ILIAS  release_4-4 Revision
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Protected Attributes
ilAuthContainerSOAP Class Reference

Authentication against external SOAP server More...

+ Inheritance diagram for ilAuthContainerSOAP:
+ Collaboration diagram for ilAuthContainerSOAP:

Public Member Functions

 __construct ()
 Constructor. More...
 
 initClient ()
 Init soap client. More...
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 Call is isValidSession of soap server. More...
 
 loginObserver ($a_username, $a_auth)
 Called after login and successful call of fetch data. More...
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Protected Attributes

 $server_host = null
 
 $server_port = null
 
 $server_uri = null
 
 $server_https = null
 
 $server_nms = null
 
 $use_dot_net = null
 
 $uri = null
 
 $client = null
 
 $response = null
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

Authentication against external SOAP server

Todo:
This class should inherit either from Auth_Container_SOAP or Auth_Container_SOAP5
Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$id$

Definition at line 35 of file class.ilAuthContainerSOAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerSOAP::__construct ( )

Constructor.

Definition at line 52 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, and initClient().

53  {
54  $_POST['username'] = $_GET['ext_uid'];
55  $_POST['password'] = $_GET['soap_pw'];
56 
57  parent::__construct();
58  $this->initClient();
59  }
ilAuthContainerSOAP\initClient
initClient()
Init soap client.
Definition: class.ilAuthContainerSOAP.php:65
$_POST
$_POST['username']
Definition: cron.php:12
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerSOAP::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)

Call is isValidSession of soap server.

Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Definition at line 97 of file class.ilAuthContainerSOAP.php.

References $GLOBALS, $new_user, $valid, and ilObjUser\_checkExternalAuthAccount().

98  {
99  $GLOBALS['ilLog']->write(__METHOD__.': Soap auth fetch data');
100 
101  // check whether external user exists in ILIAS database
102  $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
103 
104  if ($local_user == "")
105  {
106  $new_user = true;
107  }
108  else
109  {
110  $new_user = false;
111  }
112 
113  $soapAction = "";
114  $nspref = "";
115  if ($this->use_dotnet)
116  {
117  $soapAction = $this->server_nms."/isValidSession";
118  $nspref = "ns1:";
119  }
120  $valid = $this->client->call('isValidSession',
121  array($nspref.'ext_uid' => $a_username,
122  $nspref.'soap_pw' => $a_password,
123  $nspref.'new_user' => $new_user),
124  $this->server_nms,
125  $soapAction);
126 //echo "<br>== Request ==";
127 //echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
128 //echo "<br>== Response ==";
129 //echo "<br>Valid: -".$valid["valid"]."-";
130 //echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
131 
132  if (trim($valid["valid"]) == "false")
133  {
134  $valid["valid"] = false;
135  }
136 
137  // to do check SOAP error!?
138  $valid["local_user"] = $local_user;
139  $this->response = $valid;
140  return $valid['valid'] == true;
141  }
$valid
$valid
Definition: dummy_client.php:53
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$new_user
$new_user
Definition: dummy_client.php:24
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3803
+ Here is the call graph for this function:

◆ initClient()

ilAuthContainerSOAP::initClient ( )

Init soap client.

Returns

Definition at line 65 of file class.ilAuthContainerSOAP.php.

References $ilSetting, and $server_host.

Referenced by __construct().

66  {
67  global $ilSetting;
68 
69  $this->server_host = $ilSetting->get('soap_auth_server');
70  $this->server_port = $ilSetting->get('soap_auth_port');
71  $this->server_uri = $ilSetting->get('soap_auth_uri');
72  $this->server_https = $ilSetting->get('soap_auth_use_https');
73  $this->server_nms = $ilSetting->get('soap_auth_namespace');
74  $this->use_dot_net = $ilSetting->get('use_dotnet');
75 
76  $this->uri = $this->server_https ? 'https://' : 'http://';
77  $this->uri .= $this->server_host;
78 
79  if($this->server_port > 0)
80  {
81  $this->uri .= (':'.$this->server_port);
82  }
83  if($this->server_uri)
84  {
85  $this->uri .= ('/'.$this->server_uri);
86  }
87  $this->client = new nusoap_client($this->uri);
88  }
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7059
$ilSetting
global $ilSetting
Definition: privfeed.php:40
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerSOAP::loginObserver (   $a_username,
  $a_auth 
)

Called after login and successful call of fetch data.

Returns
Parameters
object$a_username
object$a_auth

Definition at line 149 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, $GLOBALS, $ilSetting, $lng, ilObjUser\_checkPassword(), ilAuthUtils\_generateLogin(), ilObjUser\_getLocalAccountsForEmail(), ilObjUser\_lookupLogin(), ilObjUserFolder\_lookupNewAccountMail(), ilObjUser\_writeAuthMode(), ilObjUser\_writeExternalAccount(), AUTH_SOAP_NO_ILIAS_USER, AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL, AUTH_WRONG_LOGIN, ilUtil\generatePasswords(), and IL_PASSWD_MD5.

150  {
151  global $ilias, $rbacadmin, $lng, $ilSetting;
152 
153  $GLOBALS['ilLog']->write(__METHOD__.': SOAP login observer called');
154 
155 
156  // TODO: handle passed credentials via GET
157  /*
158  if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
159  {
160  $this->status = AUTH_WRONG_LOGIN;
161  return;
162  }
163  */
164 
165  // Not required anymore
166  /*
167  $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
168 
169  if (!$validation_data["valid"])
170  {
171  $this->status = AUTH_WRONG_LOGIN;
172  return;
173  }
174  */
175 
176  $local_user = $this->response["local_user"];
177  if ($local_user != "")
178  {
179  // to do: handle update of user
180  $a_auth->setAuth($local_user);
181  return true;
182  }
183  if(!$ilSetting->get("soap_auth_create_users"))
184  {
185  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
186  $a_auth->logout();
187  return false;
188  }
189 //echo "1";
190  // try to map external user via e-mail to ILIAS user
191  if ($this->response["email"] != "")
192  {
193 //echo "2";
194 //var_dump ($_POST);
195  $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
196 
197  // check, if password has been provided in user mapping screen
198  // (see ilStartUpGUI::showUserMappingSelection)
199  // FIXME
200  if ($_POST["LoginMappedUser"] != "")
201  {
202  if (count($email_user) > 0)
203  {
204  if (ilObjUser::_checkPassword($_POST["usr_id"], $_POST["password"]))
205  {
206  // password is correct -> map user
207  //$this->setAuth($local_user); (use login not id)
208  ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
209  ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
210  $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
211  $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
212  $a_auth->status = '';
213  $a_auth->setAuth($local_user);
214  return true;
215  }
216  else
217  {
218 //echo "6"; exit;
219 
220  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
221  $a_auth->sub_status = AUTH_WRONG_LOGIN;
222  $a_auth->logout();
223  return false;
224  }
225  }
226  }
227 
228  if (count($email_user) > 0 && $_POST["CreateUser"] == "")
229  {
230  $_GET["email"] = $this->response["email"];
231  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
232  $a_auth->logout();
233  return false;
234  }
235  }
236 
237  $userObj = new ilObjUser();
238  $local_user = ilAuthUtils::_generateLogin($a_username);
239 
240  $newUser["firstname"] = $this->response["firstname"];
241  $newUser["lastname"] = $this->response["lastname"];
242  $newUser["email"] = $this->response["email"];
243 
244  $newUser["login"] = $local_user;
245 
246  // to do: set valid password and send mail
247  $newUser["passwd"] = "";
248  $newUser["passwd_type"] = IL_PASSWD_MD5;
249 
250  // generate password, if local authentication is allowed
251  // and account mail is activated
252  $pw = "";
253 
254  if ($ilSetting->get("soap_auth_allow_local") &&
255  $ilSetting->get("soap_auth_account_mail"))
256  {
257  $pw = ilUtil::generatePasswords(1);
258  $pw = $pw[0];
259  $newUser["passwd"] = md5($pw);
260  $newUser["passwd_type"] = IL_PASSWD_MD5;
261  }
262 
263  //$newUser["gender"] = "m";
264  $newUser["auth_mode"] = "soap";
265  $newUser["ext_account"] = $a_username;
266  $newUser["profile_incomplete"] = 1;
267 
268  // system data
269  $userObj->assignData($newUser);
270  $userObj->setTitle($userObj->getFullname());
271  $userObj->setDescription($userObj->getEmail());
272 
273  // set user language to system language
274  $userObj->setLanguage($lng->lang_default);
275 
276  // Time limit
277  $userObj->setTimeLimitOwner(7);
278  $userObj->setTimeLimitUnlimited(1);
279  $userObj->setTimeLimitFrom(time());
280  $userObj->setTimeLimitUntil(time());
281 
282  // Create user in DB
283  $userObj->setOwner(0);
284  $userObj->create();
285  $userObj->setActive(1);
286 
287  $userObj->updateOwner();
288 
289  //insert user data in table user_data
290  $userObj->saveAsNew(false);
291 
292  // setup user preferences
293  $userObj->writePrefs();
294 
295  // to do: test this
296  $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
297 
298  // send account mail
299  if ($ilSetting->get("soap_auth_account_mail"))
300  {
301  include_once('./Services/User/classes/class.ilObjUserFolder.php');
302  $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
303  if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
304  {
305  include_once("Services/Mail/classes/class.ilAccountMail.php");
306  $acc_mail = new ilAccountMail();
307 
308  if ($pw != "")
309  {
310  $acc_mail->setUserPassword($pw);
311  }
312  $acc_mail->setUser($userObj);
313  $acc_mail->send();
314  }
315  }
316 
317  unset($userObj);
318  $a_auth->setAuth($local_user);
319  return true;
320  }
$_POST
$_POST['username']
Definition: cron.php:12
ilObjUser\_getLocalAccountsForEmail
_getLocalAccountsForEmail($a_email)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3874
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3958
ilObjUser\_checkPassword
_checkPassword($a_usr_id, $a_pw)
Definition: class.ilObjUser.php:2050
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
AUTH_SOAP_NO_ILIAS_USER
const AUTH_SOAP_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:26
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
ilObjUser\_lookupLogin
_lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:754
AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
Definition: class.ilAuthUtils.php:41
ilObjUser\_writeExternalAccount
_writeExternalAccount($a_usr_id, $a_ext_id)
Definition: class.ilObjUser.php:2062
IL_PASSWD_MD5
const IL_PASSWD_MD5
Definition: class.ilObjUser.php:5
ilObjUser\_writeAuthMode
_writeAuthMode($a_usr_id, $a_auth_mode)
Definition: class.ilObjUser.php:2072
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$lng
global $lng
Definition: privfeed.php:40
ilAccountMail
Class ilAccountMail.
Definition: class.ilAccountMail.php:13
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
+ Here is the call graph for this function:

Field Documentation

◆ $client

ilAuthContainerSOAP::$client = null
protected

Definition at line 46 of file class.ilAuthContainerSOAP.php.

◆ $response

ilAuthContainerSOAP::$response = null
protected

Definition at line 47 of file class.ilAuthContainerSOAP.php.

◆ $server_host

ilAuthContainerSOAP::$server_host = null
protected

Definition at line 37 of file class.ilAuthContainerSOAP.php.

Referenced by initClient().

◆ $server_https

ilAuthContainerSOAP::$server_https = null
protected

Definition at line 40 of file class.ilAuthContainerSOAP.php.

◆ $server_nms

ilAuthContainerSOAP::$server_nms = null
protected

Definition at line 41 of file class.ilAuthContainerSOAP.php.

◆ $server_port

ilAuthContainerSOAP::$server_port = null
protected

Definition at line 38 of file class.ilAuthContainerSOAP.php.

◆ $server_uri

ilAuthContainerSOAP::$server_uri = null
protected

Definition at line 39 of file class.ilAuthContainerSOAP.php.

◆ $uri

ilAuthContainerSOAP::$uri = null
protected

Definition at line 44 of file class.ilAuthContainerSOAP.php.

◆ $use_dot_net

ilAuthContainerSOAP::$use_dot_net = null
protected

Definition at line 42 of file class.ilAuthContainerSOAP.php.

The documentation for this class was generated from the following file: