:10:01 +0200
Subject: [PATCH] OO-4794: don't create OLAT token with REST, allow change with
 nickname

---
 .../org/olat/admin/user/UsermanagerUserSearchForm.java     | 4 ++++
 .../java/org/olat/registration/PwChangeController.java     | 7 +++++++
 src/main/java/org/olat/user/UserModule.java                | 4 ++++
 src/main/java/org/olat/user/restapi/UserWebService.java    | 3 ++-
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/olat/admin/user/UsermanagerUserSearchForm.java b/src/main/java/org/olat/admin/user/UsermanagerUserSearchForm.java
index 4fd7d81ca08..9609293badc 100644
--- a/src/main/java/org/olat/admin/user/UsermanagerUserSearchForm.java
+++ b/src/main/java/org/olat/admin/user/UsermanagerUserSearchForm.java
@@ -58,6 +58,7 @@ import org.olat.login.LoginModule;
 import org.olat.login.auth.AuthenticationProvider;
 import org.olat.login.oauth.OAuthLoginModule;
 import org.olat.login.oauth.OAuthSPI;
+import org.olat.shibboleth.ShibbolethDispatcher;
 import org.olat.user.UserManager;
 import org.olat.user.propertyhandlers.EmailProperty;
 import org.olat.user.propertyhandlers.UserPropertyHandler;
@@ -326,6 +327,9 @@ public class UsermanagerUserSearchForm extends FormBasicController {
 					for(OAuthSPI spi:spis) {
 						apl.add(spi.getProviderName());
 					}
+				} else if("ShibGeneric".equals(authKey)) {
+					apl.add(ShibbolethDispatcher.PROVIDER_SHIB);
+					apl.add(authKey);
 				} else {
 					apl.add(authKey);
 				}
diff --git a/src/main/java/org/olat/registration/PwChangeController.java b/src/main/java/org/olat/registration/PwChangeController.java
index 63d1acb38bb..a924eca3676 100644
--- a/src/main/java/org/olat/registration/PwChangeController.java
+++ b/src/main/java/org/olat/registration/PwChangeController.java
@@ -27,6 +27,7 @@ package org.olat.registration;
 
 import java.text.DateFormat;
 import java.util.Date;
+import java.util.List;
 import java.util.Locale;
 
 import org.olat.basesecurity.BaseSecurity;
@@ -323,6 +324,12 @@ public class PwChangeController extends BasicController {
 			// Try fallback with email, maybe user used his email address instead
 			identity = userManager.findUniqueIdentityByEmail(emailOrUsername);
 		}
+		if (identity == null) {
+			List<Identity> identities = userManager.findIdentitiesWithProperty(UserConstants.NICKNAME, emailOrUsername);
+			if(identities != null && identities.size() == 1) {
+				identity = identities.get(0);
+			}
+		}
 		return identity;
 	}
 	
diff --git a/src/main/java/org/olat/user/UserModule.java b/src/main/java/org/olat/user/UserModule.java
index 4f2ef079f9a..0cb94df959f 100644
--- a/src/main/java/org/olat/user/UserModule.java
+++ b/src/main/java/org/olat/user/UserModule.java
@@ -350,6 +350,10 @@ public class UserModule extends AbstractSpringModule {
 		return pwdchangeallowed;
 	}
 	
+	public boolean isPasswordChangeWithoutAuthenticationAllowed() {
+		return pwdChangeWithoutAuthenticationAllowed;
+	}
+	
 	public boolean isLogoByProfileEnabled() {
 		return "enabled".equals(enabledLogoByProfile);
 	}
diff --git a/src/main/java/org/olat/user/restapi/UserWebService.java b/src/main/java/org/olat/user/restapi/UserWebService.java
index f04dfc6c9bd..c247a6b7496 100644
--- a/src/main/java/org/olat/user/restapi/UserWebService.java
+++ b/src/main/java/org/olat/user/restapi/UserWebService.java
@@ -335,9 +335,10 @@ public class UserWebService {
 			User newUser = userManager.createUser(user.getFirstName(), user.getLastName(), user.getEmail());
 			
 			String identityName = securityModule.isIdentityNameAutoGenerated() ? null : user.getLogin();
+			String provider = StringHelper.containsNonWhitespace(user.getPassword()) ? BaseSecurityModule.getDefaultAuthProviderIdentifier() : null;
 			Identity id = securityManager
 					.createAndPersistIdentityAndUserWithOrganisation(identityName, user.getLogin(), user.getExternalId(), newUser,
-							BaseSecurityModule.getDefaultAuthProviderIdentifier(), user.getLogin(), user.getPassword(), null);
+							provider, user.getLogin(), user.getPassword(), null);
 			post(newUser, user, getLocale(request));
 			userManager.updateUser(newUser);
 			return Response.ok(get(id)).build();
-- 
GitLab