ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilAuthFrontendCredentialsApache.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use Psr\Http\Message\ServerRequestInterface;
22 
30 class ilAuthFrontendCredentialsApache extends ilAuthFrontendCredentials
31 {
32  private ServerRequestInterface $httpRequest;
33  private ilCtrlInterface $ctrl;
34  private ilSetting $settings;
35  private ilLogger $logger;
36 
37  public function __construct(ServerRequestInterface $httpRequest, ilCtrlInterface $ctrl)
38  {
39  global $DIC;
40  $this->logger = $DIC->logger()->auth();
41  $this->httpRequest = $httpRequest;
42  $this->ctrl = $ctrl;
43  $this->settings = new ilSetting('apache_auth');
44  parent::__construct();
45  }
46 
51  public function tryAuthenticationOnLoginPage(): void
52  {
53  $cmd = (string) ($this->httpRequest->getQueryParams()['cmd'] ?? '');
54  if ('' === $cmd) {
55  $cmd = (string) ($this->httpRequest->getParsedBody()['cmd'] ?? '');
56  }
57 
58  if ('force_login' === $cmd) {
59  return;
60  }
61 
62  if (!$this->getSettings()->get('apache_enable_auth', '0')) {
63  return;
64  }
65 
66  if (!$this->getSettings()->get('apache_auth_authenticate_on_login_page', '0')) {
67  return;
68  }
69 
70  if (
71  (defined('IL_CERT_SSO') && (int) IL_CERT_SSO === 1) ||
72  !ilContext::supportsRedirects() ||
73  isset($this->httpRequest->getQueryParams()['passed_sso'])
74  ) {
75  return;
76  }
77 
78  $path = (string) ($this->httpRequest->getServerParams()['REQUEST_URI'] ?? '');
79  if (strpos($path, '/') === 0) {
80  $path = substr($path, 1);
81  }
82 
83  if (strpos($path, 'http') !== 0) {
84  $parts = parse_url(ILIAS_HTTP_PATH);
85  $path = $parts['scheme'] . '://' . $parts['host'] . '/' . $path;
86  }
87 
88  $this->ctrl->redirectToURL(
89  ilUtil::getHtmlPath(
90  './public/sso/index.php?force_mode_apache=1&' .
91  'r=' . urlencode($path) .
92  '&cookie_path=' . urlencode(IL_COOKIE_PATH) .
93  '&ilias_path=' . urlencode(ILIAS_HTTP_PATH)
94  )
95  );
96  }
97 
98  protected function getSettings(): ilSetting
99  {
100  return $this->settings;
101  }
102 
103  public function initFromRequest(): void
104  {
105  $mappingFieldName = $this->getSettings()->get('apache_auth_username_direct_mapping_fieldname', '');
106 
107  $this->logger->dump($this->httpRequest->getServerParams(), ilLogLevel::DEBUG);
108  $this->logger->debug($mappingFieldName);
109 
110  switch ($this->getSettings()->get('apache_auth_username_config_type')) {
111  case ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING:
112  if (isset($this->httpRequest->getServerParams()[$mappingFieldName])) {
113  $this->setUsername($this->httpRequest->getServerParams()[$mappingFieldName]);
114  }
115  break;
116 
117  case ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION:
118  $this->setUsername(ApacheCustom::getUsername());
119  break;
120  }
121  }
122 
123  public function hasValidTargetUrl(): bool
124  {
125  $targetUrl = trim((string) ($this->httpRequest->getQueryParams()['r'] ?? ''));
126  if ($targetUrl === '') {
127  return false;
128  }
129 
130  $validDomains = [];
131  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
132  if (file_exists($path) && is_readable($path)) {
133  foreach (file($path) as $line) {
134  if (trim($line)) {
135  $validDomains[] = trim($line);
136  }
137  }
138  }
139 
140  return (new ilWhiteListUrlValidator($targetUrl, $validDomains))->isValid();
141  }
142 
143  public function getTargetUrl(): string
144  {
145  return ilUtil::appendUrlParameterString(trim($this->httpRequest->getQueryParams()['r']), 'passed_sso=1');
146  }
147 }
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:375
ilAuthFrontendCredentialsApache\tryAuthenticationOnLoginPage
tryAuthenticationOnLoginPage()
Check if an authentication attempt should be done when login page has been called.
Definition: class.ilAuthFrontendCredentialsApache.php:51
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$path
$path
Definition: ltiservices.php:30
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
$DIC
global $DIC
Definition: shib_login.php:25
ilUtil\getHtmlPath
static getHtmlPath(string $relative_path)
get url of path
Definition: class.ilUtil.php:110
ILIAS_DATA_DIR
const ILIAS_DATA_DIR
Definition: constants.php:44
ilAuthFrontendCredentialsApache\__construct
__construct(ServerRequestInterface $httpRequest, ilCtrlInterface $ctrl)
Definition: class.ilAuthFrontendCredentialsApache.php:37
ilAuthFrontendCredentials\setUsername
setUsername(string $a_name)
Set username.
Definition: class.ilAuthFrontendCredentials.php:41
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilWhiteListUrlValidator
Class ilWhiteListUrlValidator.
Definition: class.ilWhiteListUrlValidator.php:25
IL_COOKIE_PATH
const IL_COOKIE_PATH(isset($_GET['client_id']))
Definition: index.php:47
ilContext\supportsRedirects
static supportsRedirects()
Are redirects supported?
Definition: class.ilContext.php:89