ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5
ilAuthBase Class Reference

Base class for all PEAR and ILIAS auth classes. More...

+ Inheritance diagram for ilAuthBase:
+ Collaboration diagram for ilAuthBase:

Public Member Functions

 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Protected Member Functions

 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 

Protected Attributes

 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

◆ checkAuthObserver()

ilAuthBase::checkAuthObserver (   $a_username,
  $a_auth 
)
protected

Called after each check auth request.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 302 of file class.ilAuthBase.php.

References getContainer().

303  {
304  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
305  }
getContainer()
Get container object.
+ Here is the call graph for this function:

◆ checkExceededLoginAttempts()

ilAuthBase::checkExceededLoginAttempts ( \ilObjUser  $user)
protected
Parameters
\ilObjUser$user
Returns
bool

Definition at line 231 of file class.ilAuthBase.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\getActive(), and ilObject\getId().

Referenced by loginObserver().

232  {
233  if(in_array($user->getId(), array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
234  {
235  return true;
236  }
237 
238  $isInactive = !$user->getActive();
239  if(!$isInactive)
240  {
241  return true;
242  }
243 
244  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245  $security = ilSecuritySettings::_getInstance();
246  $maxLoginAttempts = $security->getLoginMaxAttempts();
247 
248  if(!(int)$maxLoginAttempts)
249  {
250  return true;
251  }
252 
253  $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
254 
255  return $numLoginAttempts < $maxLoginAttempts;
256  }
static _getLoginAttempts($a_usr_id)
static _getInstance()
Get instance of ilSecuritySettings.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ failedLoginObserver()

ilAuthBase::failedLoginObserver (   $a_username,
  $a_auth 
)
protected

Called after failed login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 264 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), getContainer(), and ilLoggerFactory\getLogger().

265  {
266  global $ilLog;
267 
268  ilLoggerFactory::getLogger('auth')->info(
269  ': login failed for user '.$a_username.
270  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
271  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
272  );
273 
274  if($a_username)
275  {
276  $usr_id = ilObjUser::_lookupId($a_username);
277  if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
278  {
280  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
281 
282  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
283  $security = ilSecuritySettings::_getInstance();
284  $max_attempts = $security->getLoginMaxAttempts();
285 
286  if((int)$max_attempts && $login_attempts >= $max_attempts)
287  {
289  }
290  }
291  }
292 
293  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
294  }
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
static _incrementLoginAttempts($a_usr_id)
static _lookupId($a_user_str)
Lookup id by login.
getContainer()
Get container object.
static _getLoginAttempts($a_usr_id)
static _setUserInactive($a_usr_id)
static getLogger($a_component_id)
Get component logger.
static _getInstance()
Get instance of ilSecuritySettings.
+ Here is the call graph for this function:

◆ getContainer()

ilAuthBase::getContainer ( )
final

Get container object.

Returns
object ilAuthContainerBase

Definition at line 74 of file class.ilAuthBase.php.

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

75  {
76  return $this->storage;
77  }
+ Here is the caller graph for this function:

◆ getExceededUserName()

ilAuthBase::getExceededUserName ( )

Definition at line 329 of file class.ilAuthBase.php.

References $exceeded_user_name.

330  {
332  }

◆ getSubStatus()

ilAuthBase::getSubStatus ( )

Get sub status.

Returns
type

Definition at line 46 of file class.ilAuthBase.php.

References $sub_status.

47  {
48  return $this->sub_status;
49  }

◆ initAuth()

ilAuthBase::initAuth ( )
finalprotected

Init auth object Enable logging, set callbacks...

Returns
void

Definition at line 84 of file class.ilAuthBase.php.

References AUTH_LOG_DEBUG, ilLoggerFactory\getLogger(), and ilSessionControl\initSession().

Referenced by ilAuthOpenId\__construct(), ilAuthCAS\__construct(), ilAuthSOAP\__construct(), ilAuthWeb\__construct(), ilAuthHTTP\__construct(), ilAuthCalendarToken\__construct(), ilAuthCron\__construct(), ilAuthApache\__construct(), and ilAuthECS\__construct().

85  {
87 
88  $this->enableLogging = false;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging)
92  {
93  ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
94  }
95  $this->setLoginCallback(array($this,'loginObserver'));
96  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98  $this->setLogoutCallback(array($this,'logoutObserver'));
99 
100  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102 
103  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
static initSession()
mark session with type regarding to the context.
static getLogger($a_component_id)
Get component logger.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthBase::loginObserver (   $a_username,
  $a_auth 
)
protected

Called after successful login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 111 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, $ilSetting, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), AUTH_USER_INACTIVE, AUTH_USER_INACTIVE_LOGIN_ATTEMPTS, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, checkExceededLoginAttempts(), ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), and ilUserProfile\isProfileIncomplete().

112  {
113  global $ilLog, $ilAppEventHandler, $ilSetting;
114 
115  if($this->getContainer()->loginObserver($a_username,$a_auth))
116  {
117  // validate user
118  include_once "Services/User/classes/class.ilObjUser.php";
119  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120  if($user_id != ANONYMOUS_USER_ID)
121  {
122  $user = new ilObjUser($user_id);
123 
124  // check if profile is complete
125  include_once "Services/User/classes/class.ilUserProfile.php";
127  {
128  $user->setProfileIncomplete(true);
129  $user->update();
130  }
131 
132  // --- extended user validation
133  //
134  // we only have a single status, so abort after each one
135  // order from highest priority to lowest
136 
137  if(!$this->checkExceededLoginAttempts($user))
138  {
139  $this->status = AUTH_USER_INACTIVE_LOGIN_ATTEMPTS;
140  $a_auth->logout();
141  return;
142  }
143 
144  // active?
145  if(!$user->getActive())
146  {
147  $this->status = AUTH_USER_INACTIVE;
148  $a_auth->logout();
149  return;
150  }
151 
152  // time limit
153  if(!$user->checkTimeLimit())
154  {
155  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
156  // #16327
157  $this->exceeded_user_name = $this->getUserName();
158  $a_auth->logout();
159  return;
160  }
161 
162  // check client ip
163  $clientip = $user->getClientIP();
164  if (trim($clientip) != "")
165  {
166  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
167  $clientip = str_replace(".","\\.",$clientip);
168  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
169  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
170  {
171  $this->status = AUTH_USER_WRONG_IP;
172  $a_auth->logout();
173  return;
174  }
175  }
176 
177  // simultaneous login
178  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
179  ilObjUser::hasActiveSession($user_id))
180  {
181  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
182  $a_auth->logout();
183  return;
184  }
185 
186  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
187  ilOnlineTracking::addUser($user_id);
188 
189  include_once 'Modules/Forum/classes/class.ilObjForum.php';
190  ilObjForum::_updateOldAccess($user_id);
191 
192  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
193  $security_settings = ilSecuritySettings::_getInstance();
194 
195  // determine first login of user for setting an indicator
196  // which still is available in PersonalDesktop, Repository, ...
197  // (last login date is set to current date in next step)
198  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
199  $user->getLastLogin() == null
200  )
201  {
202  $user->resetLastPasswordChange();
203  }
204 
205  $user->refreshLogin();
206 
207  // reset counter for failed logins
209  }
210 
211  // --- anonymous/registered user
212  ilLoggerFactory::getLogger('auth')->info(
213  'logged in as '. $a_auth->getUsername() .
214  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
215  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
216  );
217 
218  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
219 
220  $ilAppEventHandler->raise(
221  'Services/Authentication', 'afterLogin',
222  array('username' => $a_auth->getUsername())
223  );
224  }
225  }
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
const AUTH_USER_INACTIVE
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
const AUTH_USER_WRONG_IP
getContainer()
Get container object.
const AUTH_USER_TIME_LIMIT_EXCEEDED
static _resetLoginAttempts($a_usr_id)
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
static hasActiveSession($a_user_id)
Check for simultaneous login.
loginObserver($a_username, $a_auth)
Called after successful login.
const AUTH_USER_SIMULTANEOUS_LOGIN
global $ilSetting
Definition: privfeed.php:40
static getLogger($a_component_id)
Get component logger.
const AUTH_USER_INACTIVE_LOGIN_ATTEMPTS
static _getInstance()
Get instance of ilSecuritySettings.
checkExceededLoginAttempts(\ilObjUser $user)
+ Here is the call graph for this function:

◆ logoutObserver()

ilAuthBase::logoutObserver (   $a_username,
  $a_auth 
)
protected

Called after logout.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 313 of file class.ilAuthBase.php.

References $ilLog, getContainer(), ilLoggerFactory\getLogger(), and ilSessionControl\handleLogoutEvent().

314  {
315  global $ilLog, $ilAppEventHandler;
316 
317  ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
318 
320 
321  $ilAppEventHandler->raise(
322  'Services/Authentication', 'afterLogout',
323  array('username' => $a_auth->getUsername())
324  );
325 
326  return $this->getContainer()->logoutObserver($a_username,$a_auth);
327  }
getContainer()
Get container object.
static getLogger($a_component_id)
Get component logger.
static handleLogoutEvent()
reset sessions type to unknown
+ Here is the call graph for this function:

◆ setSubStatus()

ilAuthBase::setSubStatus (   $a_sub_status)

Set sub status.

Parameters
type$a_sub_status

Definition at line 55 of file class.ilAuthBase.php.

56  {
57  $this->sub_status = $a_sub_status;
58  }

◆ supportsRedirects()

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Definition at line 65 of file class.ilAuthBase.php.

66  {
67  return true;
68  }

Field Documentation

◆ $exceeded_user_name

ilAuthBase::$exceeded_user_name
protected

Definition at line 39 of file class.ilAuthBase.php.

Referenced by getExceededUserName().

◆ $sub_status

ilAuthBase::$sub_status = null
protected

Definition at line 37 of file class.ilAuthBase.php.

Referenced by getSubStatus().


The documentation for this class was generated from the following file: