ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Protected Attributes
ilAuthContainerSOAP Class Reference

Authentication against external SOAP server More...

+ Inheritance diagram for ilAuthContainerSOAP:
+ Collaboration diagram for ilAuthContainerSOAP:

Public Member Functions

 __construct ()
 Constructor.
 initClient ()
 Init soap client.
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 Call is isValidSession of soap server.
 loginObserver ($a_username, $a_auth)
 Called after login and successful call of fetch data.
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor.
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password.
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication.
 getCryptType ()
 Returns the crypt current crypt type of the container.
 listUsers ()
 List all users that are available from the storage container.
 getUser ($username)
 Returns a user assoc array.
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container.
 removeUser ($username)
 Remove user from the storage container.
 changePassword ($username, $password)
 Change password for user in the storage container.
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log.
- Public Member Functions inherited from ilAuthContainerBase
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests.
 logoutObserver ($a_username, $a_auth)
 Called after logout.

Protected Attributes

 $server_host = null
 $server_port = null
 $server_uri = null
 $server_https = null
 $server_nms = null
 $use_dot_net = null
 $uri = null
 $client = null
 $response = null

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container.
 $_auth_obj = null
 The Auth object this container is attached to.

Detailed Description

Authentication against external SOAP server

Todo:
This class should inherit either from Auth_Container_SOAP or Auth_Container_SOAP5
Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$id$

Definition at line 35 of file class.ilAuthContainerSOAP.php.

Constructor & Destructor Documentation

ilAuthContainerSOAP::__construct ( )

Constructor.

Definition at line 52 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, and initClient().

{
$_POST['username'] = $_GET['ext_uid'];
$_POST['password'] = $_GET['soap_pw'];
parent::__construct();
$this->initClient();
}

+ Here is the call graph for this function:

Member Function Documentation

ilAuthContainerSOAP::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)

Call is isValidSession of soap server.

Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Reimplemented from Auth_Container.

Definition at line 97 of file class.ilAuthContainerSOAP.php.

References $GLOBALS, $new_user, $valid, and ilObjUser\_checkExternalAuthAccount().

{
$GLOBALS['ilLog']->write(__METHOD__.': Soap auth fetch data');
// check whether external user exists in ILIAS database
$local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
if ($local_user == "")
{
$new_user = true;
}
else
{
$new_user = false;
}
$soapAction = "";
$nspref = "";
if ($this->use_dotnet)
{
$soapAction = $this->server_nms."/isValidSession";
$nspref = "ns1:";
}
$valid = $this->client->call('isValidSession',
array($nspref.'ext_uid' => $a_username,
$nspref.'soap_pw' => $a_password,
$nspref.'new_user' => $new_user),
$this->server_nms,
$soapAction);
//echo "<br>== Request ==";
//echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
//echo "<br>== Response ==";
//echo "<br>Valid: -".$valid["valid"]."-";
//echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
if (trim($valid["valid"]) == "false")
{
$valid["valid"] = false;
}
// to do check SOAP error!?
$valid["local_user"] = $local_user;
$this->response = $valid;
return $valid['valid'] == true;
}

+ Here is the call graph for this function:

ilAuthContainerSOAP::initClient ( )

Init soap client.

Returns

Definition at line 65 of file class.ilAuthContainerSOAP.php.

References $ilSetting, and $server_host.

Referenced by __construct().

{
global $ilSetting;
$this->server_host = $ilSetting->get('soap_auth_server');
$this->server_port = $ilSetting->get('soap_auth_port');
$this->server_uri = $ilSetting->get('soap_auth_uri');
$this->server_https = $ilSetting->get('soap_auth_use_https');
$this->server_nms = $ilSetting->get('soap_auth_namespace');
$this->use_dot_net = $ilSetting->get('use_dotnet');
$this->uri = $this->server_https ? 'https://' : 'http://';
$this->uri .= $this->server_host;
if($this->server_port > 0)
{
$this->uri .= (':'.$this->server_port);
}
if($this->server_uri)
{
$this->uri .= ('/'.$this->server_uri);
}
$this->client = new nusoap_client($this->uri);
}

+ Here is the caller graph for this function:

ilAuthContainerSOAP::loginObserver (   $a_username,
  $a_auth 
)

Called after login and successful call of fetch data.

Returns
Parameters
object$a_username
object$a_auth

Reimplemented from ilAuthContainerBase.

Definition at line 149 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, $GLOBALS, $ilSetting, $lng, ilObjUser\_checkPassword(), ilAuthUtils\_generateLogin(), ilObjUser\_getLocalAccountsForEmail(), ilObjUser\_lookupLogin(), ilObjUserFolder\_lookupNewAccountMail(), ilObjUser\_writeAuthMode(), ilObjUser\_writeExternalAccount(), AUTH_SOAP_NO_ILIAS_USER, AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL, AUTH_WRONG_LOGIN, ilUtil\generatePasswords(), and IL_PASSWD_MD5.

{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__.': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "")
{
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if(!$ilSetting->get("soap_auth_create_users"))
{
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "")
{
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "")
{
if (count($email_user) > 0)
{
if (ilObjUser::_checkPassword($_POST["usr_id"], $_POST["password"]))
{
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
}
else
{
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->sub_status = AUTH_WRONG_LOGIN;
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "")
{
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") &&
$ilSetting->get("soap_auth_account_mail"))
{
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = md5($pw);
$newUser["passwd_type"] = IL_PASSWD_MD5;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail"))
{
include_once('./Services/User/classes/class.ilObjUserFolder.php');
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
{
include_once("Services/Mail/classes/class.ilAccountMail.php");
$acc_mail = new ilAccountMail();
if ($pw != "")
{
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}

+ Here is the call graph for this function:

Field Documentation

ilAuthContainerSOAP::$client = null
protected

Definition at line 46 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$response = null
protected

Definition at line 47 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$server_host = null
protected

Definition at line 37 of file class.ilAuthContainerSOAP.php.

Referenced by initClient().

ilAuthContainerSOAP::$server_https = null
protected

Definition at line 40 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$server_nms = null
protected

Definition at line 41 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$server_port = null
protected

Definition at line 38 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$server_uri = null
protected

Definition at line 39 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$uri = null
protected

Definition at line 44 of file class.ilAuthContainerSOAP.php.

ilAuthContainerSOAP::$use_dot_net = null
protected

Definition at line 42 of file class.ilAuthContainerSOAP.php.

The documentation for this class was generated from the following file: