ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilAuthProviderLTI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
27 class ilAuthProviderLTI extends \ilAuthProvider implements \ilAuthProviderInterface
28 {
29  public const AUTH_MODE_PREFIX = 'lti';
30  private ?ilLTIDataConnector $dataConnector = null;
31  private string $lti_context_id = "";
32  private int $ref_id = 0;
33  private ?ilLTITool $provider = null;
34  private ?array $messageParameters = null;
35 
36  protected string $launchReturnUrl = "";
37 
38  private ?ilLogger $logger = null;
39 
43  public function __construct(ilAuthCredentials $credentials)
44  {
45  parent::__construct($credentials);
46  $this->logger = ilLoggerFactory::getLogger('ltis');
47  }
48 
54  public static function getAuthModeByKey(string $a_auth_key): string
55  {
56  $auth_arr = explode('_', $a_auth_key);
57  if (count($auth_arr) > 1) {
58  return 'lti_' . $auth_arr[1];
59  }
60  return 'lti';
61  }
62 
68  public static function getKeyByAuthMode(string $a_auth_mode)
69  {
70  $auth_arr = explode('_', $a_auth_mode);
71  if (count($auth_arr) > 1) {
72  return ilAuthUtils::AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
73  }
74  return ilAuthUtils::AUTH_PROVIDER_LTI;
75  }
76 
81  public static function getActiveAuthModes(): array
82  {
83  global $ilDB;
84 
85  // move to connector
86  $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
87  $res = $ilDB->query($query);
88 
89  $sids = array();
90  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
91  $sids[] = $row->consumer_pk;
92  }
93  return $sids;
94  }
95 
99  public static function getAuthModes(): array
100  {
101  global $ilDB;
102 
103  // move to connector
104  $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
105  $res = $ilDB->query($query);
106 
107  $sids = array();
108  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
109  $sids[] = $row->consumer_pk;
110  }
111  return $sids;
112  }
113 
119  public static function lookupConsumer(int $a_sid): string
120  {
121  $connector = new ilLTIDataConnector();
122  $consumer = ilLTIPlatform::fromRecordId($a_sid, $connector);
123  return $consumer->getTitle();
124  }
125 
131  public static function getServerIdByAuthMode(string $a_auth_mode): ?int
132  {
133  if (self::isAuthModeLTI($a_auth_mode)) {
134  $auth_arr = explode('_', $a_auth_mode);
135  return (int) $auth_arr[1];
136  }
137  return null;
138  }
139 
145  public static function isAuthModeLTI(string $a_auth_mode): bool
146  {
147  if (!$a_auth_mode) {
148  ilLoggerFactory::getLogger('ltis')->warning('No auth mode given.');
149  return false;
150  }
151  $auth_arr = explode('_', $a_auth_mode);
152  return ($auth_arr[0] == ilAuthUtils::AUTH_PROVIDER_LTI) and $auth_arr[1];
153  }
154 
160  protected function findAuthKeyId(string $a_oauth_consumer_key): int
161  {
162  global $ilDB;
163 
164  $query = 'SELECT consumer_pk from lti2_consumer where consumer_key = ' . $ilDB->quote(
165  $a_oauth_consumer_key,
166  'text'
167  );
168  // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
169  $this->getLogger()->debug($query);
170  $res = $ilDB->query($query);
171 
172  $lti_id = 0;
173  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
174  $lti_id = $row->consumer_pk;
175  // $lti_id = $row->id;
176  }
177  $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
178  return $lti_id;
179  }
180 
186  protected function findAuthPrefix(int $a_lti_id): string
187  {
188  global $ilDB;
189 
190  $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
191  $this->getLogger()->debug($query);
192  $res = $ilDB->query($query);
193 
194  // $prefix = 'lti'.$a_lti_id.'_';
195  $prefix = '';
196  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
197  $prefix = $row->prefix;
198  }
199  $this->getLogger()->debug('LTI prefix: ' . $prefix);
200  return $prefix;
201  }
202 
208  protected function findGlobalRole(int $a_lti_id): ?int
209  {
210  global $ilDB;
211 
212  $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
213  $this->getLogger()->debug($query);
214  $res = $ilDB->query($query);
215 
216  $role = null;
217  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
218  $role = (int) $row->role;
219  }
220  $this->getLogger()->debug('LTI role: ' . $role);
221  return $role;
222  }
223 
231  public function doAuthentication(\ilAuthStatus $status): bool
232  {
233  global $DIC;
234  $post = [];
235 
236  $lti_provider = new ilLTITool(new ilLTIDataConnector());
237 
238  if ($DIC->http()->wrapper()->post()->has('launch_presentation_return_url')) {
239  $this->launchReturnUrl = $DIC->http()->wrapper()->post()->retrieve('launch_presentation_return_url', $DIC->refinery()->kindlyTo()->string());
240  setcookie("launch_presentation_return_url", $this->launchReturnUrl, time() + 86400, "/", "", true, true);
241  $this->logger->info("Setting launch_presentation_return_url in cookie storage " . $this->launchReturnUrl);
242  }
243  $lti_provider->handleRequest();
244  $this->provider = $lti_provider;
245  $this->messageParameters = $this->provider->getMessageParameters();
246 
247  if (!$DIC->http()->wrapper()->post()->has('launch_presentation_return_url')) {
248  $this->launchReturnUrl = $_COOKIE['launch_presentation_return_url'] ?? "";
249  $this->logger->info("Catching launch_presentation_return_url from cookies" . $this->launchReturnUrl);
250  $post["launch_presentation_return_url"] = $this->launchReturnUrl;
251  }
252 
253  if (!$lti_provider->ok) {
254  $this->getLogger()->info('LTI authentication failed with message: ' . $lti_provider->reason);
255  $status->setReason($lti_provider->reason);
256  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
257  return false;
258  } else {
259  $this->getLogger()->debug('LTI authentication success');
260  }
261 
262  if (empty($this->messageParameters)) {
263  $status->setReason('empty_lti_message_parameters');
264  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
265  return false;
266  }
267 
268  $platform = ilLTIPlatform::fromConsumerKey($this->provider->platform->getKey(), $this->provider->platform->getDataConnector());
269  ilSession::clear("lti_context_ids");
270  $this->ref_id = $platform->getRefId();
271 
272  $lti_context_ids = ilSession::get('lti_context_ids');
273 
274  if (isset($lti_context_ids) && is_array($lti_context_ids)) {
275  if (!in_array($this->ref_id, $lti_context_ids)) {
276  $this->getLogger()->debug("push new lti ref_id: " . $this->ref_id);
277  $lti_context_ids[] = $this->ref_id;
278  ilSession::set('lti_context_ids', $lti_context_ids);
279  $this->getLogger()->debug((string) var_export(ilSession::get('lti_context_ids'), true));
280  }
281  } else {
282  $this->getLogger()->debug("lti_context_ids is not set. Create new array...");
283  ilSession::set('lti_context_ids', [$this->ref_id]);
284  $this->getLogger()->debug((string) var_export(ilSession::get('lti_context_ids'), true));
285  }
286 
287  if (!empty($this->messageParameters['launch_presentation_return_url'])) {
288  $post['launch_presentation_return_url'] = $this->messageParameters['launch_presentation_return_url'];
289  }
290  if (!empty($this->messageParameters['launch_presentation_css_url'])) {
291  $post['launch_presentation_css_url'] = $this->messageParameters['launch_presentation_css_url'];
292  }
293  if (!empty($this->messageParameters['resource_link_title'])) {
294  $post['resource_link_title'] = $this->messageParameters['resource_link_title'];
295  }
296 
297  ilSession::set('lti_' . $this->ref_id . '_post_data', $post);
298 
300  $obj_definition = $DIC["objDefinition"];
301 
302  ilSession::set('lti_init_target', $obj_definition->getClassName(ilObject::_lookupType($this->ref_id, true)) . '_' . $this->ref_id);
303 
304  if (!$platform->enabled) {
305  $this->getLogger()->warning('Consumer is not enabled');
306  $status->setReason('lti_consumer_inactive');
307  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
308  return false;
309  }
310 
311  if (!$platform->getActive()) {
312  $this->getLogger()->warning('Consumer is not active');
313  $status->setReason('lti_consumer_inactive');
314  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
315  return false;
316  }
317 
318  $lti_id = $platform->getExtConsumerId();
319  if (!$lti_id) {
320  $status->setReason('lti_auth_failed_invalid_key');
321  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
322  return false;
323  }
324 
325  $this->getLogger()->debug('Using prefix:' . $platform->getPrefix());
326 
327  $this->getCredentials()->setUsername($this->messageParameters['user_id']);
328 
329  $internal_account = $this->findUserId(
330  $this->getCredentials()->getUsername(),
331  (string) $lti_id,
332  $platform->getPrefix()
333  );
334 
335  if ($internal_account) {
336  $this->updateUser($internal_account, $platform);
337  } else {
338  $internal_account = $this->createUser($platform);
339  }
340 
341  $this->handleLocalRoleAssignments($internal_account, $platform, $this->ref_id);
342 
343  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
344  $status->setAuthenticatedUserId($internal_account);
345 
346  return true;
347  }
348 
356  protected function findUserId(string $a_oauth_user, string $a_oauth_id, string $a_user_prefix): int
357  {
358  $user_name = ilObjUser::_checkExternalAuthAccount(
359  self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
360  $a_oauth_user
361  );
362  $user_id = 0;
363  if ($user_name) {
364  $user_id = ilObjUser::_lookupId($user_name);
365  }
366  $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
367  return $user_id;
368  }
369 
377  protected function updateUser(int $a_local_user_id, ilLTIPlatform $consumer): int
378  {
379  global $ilClientIniFile, $DIC;
380  // if (empty($this->messageParameters)) {
381  // $status->setReason('empty_lti_message_parameters');
382  // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
383  // return false;
384  // }
385  $user_obj = new ilObjUser($a_local_user_id);
386  if (isset($this->messageParameters['lis_person_name_given'])) {
387  $user_obj->setFirstname($this->messageParameters['lis_person_name_given']);
388  } else {
389  $user_obj->setFirstname('-');
390  }
391  if (isset($this->messageParameters['lis_person_name_family'])) {
392  $user_obj->setLastname($this->messageParameters['lis_person_name_family']);
393  } else {
394  $user_obj->setLastname('-');
395  }
396  $user_obj->setEmail($this->messageParameters['lis_person_contact_email_primary']);
397 
398  $user_obj->setActive(true);
399 
400  $until = $user_obj->getTimeLimitUntil();
401 
402  if ($until < (time() + (int) $ilClientIniFile->readVariable('session', 'expire'))) {
403  $user_obj->setTimeLimitFrom(time() - 60);
404  $user_obj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
405  }
406  $user_obj->update();
407  $user_obj->refreshLogin();
408 
409  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
410  $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
411 
412  $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
413  return $user_obj->getId();
414  }
415 
424  protected function createUser(ilLTIPlatform $consumer): int
425  {
426  global $ilClientIniFile, $DIC;
427  // if (empty($this->messageParameters)) {
428  // $status->setReason('empty_lti_message_parameters');
429  // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
430  // return false;
431  // }
432  $userObj = new ilObjUser();
433  $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
434 
435  $newUser["login"] = $local_user;
436  if (isset($this->messageParameters['lis_person_name_given'])) {
437  $newUser["firstname"] = $this->messageParameters['lis_person_name_given'];
438  } else {
439  $newUser["firstname"] = '-';
440  }
441  if (isset($this->messageParameters['lis_person_name_family'])) {
442  $newUser["lastname"] = $this->messageParameters['lis_person_name_family'];
443  } else {
444  $newUser["lastname"] = '-';
445  }
446  $newUser['email'] = $this->messageParameters['lis_person_contact_email_primary'];
447 
448  // set "plain md5" password (= no valid password)
449  // $newUser["passwd"] = "";
450  $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
451 
452  $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
453  $newUser['ext_account'] = $this->getCredentials()->getUsername();
454  $newUser["profile_incomplete"] = 0;
455 
456  // ILIAS 8
457  //check
458  $newUser["gender"] = 'n';
459  $newUser["title"] = null;
460  $newUser["birthday"] = null;
461  $newUser["institution"] = null;
462  $newUser["department"] = null;
463  $newUser["street"] = null;
464  $newUser["city"] = null;
465  $newUser["zipcode"] = null;
466  $newUser["country"] = null;
467  $newUser["sel_country"] = null;
468  $newUser["phone_office"] = null;
469  $newUser["phone_home"] = null;
470  $newUser["phone_mobile"] = null;
471  $newUser["fax"] = null;
472  $newUser["matriculation"] = null;
473  $newUser["second_email"] = null;
474  $newUser["hobby"] = null;
475  $newUser["client_ip"] = null;
476  $newUser["passwd_salt"] = null;//$newUser->getPasswordSalt();
477  $newUser["latitude"] = null;
478  $newUser["longitude"] = null;
479  $newUser["loc_zoom"] = null;
480  $newUser["last_login"] = null;
481  $newUser["first_login"] = null;
482  $newUser["last_profile_prompt"] = null;
483  $newUser["last_update"] = ilUtil::now();
484  $newUser["create_date"] = ilUtil::now();
485  $newUser["referral_comment"] = null;
486  $newUser["approve_date"] = null;
487  $newUser["agree_date"] = null;
488  $newUser["inactivation_date"] = null;
489  $newUser["time_limit_from"] = null;
490  $newUser["time_limit_until"] = null;
491  $newUser["is_self_registered"] = null;
492  //end to check
493 
494  $newUser["passwd_enc_type"] = "";
495  $newUser["active"] = true;
496  $newUser["time_limit_owner"] = 7;
497  $newUser["time_limit_unlimited"] = 0;
498  $newUser["time_limit_message"] = 0;
499  $newUser["passwd"] = " ";
500  // $newUser["last_update"]
501 
502  // system data
503  $userObj->assignData($newUser);
504  $userObj->setTitle($userObj->getFullname());
505  $userObj->setDescription($userObj->getEmail());
506 
507  // set user language
508  $userObj->setLanguage($consumer->getLanguage());
509 
510  // Time limit
511  $userObj->setTimeLimitOwner(7);
512  $userObj->setTimeLimitUnlimited(false);
513  $userObj->setTimeLimitFrom(time() - 5);
514  // todo ?
515  $userObj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
516 
517  // Create user in DB
518  $userObj->setOwner(6);
519  $userObj->create();
520  $userObj->setActive(true);
521  // $userObj->updateOwner();
522  $userObj->setLastPasswordChangeTS(time());
523  $userObj->saveAsNew();
524  $userObj->writePrefs();
525 
526  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
527 
528  $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
529  return $userObj->getId();
530  }
531 
532  protected function handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id = null): bool
533  {
534  global $DIC;
535  $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
536  if (!$target_ref_id) {
537  $this->getLogger()->warning('No target id given');
538  return false;
539  }
540 
541  $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
542 
543  $roles = $this->messageParameters['roles'] ?? '';
544 
545  if (!is_string($roles) || empty($roles)) {
546  $this->getLogger()->warning('No role information given or invalid role format.');
547  return false;
548  }
549 
550  $this->getLogger()->info("Deassigning all roles for user: " . $user_id);
551  $DIC->rbac()->admin()->deassignUser($obj_settings->getTutorRole(), $user_id);
552  $DIC->rbac()->admin()->deassignUser($obj_settings->getMemberRole(), $user_id);
553  $DIC->rbac()->admin()->deassignUser($obj_settings->getAdminRole(), $user_id);
554 
555  $role_arr = is_array($roles) ? $roles : explode(',', $roles);
556 
557  $this->getLogger()->info('Recieved roles: ' . implode(', ', $role_arr));
558 
559  $tree = $DIC->repositoryTree();
560  $parent = $tree->getParentId($target_ref_id);
561  if ($parent != 1) {
562  $this->handleLocalRoleAssignments($user_id, $consumer, $parent, $obj_settings->getMemberRole());
563  }
564  foreach ($role_arr as $role) {
565  $role = trim($role);
566  $local_role_id = $this->mapLTIRoleToLocalRole($role, $obj_settings) == 0 && $default_rol_id != null ? $default_rol_id : $this->mapLTIRoleToLocalRole($role, $obj_settings);
567  if (isset($local_role_id)) {
568  $this->getLogger()->info('Assigning local role ID: ' . $local_role_id . ' for LTI role: ' . $role . ' to user ID: ' . $user_id);
569  $DIC->rbac()->admin()->assignUser($local_role_id, $user_id);
570  } else {
571  $this->getLogger()->info('No local role mapping found for LTI role: ' . $role);
572  }
573  }
574 
575  return true;
576  }
577 
585  protected function mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings): ?int
586  {
587  // Prioritize more specific roles (sub-roles)
588  $role_map = [
589  // System Roles
590  'http://purl.imsglobal.org/vocab/lti/system/person#TestUser' => null, // Example: No mapping for TestUser
591  'http://purl.imsglobal.org/vocab/lis/v2/system/person#Administrator' => $settings->getAdminRole(),
592  'http://purl.imsglobal.org/vocab/lis/v2/system/person#None' => null,
593  'http://purl.imsglobal.org/vocab/lis/v2/system/person#AccountAdmin' => null, // No direct mapping
594  'http://purl.imsglobal.org/vocab/lis/v2/system/person#Creator' => null, // No direct mapping
595  'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysAdmin' => null, // No direct mapping
596  'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysSupport' => null, // No direct mapping
597  'http://purl.imsglobal.org/vocab/lis/v2/system/person#User' => null, // No direct mapping
598 
599  // Institution Roles
600  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' => $settings->getAdminRole(),
601  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Faculty' => $settings->getTutorRole(),
602  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Guest' => null, // No direct mapping
603  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#None' => null,
604  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other' => null, // No direct mapping
605  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Staff' => null, // No direct mapping
606  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Student' => $settings->getMemberRole(),
607  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Alumni' => null, // No direct mapping
608  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor' => $settings->getTutorRole(),
609  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Learner' => $settings->getMemberRole(),
610  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Member' => $settings->getMemberRole(),
611  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Mentor' => null, // No direct mapping
612  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Observer' => null, // No direct mapping
613  'http://purl.imsglobal.org/vocab/lis/v2/institution/person#ProspectiveStudent' => null, // No direct mapping
614 
615  // Context Roles (Main)
616  'http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator' => $settings->getAdminRole(),
617  'http://purl.imsglobal.org/vocab/lis/v2/membership#ContentDeveloper' => null, // No direct mapping
618  'http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor' => $settings->getTutorRole(),
619  'http://purl.imsglobal.org/vocab/lis/v2/membership#Learner' => $settings->getMemberRole(),
620  'http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor' => null, // No direct mapping
621  'http://purl.imsglobal.org/vocab/lis/v2/membership#Manager' => $settings->getAdminRole(), // Potentially map to admin
622  'http://purl.imsglobal.org/vocab/lis/v2/membership#Member' => $settings->getMemberRole(),
623  'http://purl.imsglobal.org/vocab/lis/v2/membership#Officer' => null, // No direct mapping
624 
625  // Context Sub-Roles (TeachingAssistant)
626  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistant' => $settings->getTutorRole(),
627  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantGroup' => $settings->getTutorRole(),
628  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantOffering' => $settings->getTutorRole(),
629  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSection' => $settings->getTutorRole(),
630  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSectionAssociation' => $settings->getTutorRole(),
631  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantTemplate' => $settings->getTutorRole(),
632  // Context Sub-Roles (Grader)
633  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Grader' => $settings->getTutorRole(), // Map Grader to Tutor
634  // Context Sub-Roles (GuestInstructor, Lecturer, PrimaryInstructor, SecondaryInstructor)
635  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#GuestInstructor' => $settings->getTutorRole(),
636  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Lecturer' => $settings->getTutorRole(),
637  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#PrimaryInstructor' => $settings->getTutorRole(),
638  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#SecondaryInstructor' => $settings->getTutorRole(),
639  // Context Sub-Roles (ExternalInstructor)
640  'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#ExternalInstructor' => $settings->getTutorRole(),
641 
642  // Context Sub-Roles (ExternalLearner, GuestLearner, Learner, NonCreditLearner)
643  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#ExternalLearner' => $settings->getMemberRole(),
644  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#GuestLearner' => $settings->getMemberRole(),
645  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#Learner' => $settings->getMemberRole(),
646  'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#NonCreditLearner' => $settings->getMemberRole(),
647 
648  // Context Sub-Roles (AreaManager, CourseCoordinator, ExternalObserver, Manager, Observer)
649  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#AreaManager' => $settings->getAdminRole(),
650  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#CourseCoordinator' => null,
651  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#ExternalObserver' => null,
652  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Manager' => $settings->getAdminRole(),
653  'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Observer' => null,
654 
655  // Context Sub-Roles (Advisor, Auditor, ExternalAdvisor, ExternalAuditor, ExternalLearningFacilitator, ExternalMentor, ExternalReviewer, ExternalTutor, LearningFacilitator, Mentor, Reviewer, Tutor)
656  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Advisor' => null,
657  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Auditor' => null,
658  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAdvisor' => null,
659  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAuditor' => null,
660  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalLearningFacilitator' => null,
661  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor' => null,
662  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalReviewer' => null,
663  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalTutor' => null,
664  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#LearningFacilitator' => null,
665  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Mentor' => null,
666  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Reviewer' => null,
667  'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Tutor' => $settings->getTutorRole(), // Map Tutor to Tutor
668 
669  // Context Sub-Roles (Chair, Communications, Secretary, Treasurer, Vice-Chair)
670  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Chair' => null,
671  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Communications' => null,
672  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Secretary' => null,
673  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Treasurer' => null,
674  'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Vice-Chair' => null,
675 
676  // Context Sub-Roles (ContentDeveloper, ContentExpert, ExternalContentExpert, Librarian)
677  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentDeveloper' => null,
678  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentExpert' => null,
679  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ExternalContentExpert' => null,
680  'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#Librarian' => null,
681 
682  // Context Sub-Roles (Member)
683  'http://purl.imsglobal.org/vocab/lis/v2/membership/Member#Member' => $settings->getMemberRole(),
684 
685  // Context Sub-Roles (Administrator, Developer, ExternalDeveloper, ExternalSupport, ExternalSystemAdministrator, Support, SystemAdministrator)
686  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Administrator' => $settings->getAdminRole(),
687  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Developer' => null,
688  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalDeveloper' => null,
689  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSupport' => null,
690  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSystemAdministrator' => null,
691  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support' => null,
692  'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#SystemAdministrator' => null,
693  ];
694 
695  // LTI 1.0/1.1 simple names (supported for backward compatibility)
696  $simple_name_map = [
697  'Instructor' => $settings->getTutorRole(),
698  'Learner' => $settings->getMemberRole(),
699  'ContentDeveloper' => null,
700  'Administrator' => $settings->getAdminRole(),
701  'Mentor' => null,
702  'Manager' => $settings->getAdminRole(),
703  'Member' => $settings->getMemberRole(),
704  'Officer' => null,
705  ];
706 
707 
708  if (isset($role_map[$lti_role])) {
709  return $role_map[$lti_role];
710  } elseif (isset($simple_name_map[$lti_role])) {
711  // Check for simple names
712  return $simple_name_map[$lti_role];
713  }
714 
715  return null;
716  }
717 
718 }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
$res
$res
Definition: ltiservices.php:69
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:54
ilAuthProviderLTI\updateUser
updateUser(int $a_local_user_id, ilLTIPlatform $consumer)
update existing user protected
Definition: class.ilAuthProviderLTI.php:377
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:373
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
ilAuthProviderLTI\isAuthModeLTI
static isAuthModeLTI(string $a_auth_mode)
Check if user auth mode is LTI.
Definition: class.ilAuthProviderLTI.php:145
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:68
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:131
ilAuthProviderLTI\$dataConnector
ilLTIDataConnector $dataConnector
Definition: class.ilAuthProviderLTI.php:30
ilLTITool
LTI provider for LTI launch.
Definition: class.ilLTITool.php:32
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:119
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
ilAuthProviderLTI\__construct
__construct(ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderLTI.php:43
ilUtil\now
static now()
Return current timestamp in Y-m-d H:i:s format.
Definition: class.ilUtil.php:1016
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:27
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:27
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:81
ilAuthProviderLTI\createUser
createUser(ilLTIPlatform $consumer)
create new user protected
Definition: class.ilAuthProviderLTI.php:424
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
ilLTIPlatform
LTI provider for LTI launch.
Definition: class.ilLTIPlatform.php:32
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
$DIC
global $DIC
Definition: shib_login.php:25
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthProviderLTI
OAuth based lti authentication.
Definition: class.ilAuthProviderLTI.php:27
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:39
ilAuthProviderLTI\findGlobalRole
findGlobalRole(int $a_lti_id)
find global role of consumer
Definition: class.ilAuthProviderLTI.php:208
ilLTIPlatform\fromRecordId
static fromRecordId(int|string $id, DataConnector $dataConnector)
Load the platform from the database by its record ID.
Definition: class.ilLTIPlatform.php:315
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilAuthProviderLTI\findAuthKeyId
findAuthKeyId(string $a_oauth_consumer_key)
find consumer key id
Definition: class.ilAuthProviderLTI.php:160
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilAuthProviderLTI\findAuthPrefix
findAuthPrefix(int $a_lti_id)
find lti id
Definition: class.ilAuthProviderLTI.php:186
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52
ilAuthProviderInterface\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1085
$post
$post
Definition: ltitoken.php:46
ilAuthProviderLTI\mapLTIRoleToLocalRole
mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings)
Maps an LTI role (URI or simple name) to a local ILIAS role ID.
Definition: class.ilAuthProviderLTI.php:585
ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:414
ilAuthProviderLTI\handleLocalRoleAssignments
handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
Definition: class.ilAuthProviderLTI.php:532
ilLTIPlatform\fromConsumerKey
static fromConsumerKey(?string $key=null, $dataConnector=null, bool $autoEnable=false)
Load the platform from the database by its consumer key.
Definition: class.ilLTIPlatform.php:298
ilAuthProviderLTI\findUserId
findUserId(string $a_oauth_user, string $a_oauth_id, string $a_user_prefix)
Find user by auth mode and lti id.
Definition: class.ilAuthProviderLTI.php:356
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393