ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
17 require_once "./Services/Object/classes/class.ilObjectGUI.php";
18 
19 class ilObjAuthSettingsGUI extends ilObjectGUI
20 {
25  function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
26  {
27  $this->type = "auth";
28  $this->ilObjectGUI($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
29 
30  $this->lng->loadLanguageModule('registration');
31 
32  define('LDAP_DEFAULT_PORT',389);
33  define('RADIUS_DEFAULT_PORT',1812);
34 
35  }
36 
37 
38 
39  function viewObject()
40  {
41  // load ilRegistrationSettingsGUI
42 
43  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
44 
45  // Enable tabs
46  $this->tabs_gui->setTabActive('registration_settings');
47 
48  $registration_gui =& new ilRegistrationSettingsGUI();
49  $this->ctrl->setCmdClass('ilregistrationsettingsgui');
50  $this->ctrl->forwardCommand($registration_gui);
51  }
52 
53 
59  function authSettingsObject()
60  {
61  global $rbacsystem, $ilSetting;
62 
63  if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
64  {
65  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
66  }
67 
68  $this->tabs_gui->setTabActive('authentication_settings');
69  $this->setSubTabs('authSettings');
70  $this->tabs_gui->setSubTabActive("auth_settings");
71 
72  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_general.html",
73  "Services/Authentication");
74 
75  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
76  $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
77 
78  $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
79  $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
80  $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
81  $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
82 
83  $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
84  $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
85  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
86 
87  $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
88 
89  $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
90  $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
91 
92  $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
93 
94  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
95  $auth_modes = ilAuthUtils::_getAllAuthModes();
96 
97  foreach($auth_modes as $mode => $mode_name)
98  {
99 //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
100  if ($ilSetting->get('auth_mode') == $mode)
101  {
102  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
103  ((int) $auth_cnt[$mode_name] + $auth_cnt["default"])." (".$this->lng->txt("auth_per_default").
104  ": ".$auth_cnt["default"].")");
105  }
106  else
107  {
108  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
109  (int) $auth_cnt[$mode_name]);
110  }
111  }
112 
113  $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
114  $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
115  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
116  $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
117 
118  // local vars
119  $checked = "checked=\"checked\"";
120  $disabled = "disabled=\"disabled\"";
121  $style_disabled = "_disabled";
122 
123  // icon handlers
124  $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.png")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
125  $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.png")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
126 
127  $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
128 
129  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
130  $this->tpl->setVariable('AUTH_LDAP_ACTIVE',count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
131  #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
132  $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
133  $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
134  $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
135  $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
136  $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
137 
138  // alter style and disable buttons depending on current selection
139  switch ($this->ilias->getSetting('auth_mode'))
140  {
141  case AUTH_LOCAL: // default
142  $this->tpl->setVariable("CHK_LOCAL", $checked);
143  break;
144 
145  case AUTH_LDAP: // LDAP
146  $this->tpl->setVariable("CHK_LDAP", $checked);
147  break;
148 
149  case AUTH_SHIBBOLETH: // SHIB
150  $this->tpl->setVariable("CHK_SHIB", $checked);
151  break;
152 
153  case AUTH_RADIUS: // RADIUS
154  $this->tpl->setVariable("CHK_RADIUS", $checked);
155  break;
156 
157  case AUTH_CAS: // CAS
158  $this->tpl->setVariable("CHK_CAS", $checked);
159  break;
160 
161  case AUTH_SCRIPT: // script
162  $this->tpl->setVariable("CHK_SCRIPT", $checked);
163  break;
164 
165  case AUTH_APACHE: // apache
166  $this->tpl->setVariable("CHK_APACHE", $checked);
167  break;
168  }
169 
170  // auth mode determinitation
171  if($this->initAuthModeDetermination())
172  {
173  $this->tpl->setVariable('TABLE_AUTH_DETERMINATION',$this->form->getHTML());
174  }
175 
176  // roles table
177  $this->tpl->setVariable("FORMACTION_ROLES",
178  $this->ctrl->getFormAction($this));
179  $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
180  $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
181  $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
182  $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
183 
184  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
185  $reg_roles = ilObjRole::_lookupRegisterAllowed();
186 
187  // auth mode selection
188  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
189  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
190 
191  foreach ($reg_roles as $role)
192  {
193  foreach ($active_auth_modes as $auth_name => $auth_key)
194  {
195  // do not list auth modes with external login screen
196  // even not default, because it can easily be set to
197  // a non-working auth mode
198  if ($auth_name == "default" || $auth_name == "cas"
199  || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache')
200  {
201  continue;
202  }
203 
204  $this->tpl->setCurrentBlock("auth_mode_selection");
205 
206  if ($auth_name == 'default')
207  {
208  $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
209  }
210  else
211  {
212  $name = $this->lng->txt('auth_'.$auth_name);
213  }
214 
215  $this->tpl->setVariable("AUTH_MODE_NAME", $name);
216 
217  $this->tpl->setVariable("AUTH_MODE", $auth_name);
218 
219  if ($role['auth_mode'] == $auth_name)
220  {
221  $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
222  }
223 
224  $this->tpl->parseCurrentBlock();
225  } // END auth_mode selection
226 
227  $this->tpl->setCurrentBlock("roles");
228  $this->tpl->setVariable("ROLE", $role['title']);
229  $this->tpl->setVariable("ROLE_ID", $role['id']);
230  $this->tpl->parseCurrentBlock();
231  }
232  }
233 
234 
241  public function loginInfoObject()
242  {
243  global $rbacsystem, $lng,$ilSetting;
244 
245  if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId()))
246  {
247  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
248  }
249 
250  $this->tabs_gui->setTabActive("authentication_settings");
251  $this->setSubTabs("authSettings");
252  $this->tabs_gui->setSubTabActive("auth_login_editor");
253 
254  $lng->loadLanguageModule("meta");
255 
256  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_login_messages.html",
257  "Services/Authentication");
258  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
259  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
260  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
261  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
262  $this->initLoginForm();
263  $this->tpl->setVariable('LOGIN_INFO',$this->form->getHTML());
264  }
265 
266 
267  function cancelObject()
268  {
269  $this->ctrl->redirect($this, "authSettings");
270  }
271 
272  function setAuthModeObject()
273  {
274  global $rbacsystem,$ilSetting;
275 
276  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
277  {
278  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
279  }
280 
281  if (empty($_POST["auth_mode"]))
282  {
283  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
284  }
285 
286  if ($_POST["auth_mode"] == AUTH_DEFAULT)
287  {
288  ilUtil::sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
289  $this->ctrl->redirect($this,'authSettings');
290  }
291 
292  switch ($_POST["auth_mode"])
293  {
294  case AUTH_LDAP:
295 
296  /*
297  if ($this->object->checkAuthLDAP() !== true)
298  {
299  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
300  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP", "", false, false)));
301  }
302  */
303  break;
304 
305  case AUTH_SHIB:
306  if ($this->object->checkAuthSHIB() !== true)
307  {
308  ilUtil::sendFailure($this->lng->txt("auth_shib_not_configured"),true);
309  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editSHIB", "", false, false)));
310  }
311  break;
312 
313  case AUTH_RADIUS:
314  if ($this->object->checkAuthRADIUS() !== true)
315  {
316  ilUtil::sendFailure($this->lng->txt("auth_radius_not_configured"),true);
317  $this->ctrl->redirect($this,'editRADIUS');
318  }
319  break;
320 
321  case AUTH_SCRIPT:
322  if ($this->object->checkAuthScript() !== true)
323  {
324  ilUtil::sendFailure($this->lng->txt("auth_script_not_configured"),true);
325  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editScript", "", false, false)));
326  }
327  break;
328  }
329 
330  $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
331 
332  ilUtil::sendSuccess($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
333  $this->ctrl->redirect($this,'authSettings');
334  }
335 
336 
342  function editSOAPObject()
343  {
344  global $rbacsystem, $rbacreview, $ilSetting, $ilCtrl, $lng;
345 
346  if (!$rbacsystem->checkAccess("read",$this->object->getRefId()))
347  {
348  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
349  }
350 
351  $this->tabs_gui->setTabActive('auth_soap');
352 
353  // get template
354  $stpl = new ilTemplate("tpl.auth_soap.html", true, true,
355  "Services/Authentication");
356 
357  // get all settings
358  $settings = $ilSetting->getAll();
359 
360  // get values in error case
361  if ($_SESSION["error_post_vars"])
362  {
363  if ($_SESSION["error_post_vars"]["soap"]["active"] == "1")
364  {
365  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
366  }
367  if ($_SESSION["error_post_vars"]["soap"]["use_https"] == "1")
368  {
369  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
370  }
371  if ($_SESSION["error_post_vars"]["soap"]["create_users"] == "1")
372  {
373  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
374  }
375  if ($_SESSION["error_post_vars"]["soap"]["allow_local"] == "1")
376  {
377  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
378  }
379  if ($_SESSION["error_post_vars"]["soap"]["account_mail"] == "1")
380  {
381  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
382  }
383  if ($_SESSION["error_post_vars"]["soap"]["use_dotnet"] == "1")
384  {
385  $stpl->setVariable("CHK_USEDOTNET", "checked=\"checked\"");
386  }
387 
388  $stpl->setVariable("SOAP_SERVER", $_SESSION["error_post_vars"]["soap"]["server"]);
389  $stpl->setVariable("SOAP_PORT", $_SESSION["error_post_vars"]["soap"]["port"]);
390  $stpl->setVariable("SOAP_URI", $_SESSION["error_post_vars"]["soap"]["uri"]);
391  $stpl->setVariable("SOAP_NAMESPACE", $_SESSION["error_post_vars"]["soap"]["namespace"]);
392  $current_default_role = $_SESSION["error_post_vars"]["soap"]["user_default_role"];
393  }
394  else
395  {
396  if ($settings["soap_auth_active"] == "1")
397  {
398  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
399  }
400  if ($settings["soap_auth_use_https"] == "1")
401  {
402  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
403  }
404  if ($settings["soap_auth_create_users"] == "1")
405  {
406  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
407  }
408  if ($settings["soap_auth_allow_local"] == "1")
409  {
410  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
411  }
412  if ($settings["soap_auth_account_mail"] == "1")
413  {
414  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
415  }
416  if ($settings["soap_auth_use_dotnet"] == "1")
417  {
418  $stpl->setVariable("CHK_USE_DOTNET", "checked=\"checked\"");
419  }
420 
421  $stpl->setVariable("SOAP_SERVER", $settings["soap_auth_server"]);
422  $stpl->setVariable("SOAP_PORT", $settings["soap_auth_port"]);
423  $stpl->setVariable("SOAP_URI", $settings["soap_auth_uri"]);
424  $stpl->setVariable("SOAP_NAMESPACE", $settings["soap_auth_namespace"]);
425  $current_default_role = $settings["soap_auth_user_default_role"];
426  }
427 
428  // compose role list
429  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
430  if (!$current_default_role)
431  {
432  $current_default_role = 4;
433  }
434  $roles = array();
435  foreach ($role_list as $role)
436  {
437  $roles[$role['obj_id']] = $role['title'];
438  }
439  $selectElement = ilUtil::formSelect($current_default_role,
440  "soap[user_default_role]", $roles, false, true);
441 
442  $stpl->setVariable("SOAP_USER_DEFAULT_ROLE", $selectElement);
443  $stpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
444  $stpl->setVariable("COLSPAN", 3);
445  $stpl->setVariable("TXT_SOAP_TITLE", $this->lng->txt("auth_soap_auth"));
446  $stpl->setVariable("TXT_SOAP_DESC", $this->lng->txt("auth_soap_auth_desc"));
447  $stpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
448  $stpl->setVariable("TXT_SOAP_ACTIVE", $this->lng->txt("active"));
449  $stpl->setVariable("TXT_SOAP_SERVER", $this->lng->txt("server"));
450  $stpl->setVariable("TXT_SOAP_SERVER_DESC", $this->lng->txt("auth_soap_server_desc"));
451  $stpl->setVariable("TXT_SOAP_PORT", $this->lng->txt("port"));
452  $stpl->setVariable("TXT_SOAP_PORT_DESC", $this->lng->txt("auth_soap_port_desc"));
453  $stpl->setVariable("TXT_SOAP_URI", $this->lng->txt("uri"));
454  $stpl->setVariable("TXT_SOAP_URI_DESC", $this->lng->txt("auth_soap_uri_desc"));
455  $stpl->setVariable("TXT_SOAP_NAMESPACE", $this->lng->txt("auth_soap_namespace"));
456  $stpl->setVariable("TXT_SOAP_NAMESPACE_DESC", $this->lng->txt("auth_soap_namespace_desc"));
457  $stpl->setVariable("TXT_USE_DOTNET", $this->lng->txt("auth_soap_use_dotnet"));
458  $stpl->setVariable("TXT_USE_HTTPS", $this->lng->txt("auth_soap_use_https"));
459  $stpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
460  $stpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_soap_create_users_desc"));
461  $stpl->setVariable("TXT_ACCOUNT_MAIL", $this->lng->txt("user_send_new_account_mail"));
462  $stpl->setVariable("TXT_ACCOUNT_MAIL_DESC", $this->lng->txt("auth_new_account_mail_desc"));
463  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
464  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE_DESC",
465  $this->lng->txt("auth_soap_user_default_role_desc"));
466  $stpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
467  $stpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_soap_allow_local_desc"));
468  $stpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
469  $stpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
470  $stpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
471  $stpl->setVariable("CMD_SUBMIT", "saveSOAP");
472 
473  // test form
474  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
475  $form = new ilPropertyFormGUI();
476  $form->setFormAction($ilCtrl->getFormAction($this));
477  $form->setTitle("Test Request");
478  $text_prop = new ilTextInputGUI("ext_uid", "ext_uid");
479  $form->addItem($text_prop);
480  $text_prop2 = new ilTextInputGUI("soap_pw", "soap_pw");
481  $form->addItem($text_prop2);
482  $cb = new ilCheckboxInputGUI("new_user", "new_user");
483  $form->addItem($cb);
484 
485  $form->addCommandButton("testSoapAuthConnection",
486  "Send");
487 
488  if ($ilCtrl->getCmd() == "testSoapAuthConnection")
489  {
490  include_once("./Services/SOAPAuth/classes/class.ilSOAPAuth.php");
491  $ret = "<br />".ilSOAPAuth::testConnection(
492  ilUtil::stripSlashes($_POST["ext_uid"]),
493  ilUtil::stripSlashes($_POST["soap_pw"]),
494  (boolean) $_POST["new_user"]
495  );
496  }
497 
498  $stpl->setVariable("TEST_FORM", $form->getHtml().$ret);
499  $this->tpl->setContent($stpl->get());
500  }
501 
502  function testSoapAuthConnectionObject()
503  {
504  $this->editSOAPObject();
505  }
506 
512  function saveSOAPObject()
513  {
514  global $ilUser, $ilSetting, $rbacsystem;
515 
516  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
517  {
518  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
519  }
520 
521  // validate required data
522  if (!$_POST["soap"]["server"])
523  {
524  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
525  }
526 
527  // validate port
528  if ($_POST["soap"]["server"] != "" && (preg_match("/^[0-9]{0,5}$/",$_POST["soap"]["port"])) == false)
529  {
530  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
531  }
532 
533  $ilSetting->set("soap_auth_server", $_POST["soap"]["server"]);
534  $ilSetting->set("soap_auth_port", $_POST["soap"]["port"]);
535  $ilSetting->set("soap_auth_active", $_POST["soap"]["active"]);
536  $ilSetting->set("soap_auth_uri", $_POST["soap"]["uri"]);
537  $ilSetting->set("soap_auth_namespace", $_POST["soap"]["namespace"]);
538  $ilSetting->set("soap_auth_create_users", $_POST["soap"]["create_users"]);
539  $ilSetting->set("soap_auth_allow_local", $_POST["soap"]["allow_local"]);
540  $ilSetting->set("soap_auth_account_mail", $_POST["soap"]["account_mail"]);
541  $ilSetting->set("soap_auth_use_https", $_POST["soap"]["use_https"]);
542  $ilSetting->set("soap_auth_use_dotnet", $_POST["soap"]["use_dotnet"]);
543  $ilSetting->set("soap_auth_user_default_role", $_POST["soap"]["user_default_role"]);
544  ilUtil::sendSuccess($this->lng->txt("auth_soap_settings_saved"),true);
545 
546  $this->ctrl->redirect($this,'editSOAP');
547  }
548 
554  function editScriptObject()
555  {
556  global $rbacsystem;
557 
558  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
559  {
560  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
561  }
562 
563  if ($_SESSION["error_post_vars"])
564  {
565  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
566  }
567  else
568  {
569  // set already saved data
570  $settings = $this->ilias->getAllSettings();
571 
572  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
573  }
574 
575  $this->tabs_gui->setTabActive('auth_script');
576 
577  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_script.html",
578  "Services/Authentication");
579 
580  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
581  $this->tpl->setVariable("COLSPAN", 3);
582  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
583  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
584  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
585 
586  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
587  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
588  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
589  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
590  }
591 
597  function saveScriptObject()
598  {
599  // validate required data
600  if (!$_POST["auth_script"]["name"])
601  {
602  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
603  }
604 
605  // validate script url
606  /*
607  if (( TODO ,$_POST["ldap"]["server"])) == false)
608  {
609  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
610  }*/
611 
612  // TODO: check connection to server
613 
614  // all ok. save settings and activate auth by external script
615  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
616  $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
617 
618  ilUtil::sendSuccess($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
619  $this->ctrl->redirect($this,'editScript');
620  }
621 
622 
629  function getAuthModeTitle()
630  {
631  switch ($this->ilias->getSetting("auth_mode"))
632  {
633  case AUTH_LOCAL:
634  return $this->lng->txt("auth_local");
635  break;
636 
637  case AUTH_LDAP:
638  return $this->lng->txt("auth_ldap");
639  break;
640 
641  case AUTH_SHIBBOLETH:
642  return $this->lng->txt("auth_shib");
643  break;
644 
645  case AUTH_RADIUS:
646  return $this->lng->txt("auth_radius");
647  break;
648 
649  case AUTH_SCRIPT:
650  return $this->lng->txt("auth_script");
651  break;
652 
653  case AUTH_APACHE:
654  return $this->lng->txt("auth_apache");
655  break;
656 
657  default:
658  return $this->lng->txt("unknown");
659  break;
660  }
661  }
662 
663  function updateAuthRolesObject()
664  {
665  global $rbacsystem;
666 
667  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
668  {
669  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
670  }
671 
672  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
673  ilObjRole::_updateAuthMode($_POST['Fobject']);
674 
675  ilUtil::sendSuccess($this->lng->txt("auth_mode_roles_changed"),true);
676  $this->ctrl->redirect($this,'authSettings');
677  }
678 
684  protected function initAuthModeDetermination()
685  {
686  if(is_object($this->form))
687  {
688  return true;
689  }
690  // Are there any authentication methods that support automatic determination ?
691 
692  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
693  $det = ilAuthModeDetermination::_getInstance();
694  if($det->getCountActiveAuthModes() <= 1)
695  {
696  return false;
697  }
698 
699  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
700  $this->form = new ilPropertyFormGUI();
701  $this->form->setFormAction($this->ctrl->getFormAction($this));
702  $this->form->setTableWidth('100%');
703  $this->form->setTitle($this->lng->txt('auth_auth_mode_determination'));
704  $this->form->addCommandButton('updateAuthModeDetermination',$this->lng->txt('save'));
705  $this->form->addCommandButton('authSettings',$this->lng->txt('cancel'));
706 
707  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'),'kind');
708  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
709  $kind->setValue($det->getKind());
710  $kind->setRequired(true);
711 
712  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'),0);
713  $kind->addOption($option_user);
714 
715  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'),1);
716 
717  include_once('Services/Authentication/classes/class.ilAuthUtils.php');
718 
719  $auth_sequenced = $det->getAuthModeSequence();
720  $counter = 1;
721  foreach($auth_sequenced as $auth_mode)
722  {
723  switch($auth_mode)
724  {
725  case AUTH_LDAP:
726  $text = $this->lng->txt('auth_ldap');
727  break;
728  case AUTH_RADIUS:
729  $text = $this->lng->txt('auth_radius');
730  break;
731  case AUTH_LOCAL:
732  $text = $this->lng->txt('auth_local');
733  break;
734  case AUTH_SOAP:
735  $text = $this->lng->txt('auth_soap');
736  break;
737  case AUTH_APACHE:
738  $text = $this->lng->txt('auth_apache');
739  break;
740  }
741 
742 
743  $pos = new ilTextInputGUI($text,'position['.$auth_mode.']');
744  $pos->setValue($counter++);
745  $pos->setSize(1);
746  $pos->setMaxLength(1);
747  $option_determination->addSubItem($pos);
748  }
749  $kind->addOption($option_determination);
750  $this->form->addItem($kind);
751  return true;
752  }
753 
760  public function updateAuthModeDeterminationObject()
761  {
762  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
763  $det = ilAuthModeDetermination::_getInstance();
764 
765  $det->setKind((int) $_POST['kind']);
766 
767  $pos = $_POST['position'] ? $_POST['position'] : array();
768  asort($pos,SORT_NUMERIC);
769 
770  $counter = 0;
771  foreach($pos as $auth_mode => $dummy)
772  {
773  $position[$counter++] = $auth_mode;
774  }
775  $det->setAuthModeSequence($position ? $position : array());
776  $det->save();
777 
778  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
779  $this->authSettingsObject();
780  }
781 
788  public function executeCommand()
789  {
790  global $ilAccess,$ilErr;
791 
792  $next_class = $this->ctrl->getNextClass($this);
793  $cmd = $this->ctrl->getCmd();
794  $this->prepareOutput();
795 
796 
797  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
798  {
799  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
800  }
801 
802  switch($next_class)
803  {
804  case 'ilregistrationsettingsgui':
805 
806  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
807 
808  // Enable tabs
809  $this->tabs_gui->setTabActive('registration_settings');
810  $registration_gui =& new ilRegistrationSettingsGUI();
811  $this->ctrl->forwardCommand($registration_gui);
812  break;
813 
814  case 'ilpermissiongui':
815 
816  // Enable tabs
817  $this->tabs_gui->setTabActive('perm_settings');
818 
819  include_once("Services/AccessControl/classes/class.ilPermissionGUI.php");
820  $perm_gui =& new ilPermissionGUI($this);
821  $ret =& $this->ctrl->forwardCommand($perm_gui);
822  break;
823 
824  case 'illdapsettingsgui':
825 
826  // Enable Tabs
827  $this->tabs_gui->setTabActive('auth_ldap');
828 
829  include_once './Services/LDAP/classes/class.ilLDAPSettingsGUI.php';
830  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
831  $this->ctrl->forwardCommand($ldap_settings_gui);
832  break;
833 
834  case 'ilauthshibbolethsettingsgui':
835 
836  $this->tabs_gui->setTabActive('auth_shib');
837  include_once('./Services/AuthShibboleth/classes/class.ilAuthShibbolethSettingsGUI.php');
838  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
839  $this->ctrl->forwardCommand($shib_settings_gui);
840  break;
841 
842  case 'ilcassettingsgui':
843 
844  $this->tabs_gui->setTabActive('auth_cas');
845  include_once './Services/CAS/classes/class.ilCASSettingsGUI.php';
846  $cas_settings = new ilCASSettingsGUI($this->object->getRefId());
847  $this->ctrl->forwardCommand($cas_settings);
848  break;
849 
850  case 'ilradiussettingsgui':
851 
852  $this->tabs_gui->setTabActive('auth_radius');
853  include_once './Services/Radius/classes/class.ilRadiusSettingsGUI.php';
854  $radius_settings_gui = new ilRadiusSettingsGUI($this->object->getRefId());
855  $this->ctrl->forwardCommand($radius_settings_gui);
856  break;
857 
858  case 'ilopenidsettingsgui':
859 
860  $this->tabs_gui->setTabActive('auth_openid');
861 
862  include_once './Services/OpenId/classes/class.ilOpenIdSettingsGUI.php';
863  $os = new ilOpenIdSettingsGUI($this->object->getRefId());
864  $this->ctrl->forwardCommand($os);
865  break;
866 
867  case 'ilauthloginpageeditorgui':
868 
869  $this->setSubTabs("authSettings");
870  $this->tabs_gui->setTabActive('authentication_settings');
871  $this->tabs_gui->setSubTabActive("auth_login_editor");
872 
873  include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorGUI.php';
874  $lpe = new ilAuthLoginPageEditorGUI($this->object->getRefId());
875  $this->ctrl->forwardCommand($lpe);
876  break;
877 
878  default:
879  if(!$cmd)
880  {
881  $cmd = "authSettings";
882  }
883  $cmd .= "Object";
884  $this->$cmd();
885 
886  break;
887  }
888  return true;
889  }
890 
891  function getAdminTabs(&$tabs_gui)
892  {
893  $this->getTabs($tabs_gui);
894  }
895 
901  function getTabs(&$tabs_gui)
902  {
903  global $rbacsystem;
904 
905  $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
906 
907  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
908  {
909 
910  $tabs_gui->addTarget('registration_settings',
911  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui','view'));
912 
913  $tabs_gui->addTarget("authentication_settings", $this->ctrl->getLinkTarget($this, "authSettings"),
914  "", "", "");
915 
916  $tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTargetByClass('illdapsettingsgui','serverList'),
917  "", "", "");
918 
919 
920  #$tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
921  # "", "", "");
922 
923  $tabs_gui->addTarget('auth_shib',$this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui','settings'));
924 
925  $tabs_gui->addTarget(
926  'auth_cas',
927  $this->ctrl->getLinkTargetByClass('ilcassettingsgui','settings')
928  );
929 
930  $tabs_gui->addTarget("auth_radius", $this->ctrl->getLinkTargetByClass('ilradiussettingsgui', "settings"),
931  "", "", "");
932 
933  $tabs_gui->addTarget("auth_soap", $this->ctrl->getLinkTarget($this, "editSOAP"),
934  "", "", "");
935 
936  $tabs_gui->addTarget(
937  'auth_openid',
938  $this->ctrl->getLinkTargetByClass('ilopenidsettingsgui','settings'),
939  '',
940  '',
941  ''
942  );
943 
944  $tabs_gui->addTarget("apache_auth_settings", $this->ctrl->getLinkTarget($this,'apacheAuthSettings'),
945  "", "", "");
946  }
947 
948  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
949  {
950  $tabs_gui->addTarget("perm_settings",
951  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
952  array("perm","info","owner"), 'ilpermissiongui');
953  }
954  }
955 
959  function setSubTabs($a_tab)
960  {
961  global $rbacsystem,$ilUser,$ilAccess;
962 
963  $GLOBALS['lng']->loadLanguageModule('auth');
964 
965  switch ($a_tab)
966  {
967  case 'authSettings':
968  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
969  {
970  $this->tabs_gui->addSubTabTarget("auth_settings",
971  $this->ctrl->getLinkTarget($this,'authSettings'),
972  "");
973  }
974  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
975  {
976  $this->tabs_gui->addSubTabTarget(
977  'auth_login_editor',
978  $this->ctrl->getLinkTargetByClass('ilauthloginpageeditorgui',''),
979  ''
980  );
981  }
982  break;
983  }
984  }
985 
986 
987  public function apacheAuthSettingsObject($form = false)
988  {
989  global $ilDB, $tpl;
990 
991  $this->tabs_gui->setTabActive("apache_auth_settings");
992  //$this->setSubTabs("authSettings");
993  //$this->tabs_gui->setSubTabActive("apache_auth_settings");
994  if (!$form)
995  {
996  $form = $this->getApacheAuthSettingsForm();
997 
998  $settings = new ilSetting('apache_auth');
999  $settingsMap = $settings->getAll();
1000 
1001  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1002  if (file_exists($path) && is_readable($path)) {
1003  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1004  }
1005 
1006  $form->setValuesByArray($settingsMap);
1007  }
1008  $tpl->setVariable('ADM_CONTENT', $form->getHtml());
1009  }
1010 
1011  public function saveApacheSettingsObject()
1012  {
1013  global $ilCtrl;
1014  $form = $this->getApacheAuthSettingsForm();
1015  $form->setValuesByPost();
1016  /*$items = $form->getItems();
1017  foreach($items as $item)
1018  $item->validate();*/
1019  if ($form->checkInput())
1020  {
1021  $settings = new ilSetting('apache_auth');
1022  $fields = array
1023  (
1024  'apache_auth_indicator_name', 'apache_auth_indicator_value',
1025  'apache_enable_auth', 'apache_enable_local', 'apache_local_autocreate',
1026  'apache_enable_ldap', 'apache_auth_username_config_type',
1027  'apache_auth_username_direct_mapping_fieldname',
1028  'apache_default_role', 'apache_auth_target_override_login_page',
1029  'apache_auth_enable_override_login_page',
1030  'apache_auth_authenticate_on_login_page'
1031 // 'apache_auth_username_by_function_functionname',
1032  );
1033 
1034  foreach($fields as $field)
1035  $settings->set($field, $form->getInput($field));
1036 
1037  if ($form->getInput('apache_enable_auth'))
1038  $this->ilias->setSetting('apache_active', true);
1039  else {
1040  $this->ilias->setSetting('apache_active', false);
1041  global $ilSetting;
1042  if ($ilSetting->get("auth_mode") == AUTH_APACHE) {
1043  $ilSetting->set("auth_mode", AUTH_LOCAL);
1044  }
1045  }
1046 
1047  $allowedDomains = $this->validateApacheAuthAllowedDomains($form->getInput('apache_auth_domains'));
1048  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1049 
1050  ilUtil::sendSuccess($this->lng->txt('apache_settings_changed_success'), true);
1051  $this->ctrl->redirect($this, 'apacheAuthSettings');
1052  }
1053  else
1054  {
1055  $this->apacheAuthSettingsObject($form);
1056  }
1057  }
1058 
1059  public function getApacheAuthSettingsForm()
1060  {
1061  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1062 
1063  $form = new ilPropertyFormGUI();
1064  $form->setFormAction($this->ctrl->getFormAction($this));
1065  $form->setTitle($this->lng->txt('apache_settings'));
1066 
1067  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1068  $form->addItem($chb_enabled);
1069 
1070  $chb_local_create_account = new ilCheckboxInputGUI($this->lng->txt('apache_autocreate'), 'apache_local_autocreate');
1071  $chb_enabled->addSubitem($chb_local_create_account);
1072 
1073  global $rbacreview;
1074  $roles = $rbacreview->getGlobalRolesArray();
1075  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1076  $roleOptions = array();
1077  foreach($roles as $role) {
1078  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1079  }
1080  $select->setOptions($roleOptions);
1081  $select->setValue(4);
1082 
1083  $chb_local_create_account->addSubitem($select);
1084 
1085  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1086  $form->addItem($chb_local);
1087 /*
1088  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1089  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1090  $form->addItem($chb_ldap);
1091 */
1092  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1093  $txt->setRequired(true);
1094  $form->addItem($txt);
1095 
1096  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1097  $txt->setRequired(true);
1098  $form->addItem($txt);
1099 
1100 
1101  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_enable_override_login'), 'apache_auth_enable_override_login_page');
1102  $form->addItem($chb);
1103 
1104  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_target_override_login'), 'apache_auth_target_override_login_page');
1105  $txt->setRequired(true);
1106  $chb->addSubItem($txt);
1107 
1108  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_authenticate_on_login_page'), 'apache_auth_authenticate_on_login_page');
1109  $form->addItem($chb);
1110 
1111  $sec = new ilFormSectionHeaderGUI();
1112  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1113  $form->addItem($sec);
1114 
1115  $rag = new ilRadioGroupInputGUI($this->lng->txt('apache_auth_username_config_type'), 'apache_auth_username_config_type');
1116  $form->addItem($rag);
1117 
1118  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), 1);
1119  $rag->addOption($rao);
1120 
1121  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_direct_mapping_fieldname'), 'apache_auth_username_direct_mapping_fieldname');
1122  //$txt->setRequired(true);
1123  $rao->addSubItem($txt);
1124 
1125  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), 2);
1126  $rao->setDisabled(true);
1127  $rag->addOption($rao);
1128 
1129  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), 3);
1130  $rag->addOption($rao);
1131 
1132 /* $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_by_function_functionname'), 'apache_auth_username_by_function_functionname');
1133  $rao->addSubItem($txt);*/
1134 
1135  $sec = new ilFormSectionHeaderGUI();
1136  $sec->setTitle($this->lng->txt('apache_auth_security'));
1137  $form->addItem($sec);
1138 
1139  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1140  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1141 
1142  $form->addItem($txt);
1143 
1144  $form->addCommandButton('saveApacheSettings',$this->lng->txt('save'));
1145  $form->addCommandButton('cancel',$this->lng->txt('cancel'));
1146 
1147  return $form;
1148  }
1149 
1150  private function validateApacheAuthAllowedDomains($text) {
1151  return join("\n", preg_split("/[\r\n]+/", $text));
1152  }
1153 
1154 } // END class.ilObjAuthSettingsGUI
1155 ?>