ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilAuthProviderLTI Class Reference

OAuth based lti authentication. More...

+ Inheritance diagram for ilAuthProviderLTI:
+ Collaboration diagram for ilAuthProviderLTI:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Static Public Member Functions

static getAuthModeByKey (string $a_auth_key)
 Get auth mode by key. More...
 
static getKeyByAuthMode (string $a_auth_mode)
 Get auth id by auth mode. More...
 
static getActiveAuthModes ()
 get all active authmode server ids More...
 
static getAuthModes ()
 
static lookupConsumer (int $a_sid)
 Lookup consumer title. More...
 
static getServerIdByAuthMode (string $a_auth_mode)
 Get auth id by auth mode. More...
 
static isAuthModeLTI (string $a_auth_mode)
 Check if user auth mode is LTI. More...
 

Data Fields

const AUTH_MODE_PREFIX = 'lti'
 

Protected Member Functions

 findAuthKeyId (string $a_oauth_consumer_key)
 find consumer key id More...
 
 findAuthPrefix (int $a_lti_id)
 find lti id More...
 
 findGlobalRole (int $a_lti_id)
 find global role of consumer More...
 
 findUserId (string $a_oauth_user, string $a_oauth_id, string $a_user_prefix)
 Find user by auth mode and lti id. More...
 
 updateUser (int $a_local_user_id, ilLTIPlatform $consumer)
 update existing user protected More...
 
 createUser (ilLTIPlatform $consumer)
 create new user protected More...
 
 handleLocalRoleAssignments (int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
 
 mapLTIRoleToLocalRole (string $lti_role, ilLTIProviderObjectSetting $settings)
 Maps an LTI role (URI or simple name) to a local ILIAS role ID. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 Handle failed authentication. More...
 

Protected Attributes

string $launchReturnUrl = ""
 

Private Attributes

ilLTIDataConnector $dataConnector = null
 
string $lti_context_id = ""
 
int $ref_id = 0
 
ilLTITool $provider = null
 
array $messageParameters = null
 
ilLogger $logger = null
 

Detailed Description

OAuth based lti authentication.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de
Stefan Schneider

Definition at line 27 of file class.ilAuthProviderLTI.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderLTI::__construct ( ilAuthCredentials  $credentials)

Constructor.

Definition at line 43 of file class.ilAuthProviderLTI.php.

References ILIAS\GlobalScreen\Provider\__construct(), ilLoggerFactory\getLogger(), and ILIAS\Repository\logger().

44  {
45  parent::__construct($credentials);
46  $this->logger = ilLoggerFactory::getLogger('ltis');
47  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ createUser()

ilAuthProviderLTI::createUser ( ilLTIPlatform  $consumer)
protected

create new user protected

Parameters
ilLTIPlatform$consumer
Returns
int
Exceptions
ilPasswordException
ilUserException

Definition at line 424 of file class.ilAuthProviderLTI.php.

References $DIC, $GLOBALS, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIPlatform\getExtConsumerId(), ilLTIPlatform\getLanguage(), ilAuthProvider\getLogger(), ilLTIPlatform\getPrefix(), ilLTIPlatform\getRole(), ilUtil\now(), and ilObjUser\PASSWD_CRYPTED.

Referenced by findGlobalRole().

424  : int
425  {
426  global $ilClientIniFile, $DIC;
427  // if (empty($this->messageParameters)) {
428  // $status->setReason('empty_lti_message_parameters');
429  // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
430  // return false;
431  // }
432  $userObj = new ilObjUser();
433  $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
434 
435  $newUser["login"] = $local_user;
436  if (isset($this->messageParameters['lis_person_name_given'])) {
437  $newUser["firstname"] = $this->messageParameters['lis_person_name_given'];
438  } else {
439  $newUser["firstname"] = '-';
440  }
441  if (isset($this->messageParameters['lis_person_name_family'])) {
442  $newUser["lastname"] = $this->messageParameters['lis_person_name_family'];
443  } else {
444  $newUser["lastname"] = '-';
445  }
446  $newUser['email'] = $this->messageParameters['lis_person_contact_email_primary'];
447 
448  // set "plain md5" password (= no valid password)
449  // $newUser["passwd"] = "";
450  $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
451 
452  $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
453  $newUser['ext_account'] = $this->getCredentials()->getUsername();
454  $newUser["profile_incomplete"] = 0;
455 
456  // ILIAS 8
457  //check
458  $newUser["gender"] = 'n';
459  $newUser["title"] = null;
460  $newUser["birthday"] = null;
461  $newUser["institution"] = null;
462  $newUser["department"] = null;
463  $newUser["street"] = null;
464  $newUser["city"] = null;
465  $newUser["zipcode"] = null;
466  $newUser["country"] = null;
467  $newUser["sel_country"] = null;
468  $newUser["phone_office"] = null;
469  $newUser["phone_home"] = null;
470  $newUser["phone_mobile"] = null;
471  $newUser["fax"] = null;
472  $newUser["matriculation"] = null;
473  $newUser["second_email"] = null;
474  $newUser["hobby"] = null;
475  $newUser["client_ip"] = null;
476  $newUser["passwd_salt"] = null;//$newUser->getPasswordSalt();
477  $newUser["latitude"] = null;
478  $newUser["longitude"] = null;
479  $newUser["loc_zoom"] = null;
480  $newUser["last_login"] = null;
481  $newUser["first_login"] = null;
482  $newUser["last_profile_prompt"] = null;
483  $newUser["last_update"] = ilUtil::now();
484  $newUser["create_date"] = ilUtil::now();
485  $newUser["referral_comment"] = null;
486  $newUser["approve_date"] = null;
487  $newUser["agree_date"] = null;
488  $newUser["inactivation_date"] = null;
489  $newUser["time_limit_from"] = null;
490  $newUser["time_limit_until"] = null;
491  $newUser["is_self_registered"] = null;
492  //end to check
493 
494  $newUser["passwd_enc_type"] = "";
495  $newUser["active"] = true;
496  $newUser["time_limit_owner"] = 7;
497  $newUser["time_limit_unlimited"] = 0;
498  $newUser["time_limit_message"] = 0;
499  $newUser["passwd"] = " ";
500  // $newUser["last_update"]
501 
502  // system data
503  $userObj->assignData($newUser);
504  $userObj->setTitle($userObj->getFullname());
505  $userObj->setDescription($userObj->getEmail());
506 
507  // set user language
508  $userObj->setLanguage($consumer->getLanguage());
509 
510  // Time limit
511  $userObj->setTimeLimitOwner(7);
512  $userObj->setTimeLimitUnlimited(false);
513  $userObj->setTimeLimitFrom(time() - 5);
514  // todo ?
515  $userObj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
516 
517  // Create user in DB
518  $userObj->setOwner(6);
519  $userObj->create();
520  $userObj->setActive(true);
521  // $userObj->updateOwner();
522  $userObj->setLastPasswordChangeTS(time());
523  $userObj->saveAsNew();
524  $userObj->writePrefs();
525 
526  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
527 
528  $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
529  return $userObj->getId();
530  }
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:373
ilUtil\now
static now()
Return current timestamp in Y-m-d H:i:s format.
Definition: class.ilUtil.php:1016
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
$DIC
global $DIC
Definition: shib_login.php:25
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId ( string  $a_oauth_consumer_key)
protected

find consumer key id

Parameters
string$a_oauth_consumer_key
Returns
int

Definition at line 160 of file class.ilAuthProviderLTI.php.

References $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

160  : int
161  {
162  global $ilDB;
163 
164  $query = 'SELECT consumer_pk from lti2_consumer where consumer_key = ' . $ilDB->quote(
165  $a_oauth_consumer_key,
166  'text'
167  );
168  // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
169  $this->getLogger()->debug($query);
170  $res = $ilDB->query($query);
171 
172  $lti_id = 0;
173  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
174  $lti_id = $row->consumer_pk;
175  // $lti_id = $row->id;
176  }
177  $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
178  return $lti_id;
179  }
$res
$res
Definition: ltiservices.php:69
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix ( int  $a_lti_id)
protected

find lti id

Parameters
int$a_lti_id
Returns
string

Definition at line 186 of file class.ilAuthProviderLTI.php.

References $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

186  : string
187  {
188  global $ilDB;
189 
190  $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
191  $this->getLogger()->debug($query);
192  $res = $ilDB->query($query);
193 
194  // $prefix = 'lti'.$a_lti_id.'_';
195  $prefix = '';
196  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
197  $prefix = $row->prefix;
198  }
199  $this->getLogger()->debug('LTI prefix: ' . $prefix);
200  return $prefix;
201  }
$res
$res
Definition: ltiservices.php:69
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ findGlobalRole()

ilAuthProviderLTI::findGlobalRole ( int  $a_lti_id)
protected

find global role of consumer

Parameters
int$a_lti_id
Returns
int|null

Definition at line 208 of file class.ilAuthProviderLTI.php.

References $_COOKIE, $DIC, $ilDB, $launchReturnUrl, $post, $ref_id, $res, ilAuthProvider\$status, ilObject\_lookupType(), ilSession\clear(), createUser(), ilAuthProviderInterface\doAuthentication(), ilDBConstants\FETCHMODE_OBJECT, findUserId(), ilLTIPlatform\fromConsumerKey(), ilSession\get(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), handleLocalRoleAssignments(), ILIAS\Repository\int(), ILIAS\Repository\logger(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setReason(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_AUTHENTICATED, ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and updateUser().

208  : ?int
209  {
210  global $ilDB;
211 
212  $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
213  $this->getLogger()->debug($query);
214  $res = $ilDB->query($query);
215 
216  $role = null;
217  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
218  $role = (int) $row->role;
219  }
220  $this->getLogger()->debug('LTI role: ' . $role);
221  return $role;
222  }
$res
$res
Definition: ltiservices.php:69
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ findUserId()

ilAuthProviderLTI::findUserId ( string  $a_oauth_user,
string  $a_oauth_id,
string  $a_user_prefix 
)
protected

Find user by auth mode and lti id.

Parameters
string$a_oauth_user
string$a_oauth_id
string$a_user_prefix
Returns
int

Definition at line 356 of file class.ilAuthProviderLTI.php.

References ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

Referenced by findGlobalRole().

356  : int
357  {
358  $user_name = ilObjUser::_checkExternalAuthAccount(
359  self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
360  $a_oauth_user
361  );
362  $user_id = 0;
363  if ($user_name) {
364  $user_id = ilObjUser::_lookupId($user_name);
365  }
366  $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
367  return $user_id;
368  }
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )
static

get all active authmode server ids

Returns
array

Definition at line 81 of file class.ilAuthProviderLTI.php.

References $ilDB, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

81  : array
82  {
83  global $ilDB;
84 
85  // move to connector
86  $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
87  $res = $ilDB->query($query);
88 
89  $sids = array();
90  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
91  $sids[] = $row->consumer_pk;
92  }
93  return $sids;
94  }
$res
$res
Definition: ltiservices.php:69
+ Here is the caller graph for this function:

◆ getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey ( string  $a_auth_key)
static

Get auth mode by key.

Parameters
string$a_auth_mode
Returns
string auth_mode

Definition at line 54 of file class.ilAuthProviderLTI.php.

Referenced by ilAuthUtils\_getAuthModeName().

54  : string
55  {
56  $auth_arr = explode('_', $a_auth_key);
57  if (count($auth_arr) > 1) {
58  return 'lti_' . $auth_arr[1];
59  }
60  return 'lti';
61  }
+ Here is the caller graph for this function:

◆ getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )
static
Returns
array

Definition at line 99 of file class.ilAuthProviderLTI.php.

References $ilDB, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

99  : array
100  {
101  global $ilDB;
102 
103  // move to connector
104  $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
105  $res = $ilDB->query($query);
106 
107  $sids = array();
108  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
109  $sids[] = $row->consumer_pk;
110  }
111  return $sids;
112  }
$res
$res
Definition: ltiservices.php:69
+ Here is the caller graph for this function:

◆ getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode ( string  $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int|string auth_mode

Definition at line 68 of file class.ilAuthProviderLTI.php.

References ilAuthUtils\AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

69  {
70  $auth_arr = explode('_', $a_auth_mode);
71  if (count($auth_arr) > 1) {
72  return ilAuthUtils::AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
73  }
74  return ilAuthUtils::AUTH_PROVIDER_LTI;
75  }
+ Here is the caller graph for this function:

◆ getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode ( string  $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int|null

Definition at line 131 of file class.ilAuthProviderLTI.php.

Referenced by ilAuthUtils\getAuthModeTranslation().

131  : ?int
132  {
133  if (self::isAuthModeLTI($a_auth_mode)) {
134  $auth_arr = explode('_', $a_auth_mode);
135  return (int) $auth_arr[1];
136  }
137  return null;
138  }
+ Here is the caller graph for this function:

◆ handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments ( int  $user_id,
ilLTIPlatform  $consumer,
int  $target_ref_id,
int  $default_rol_id = null 
)
protected

Definition at line 532 of file class.ilAuthProviderLTI.php.

References $DIC, ilAuthProvider\$user_id, ilLTIPlatform\getExtConsumerId(), ilAuthProvider\getLogger(), and mapLTIRoleToLocalRole().

Referenced by findGlobalRole().

532  : bool
533  {
534  global $DIC;
535  $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
536  if (!$target_ref_id) {
537  $this->getLogger()->warning('No target id given');
538  return false;
539  }
540 
541  $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
542 
543  $roles = $this->messageParameters['roles'] ?? '';
544 
545  if (!is_string($roles) || empty($roles)) {
546  $this->getLogger()->warning('No role information given or invalid role format.');
547  return false;
548  }
549 
550  $this->getLogger()->info("Deassigning all roles for user: " . $user_id);
551  $DIC->rbac()->admin()->deassignUser($obj_settings->getTutorRole(), $user_id);
552  $DIC->rbac()->admin()->deassignUser($obj_settings->getMemberRole(), $user_id);
553  $DIC->rbac()->admin()->deassignUser($obj_settings->getAdminRole(), $user_id);
554 
555  $role_arr = is_array($roles) ? $roles : explode(',', $roles);
556 
557  $this->getLogger()->info('Recieved roles: ' . implode(', ', $role_arr));
558 
559  $tree = $DIC->repositoryTree();
560  $parent = $tree->getParentId($target_ref_id);
561  if ($parent != 1) {
562  $this->handleLocalRoleAssignments($user_id, $consumer, $parent, $obj_settings->getMemberRole());
563  }
564  foreach ($role_arr as $role) {
565  $role = trim($role);
566  $local_role_id = $this->mapLTIRoleToLocalRole($role, $obj_settings) == 0 && $default_rol_id != null ? $default_rol_id : $this->mapLTIRoleToLocalRole($role, $obj_settings);
567  if (isset($local_role_id)) {
568  $this->getLogger()->info('Assigning local role ID: ' . $local_role_id . ' for LTI role: ' . $role . ' to user ID: ' . $user_id);
569  $DIC->rbac()->admin()->assignUser($local_role_id, $user_id);
570  } else {
571  $this->getLogger()->info('No local role mapping found for LTI role: ' . $role);
572  }
573  }
574 
575  return true;
576  }
$DIC
global $DIC
Definition: shib_login.php:25
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthProviderLTI\mapLTIRoleToLocalRole
mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings)
Maps an LTI role (URI or simple name) to a local ILIAS role ID.
Definition: class.ilAuthProviderLTI.php:585
ilAuthProviderLTI\handleLocalRoleAssignments
handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
Definition: class.ilAuthProviderLTI.php:532
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI ( string  $a_auth_mode)
static

Check if user auth mode is LTI.

Parameters
string$a_auth_mode
Returns
bool

Definition at line 145 of file class.ilAuthProviderLTI.php.

References ilAuthUtils\AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

145  : bool
146  {
147  if (!$a_auth_mode) {
148  ilLoggerFactory::getLogger('ltis')->warning('No auth mode given.');
149  return false;
150  }
151  $auth_arr = explode('_', $a_auth_mode);
152  return ($auth_arr[0] == ilAuthUtils::AUTH_PROVIDER_LTI) and $auth_arr[1];
153  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
+ Here is the call graph for this function:

◆ lookupConsumer()

static ilAuthProviderLTI::lookupConsumer ( int  $a_sid)
static

Lookup consumer title.

Parameters
int$a_sid
Returns
string

Definition at line 119 of file class.ilAuthProviderLTI.php.

References ilLTIPlatform\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

119  : string
120  {
121  $connector = new ilLTIDataConnector();
122  $consumer = ilLTIPlatform::fromRecordId($a_sid, $connector);
123  return $consumer->getTitle();
124  }
ilLTIPlatform\fromRecordId
static fromRecordId(int|string $id, DataConnector $dataConnector)
Load the platform from the database by its record ID.
Definition: class.ilLTIPlatform.php:315
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mapLTIRoleToLocalRole()

ilAuthProviderLTI::mapLTIRoleToLocalRole ( string  $lti_role,
ilLTIProviderObjectSetting  $settings 
)
protected

Maps an LTI role (URI or simple name) to a local ILIAS role ID.

Parameters
string$lti_role
ilLTIProviderObjectSetting$settings
Returns
int|null The ILIAS role ID, or null if no mapping is found.

Definition at line 585 of file class.ilAuthProviderLTI.php.

References ilLTIProviderObjectSetting\getAdminRole(), ilLTIProviderObjectSetting\getMemberRole(), and ilLTIProviderObjectSetting\getTutorRole().

Referenced by handleLocalRoleAssignments().

585  : ?int
586  {
587  // Prioritize more specific roles (sub-roles)
588  $role_map = [
589  // System Roles
590  'http://purl.imsglobal.org/vocab/lti/system/person#TestUser' => null, // Example: No mapping for TestUser
591  'http://purl.imsglobal.org/vocab/lis/v2/system/person#Administrator' => $settings->getAdminRole(),
592  'http://purl.imsglobal.org/vocab/lis/v2/system/person#None' => null,
593  'http://purl.imsglobal.org/vocab/lis/v2/system/person#AccountAdmin' => null, // No direct mapping
594  'http://purl.imsglobal.org/vocab/lis/v2/system/person#Creator' => null, // No direct mapping
595  'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysAdmin' => null, // No direct mapping
596  'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysSupport' => null, // No direct mapping
597  'http://purl.imsglobal.org/vocab/lis/v2/system/person#User' => null, // No direct mapping
598 
599  // Institution Roles
600  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' => $settings->getAdminRole(),
601  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Faculty' => $settings->getTutorRole(),
602  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Guest' => null, // No direct mapping
603  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#None' => null,
604  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other' => null, // No direct mapping
605  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Staff' => null, // No direct mapping
606  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Student' => $settings->getMemberRole(),
607  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Alumni' => null, // No direct mapping
608  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor' => $settings->getTutorRole(),
609  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Learner' => $settings->getMemberRole(),
610  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Member' => $settings->getMemberRole(),
611  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Mentor' => null, // No direct mapping
612  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Observer' => null, // No direct mapping
613  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#ProspectiveStudent' => null, // No direct mapping
614 
615  // Context Roles (Main)
616  'http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator' => $settings->getAdminRole(),
617  'http://purl.imsglobal.org/vocab/lis/v2/membership#ContentDeveloper' => null, // No direct mapping
618  'http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor' => $settings->getTutorRole(),
619  'http://purl.imsglobal.org/vocab/lis/v2/membership#Learner' => $settings->getMemberRole(),
620  'http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor' => null, // No direct mapping
621  'http://purl.imsglobal.org/vocab/lis/v2/membership#Manager' => $settings->getAdminRole(), // Potentially map to admin
622  'http://purl.imsglobal.org/vocab/lis/v2/membership#Member' => $settings->getMemberRole(),
623  'http://purl.imsglobal.org/vocab/lis/v2/membership#Officer' => null, // No direct mapping
624 
625  // Context Sub-Roles (TeachingAssistant)
626  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistant' => $settings->getTutorRole(),
627  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantGroup' => $settings->getTutorRole(),
628  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantOffering' => $settings->getTutorRole(),
629  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSection' => $settings->getTutorRole(),
630  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSectionAssociation' => $settings->getTutorRole(),
631  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantTemplate' => $settings->getTutorRole(),
632  // Context Sub-Roles (Grader)
633  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Grader' => $settings->getTutorRole(), // Map Grader to Tutor
634  // Context Sub-Roles (GuestInstructor, Lecturer, PrimaryInstructor, SecondaryInstructor)
635  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#GuestInstructor' => $settings->getTutorRole(),
636  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Lecturer' => $settings->getTutorRole(),
637  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#PrimaryInstructor' => $settings->getTutorRole(),
638  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#SecondaryInstructor' => $settings->getTutorRole(),
639  // Context Sub-Roles (ExternalInstructor)
640  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#ExternalInstructor' => $settings->getTutorRole(),
641 
642  // Context Sub-Roles (ExternalLearner, GuestLearner, Learner, NonCreditLearner)
643  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#ExternalLearner' => $settings->getMemberRole(),
644  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#GuestLearner' => $settings->getMemberRole(),
645  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#Learner' => $settings->getMemberRole(),
646  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#NonCreditLearner' => $settings->getMemberRole(),
647 
648  // Context Sub-Roles (AreaManager, CourseCoordinator, ExternalObserver, Manager, Observer)
649  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#AreaManager' => $settings->getAdminRole(),
650  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#CourseCoordinator' => null,
651  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#ExternalObserver' => null,
652  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Manager' => $settings->getAdminRole(),
653  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Observer' => null,
654 
655  // Context Sub-Roles (Advisor, Auditor, ExternalAdvisor, ExternalAuditor, ExternalLearningFacilitator, ExternalMentor, ExternalReviewer, ExternalTutor, LearningFacilitator, Mentor, Reviewer, Tutor)
656  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Advisor' => null,
657  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Auditor' => null,
658  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAdvisor' => null,
659  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAuditor' => null,
660  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalLearningFacilitator' => null,
661  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor' => null,
662  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalReviewer' => null,
663  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalTutor' => null,
664  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#LearningFacilitator' => null,
665  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Mentor' => null,
666  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Reviewer' => null,
667  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Tutor' => $settings->getTutorRole(), // Map Tutor to Tutor
668 
669  // Context Sub-Roles (Chair, Communications, Secretary, Treasurer, Vice-Chair)
670  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Chair' => null,
671  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Communications' => null,
672  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Secretary' => null,
673  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Treasurer' => null,
674  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Vice-Chair' => null,
675 
676  // Context Sub-Roles (ContentDeveloper, ContentExpert, ExternalContentExpert, Librarian)
677  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentDeveloper' => null,
678  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentExpert' => null,
679  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ExternalContentExpert' => null,
680  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#Librarian' => null,
681 
682  // Context Sub-Roles (Member)
683  'http://purl.imsglobal.org/vocab/lis/v2/membership/Member#Member' => $settings->getMemberRole(),
684 
685  // Context Sub-Roles (Administrator, Developer, ExternalDeveloper, ExternalSupport, ExternalSystemAdministrator, Support, SystemAdministrator)
686  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Administrator' => $settings->getAdminRole(),
687  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Developer' => null,
688  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalDeveloper' => null,
689  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSupport' => null,
690  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSystemAdministrator' => null,
691  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support' => null,
692  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#SystemAdministrator' => null,
693  ];
694 
695  // LTI 1.0/1.1 simple names (supported for backward compatibility)
696  $simple_name_map = [
697  'Instructor' => $settings->getTutorRole(),
698  'Learner' => $settings->getMemberRole(),
699  'ContentDeveloper' => null,
700  'Administrator' => $settings->getAdminRole(),
701  'Mentor' => null,
702  'Manager' => $settings->getAdminRole(),
703  'Member' => $settings->getMemberRole(),
704  'Officer' => null,
705  ];
706 
707 
708  if (isset($role_map[$lti_role])) {
709  return $role_map[$lti_role];
710  } elseif (isset($simple_name_map[$lti_role])) {
711  // Check for simple names
712  return $simple_name_map[$lti_role];
713  }
714 
715  return null;
716  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderLTI::updateUser ( int  $a_local_user_id,
ilLTIPlatform  $consumer 
)
protected

update existing user protected

Parameters
int$a_local_user_id
ilLTIPlatform$consumer
Returns
int

Definition at line 377 of file class.ilAuthProviderLTI.php.

References $DIC, $GLOBALS, ilAuthProvider\getLogger(), and ilLTIPlatform\getRole().

Referenced by findGlobalRole().

377  : int
378  {
379  global $ilClientIniFile, $DIC;
380  // if (empty($this->messageParameters)) {
381  // $status->setReason('empty_lti_message_parameters');
382  // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
383  // return false;
384  // }
385  $user_obj = new ilObjUser($a_local_user_id);
386  if (isset($this->messageParameters['lis_person_name_given'])) {
387  $user_obj->setFirstname($this->messageParameters['lis_person_name_given']);
388  } else {
389  $user_obj->setFirstname('-');
390  }
391  if (isset($this->messageParameters['lis_person_name_family'])) {
392  $user_obj->setLastname($this->messageParameters['lis_person_name_family']);
393  } else {
394  $user_obj->setLastname('-');
395  }
396  $user_obj->setEmail($this->messageParameters['lis_person_contact_email_primary']);
397 
398  $user_obj->setActive(true);
399 
400  $until = $user_obj->getTimeLimitUntil();
401 
402  if ($until < (time() + (int) $ilClientIniFile->readVariable('session', 'expire'))) {
403  $user_obj->setTimeLimitFrom(time() - 60);
404  $user_obj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
405  }
406  $user_obj->update();
407  $user_obj->refreshLogin();
408 
409  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
410  $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
411 
412  $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
413  return $user_obj->getId();
414  }
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
$DIC
global $DIC
Definition: shib_login.php:25
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $dataConnector

ilLTIDataConnector ilAuthProviderLTI::$dataConnector = null
private

Definition at line 30 of file class.ilAuthProviderLTI.php.

◆ $launchReturnUrl

string ilAuthProviderLTI::$launchReturnUrl = ""
protected

Definition at line 36 of file class.ilAuthProviderLTI.php.

Referenced by findGlobalRole().

◆ $logger

ilLogger ilAuthProviderLTI::$logger = null
private

Definition at line 38 of file class.ilAuthProviderLTI.php.

◆ $lti_context_id

string ilAuthProviderLTI::$lti_context_id = ""
private

Definition at line 31 of file class.ilAuthProviderLTI.php.

◆ $messageParameters

array ilAuthProviderLTI::$messageParameters = null
private

Definition at line 34 of file class.ilAuthProviderLTI.php.

◆ $provider

ilLTITool ilAuthProviderLTI::$provider = null
private

Definition at line 33 of file class.ilAuthProviderLTI.php.

◆ $ref_id

int ilAuthProviderLTI::$ref_id = 0
private

Definition at line 32 of file class.ilAuthProviderLTI.php.

Referenced by findGlobalRole().

◆ AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 29 of file class.ilAuthProviderLTI.php.

The documentation for this class was generated from the following file: