ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSOAPAuth.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
25 include_once("Auth/Auth.php");
26 include_once("./webservice/soap/lib/nusoap.php");
27 
34 class ilSOAPAuth extends Auth
35 {
36  var $valid = array();
37 
42  function ilSOAPAuth($a_params)
43  {
44  if ($a_params["sessionName"] != "")
45  {
46  parent::Auth("", array("sessionName" => $a_params["sessionName"]));
47  }
48  else
49  {
50  parent::Auth("");
51  }
52 
53  $this->server_hostname = $a_params["server_hostname"];
54  $this->server_port = (int) $a_params["server_port"];
55  $this->server_uri = $a_params["server_uri"];
56  $this->namespace = $a_params["namespace"];
57  $this->use_dotnet = $a_params["use_dotnet"];
58  if ($a_params["https"])
59  {
60  $this->https = true;
61  $uri = "https://";
62  }
63  else
64  {
65  $this->https = false;
66  $uri = "http://";
67  }
68 
69  $uri.= $this->server_hostname;
70 
71  if ($this->server_port > 0)
72  {
73  $uri.= ":".$this->server_port;
74  }
75 
76  if ($this->server_uri != "")
77  {
78  $uri.= "/".$this->server_uri;
79  }
80 
81  $this->uri = $uri;
82 
83  $this->soap_client = new soap_client($this->uri);
84 //echo "<br>== Get SOAP client ==";
85 //echo "<br>SOAP client with URI: ".$this->uri."<br>";
86  if ($err = $this->soap_client->getError())
87  {
88  die("SOAP Authentication Initialisation Error: ".$err);
89  }
90  }
91 
95  static function testConnection($a_ext_uid, $a_soap_pw, $a_new_user)
96  {
97  global $ilSetting;
98 
99  $settings = $ilSetting->getAll();
100 
101  $server_hostname = $settings["soap_auth_server"];
102  $server_port = (int) $settings["soap_auth_port"];
103  $server_uri = $settings["soap_auth_uri"];
104  $namespace = $settings["soap_auth_namespace"];
105  $use_dotnet = $settings["soap_auth_use_dotnet"];
106  if ($settings["soap_auth_use_https"])
107  {
108  $uri = "https://";
109  }
110  else
111  {
112  $uri = "http://";
113  }
114 
115  $uri.= $server_hostname;
116 
117  if ($server_port > 0)
118  {
119  $uri.= ":".$server_port;
120  }
121 
122  if ($server_uri != "")
123  {
124  $uri.= "/".$server_uri;
125  }
126 
127  $soap_client = new soap_client($uri);
128  if ($err = $soap_client->getError())
129  {
130  return "SOAP Authentication Initialisation Error: ".$err;
131  }
132 
133  $soapAction = "";
134  $nspref = "";
135  if ($use_dotnet)
136  {
137  $soapAction = $namespace."/isValidSession";
138  $nspref = "ns1:";
139  }
140 
141  $valid = $soap_client->call('isValidSession',
142  array($nspref.'ext_uid' => $a_ext_uid,
143  $nspref.'soap_pw' => $a_soap_pw,
144  $nspref.'new_user' => $a_new_user),
145  $namespace,
146  $soapAction);
147 
148  return
149  "<br>== Request ==".
150  '<br><pre>' . htmlspecialchars(str_replace("\" ", "\"\n ", str_replace(">", ">\n", $soap_client->request)), ENT_QUOTES) . '</pre><br>'.
151  "<br>== Response ==".
152  "<br>Valid: -".$valid["valid"]."-".
153  '<br><pre>' . htmlspecialchars(str_replace("\" ", "\"\n ", str_replace(">", ">\n", $soap_client->response)), ENT_QUOTES) . '</pre>';
154  }
155 
161  function validateSOAPUser($a_ext_uid, $a_soap_pw)
162  {
163  // check whether external user exists in ILIAS database
164  $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_ext_uid);
165 
166  if ($local_user == "")
167  {
168  $new_user = true;
169  }
170  else
171  {
172  $new_user = false;
173  }
174 
175  $soapAction = "";
176  $nspref = "";
177  if ($this->use_dotnet)
178  {
179  $soapAction = $this->namespace."/isValidSession";
180  $nspref = "ns1:";
181  }
182 
183  $valid = $this->soap_client->call('isValidSession',
184  array($nspref.'ext_uid' => $a_ext_uid,
185  $nspref.'soap_pw' => $a_soap_pw,
186  $nspref.'new_user' => $new_user),
187  $this->namespace,
188  $soapAction);
189 
190 //echo "<br>== Request ==";
191 //echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
192 //echo "<br>== Response ==";
193 //echo "<br>Valid: -".$valid["valid"]."-";
194 //echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
195 
196  if (trim($valid["valid"]) == "false")
197  {
198  $valid["valid"] = false;
199  }
200 
201  // to do check SOAP error!?
202  $valid["local_user"] = $local_user;
203 
204  $this->valid = $valid;
205 
206  return $valid;
207  }
208 
212  function getValidationData()
213  {
214  return $this->valid;
215  }
216 
223  function login()
224  {
225  global $ilias, $rbacadmin, $lng, $ilSetting;
226 
227  if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
228  {
229  $this->status = AUTH_WRONG_LOGIN;
230  return;
231  }
232 
233  $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
234 
235  if (!$validation_data["valid"])
236  {
237  $this->status = AUTH_WRONG_LOGIN;
238  return;
239  }
240 
241  $local_user = $validation_data["local_user"];
242 
243  if ($local_user != "")
244  {
245  // to do: handle update of user
246  $this->setAuth($local_user);
247  }
248  else
249  {
250  if (!$ilSetting->get("soap_auth_create_users"))
251  {
252  $this->status = AUTH_SOAP_NO_ILIAS_USER;
253  $this->logout();
254  return;
255  }
256 //echo "1";
257  // try to map external user via e-mail to ILIAS user
258  if ($validation_data["email"] != "")
259  {
260 //echo "2";
261 //var_dump ($_POST);
262  $email_user = ilObjUser::_getLocalAccountsForEmail($validation_data["email"]);
263 
264  // check, if password has been provided in user mapping screen
265  // (see ilStartUpGUI::showUserMappingSelection)
266  if ($_POST["LoginMappedUser"] != "")
267  {
268  if (count($email_user) > 0)
269  {
270  if (ilObjUser::_checkPassword($_POST["usr_id"], $_POST["password"]))
271  {
272  // password is correct -> map user
273  //$this->setAuth($local_user); (use login not id)
274  ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
275  ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
276  $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
277  $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
278  $this->status = "";
279  $this->setAuth($local_user);
280  return;
281  }
282  else
283  {
284 //echo "6"; exit;
285  $this->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
286  $this->sub_status = AUTH_WRONG_LOGIN;
287  $this->logout();
288  return;
289  }
290  }
291  }
292 
293  if (count($email_user) > 0 && $_POST["CreateUser"] == "")
294  {
295  $_GET["email"] = $validation_data["email"];
296  $this->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
297  $this->logout();
298  return;
299  }
300  }
301 
302  $userObj = new ilObjUser();
303 
304  $local_user = ilAuthUtils::_generateLogin($_GET["ext_uid"]);
305 
306  $newUser["firstname"] = $validation_data["firstname"];
307  $newUser["lastname"] = $validation_data["lastname"];
308  $newUser["email"] = $validation_data["email"];
309 
310  $newUser["login"] = $local_user;
311 
312  // to do: set valid password and send mail
313  $newUser["passwd"] = "";
314  $newUser["passwd_type"] = IL_PASSWD_MD5;
315 
316  // generate password, if local authentication is allowed
317  // and account mail is activated
318  $pw = "";
319 
320  if ($ilSetting->get("soap_auth_allow_local") &&
321  $ilSetting->get("soap_auth_account_mail"))
322  {
323  $pw = ilUtil::generatePasswords(1);
324  $pw = $pw[0];
325  $newUser["passwd"] = md5($pw);
326  $newUser["passwd_type"] = IL_PASSWD_MD5;
327  }
328 
329  //$newUser["gender"] = "m";
330  $newUser["auth_mode"] = "soap";
331  $newUser["ext_account"] = $_GET["ext_uid"];
332  $newUser["profile_incomplete"] = 1;
333 
334  // system data
335  $userObj->assignData($newUser);
336  $userObj->setTitle($userObj->getFullname());
337  $userObj->setDescription($userObj->getEmail());
338 
339  // set user language to system language
340  $userObj->setLanguage($lng->lang_default);
341 
342  // Time limit
343  $userObj->setTimeLimitOwner(7);
344  $userObj->setTimeLimitUnlimited(1);
345  $userObj->setTimeLimitFrom(time());
346  $userObj->setTimeLimitUntil(time());
347 
348  // Create user in DB
349  $userObj->setOwner(6);
350  $userObj->create();
351  $userObj->setActive(1, 6);
352 
353  $userObj->updateOwner();
354 
355  //insert user data in table user_data
356  $userObj->saveAsNew(false);
357 
358  // setup user preferences
359  $userObj->writePrefs();
360 
361  // to do: test this
362  $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
363 
364  // send account mail
365  if ($ilSetting->get("soap_auth_account_mail"))
366  {
367  include_once('./Services/User/classes/class.ilObjUserFolder.php');
368  $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
369  if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
370  {
371  include_once("Services/Mail/classes/class.ilAccountMail.php");
372  $acc_mail = new ilAccountMail();
373 
374  if ($pw != "")
375  {
376  $acc_mail->setUserPassword($pw);
377  }
378  $acc_mail->setUser($userObj);
379  $acc_mail->send();
380  }
381  }
382 
383  unset($userObj);
384 
385  $this->setAuth($local_user);
386 
387  }
388  }
389 
398 /*
399  function setAuth($username)
400  {
401  $session = &Auth::_importGlobalVariable('session');
402 
403  if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
404  session_register($this->_sessionName);
405  }
406 
407  if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
408  $session[$this->_sessionName] = array();
409  }
410 
411  if(!isset($session[$this->_sessionName]['data'])){
412  $session[$this->_sessionName]['data'] = array();
413  }
414  $session[$this->_sessionName]['registered'] = true;
415  $session[$this->_sessionName]['username'] = $username;
416  $session[$this->_sessionName]['timestamp'] = time();
417  $session[$this->_sessionName]['idle'] = time();
418  }
419 */
420 
431  function logout()
432  {
433  parent::logout();
434  }
435 
442 /*
443  function getUsername()
444  {
445  $session = &$this->_importGlobalVariable('session');
446  if (!isset($session[$this->_sessionName]['username'])) {
447  return '';
448  }
449  return $session[$this->_sessionName]['username'];
450  }
451 */
452 
459 /*
460  function getStatus()
461  {
462 
463  return $status;
464  }
465 */
466 
474 /*
475  function &_importGlobalVariable($variable)
476  {
477  $var = null;
478 
479  switch (strtolower($variable)) {
480 
481  case 'server' :
482  if (isset($_SERVER)) {
483  $var = &$_SERVER;
484  } else {
485  $var = &$GLOBALS['HTTP_SERVER_VARS'];
486  }
487  break;
488 
489  case 'session' :
490  if (isset($_SESSION)) {
491  $var = &$_SESSION;
492  } else {
493  $var = &$GLOBALS['HTTP_SESSION_VARS'];
494  }
495  break;
496 
497  case 'post' :
498  if (isset($_POST)) {
499  $var = &$_POST;
500  } else {
501  $var = &$GLOBALS['HTTP_POST_VARS'];
502  }
503  break;
504 
505  case 'cookie' :
506  if (isset($_COOKIE)) {
507  $var = &$_COOKIE;
508  } else {
509  $var = &$GLOBALS['HTTP_COOKIE_VARS'];
510  }
511  break;
512 
513  case 'get' :
514  if (isset($_GET)) {
515  $var = &$_GET;
516  } else {
517  $var = &$GLOBALS['HTTP_GET_VARS'];
518  }
519  break;
520 
521  default:
522  break;
523 
524  }
525 
526  return $var;
527  }
528 */
529 } // END class.ilCASAuth
530 ?>