ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilAuthContainerSOAP.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24include_once 'Auth/Container/LDAP.php';
25include_once("./webservice/soap/lib/nusoap.php");
26
35class ilAuthContainerSOAP extends Auth_Container
36{
37 protected $server_host = null;
38 protected $server_port = null;
39 protected $server_uri = null;
40 protected $server_https = null;
41 protected $server_nms = null;
42 protected $use_dot_net = null;
43
44 protected $uri = null;
45
46 protected $client = null;
47 protected $response = null;
48
52 public function __construct()
53 {
54 $_POST['username'] = $_GET['ext_uid'];
55 $_POST['password'] = $_GET['soap_pw'];
56
57 parent::__construct();
58 $this->initClient();
59 }
60
65 public function initClient()
66 {
67 global $ilSetting;
68
69 $this->server_host = $ilSetting->get('soap_auth_server');
70 $this->server_port = $ilSetting->get('soap_auth_port');
71 $this->server_uri = $ilSetting->get('soap_auth_uri');
72 $this->server_https = $ilSetting->get('soap_auth_use_https');
73 $this->server_nms = $ilSetting->get('soap_auth_namespace');
74 $this->use_dot_net = $ilSetting->get('use_dotnet');
75
76 $this->uri = $this->server_https ? 'https://' : 'http://';
77 $this->uri .= $this->server_host;
78
79 if($this->server_port > 0)
80 {
81 $this->uri .= (':'.$this->server_port);
82 }
83 if($this->server_uri)
84 {
85 $this->uri .= ('/'.$this->server_uri);
86 }
87 $this->client = new nusoap_client($this->uri);
88 }
89
97 public function fetchData($a_username,$a_password,$isChallengeResponse = false)
98 {
99 $GLOBALS['ilLog']->write(__METHOD__.': Soap auth fetch data');
100
101 // check whether external user exists in ILIAS database
102 $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
103
104 if ($local_user == "")
105 {
106 $new_user = true;
107 }
108 else
109 {
110 $new_user = false;
111 }
112
113 $soapAction = "";
114 $nspref = "";
115 if ($this->use_dotnet)
116 {
117 $soapAction = $this->server_nms."/isValidSession";
118 $nspref = "ns1:";
119 }
120 $valid = $this->client->call('isValidSession',
121 array($nspref.'ext_uid' => $a_username,
122 $nspref.'soap_pw' => $a_password,
123 $nspref.'new_user' => $new_user),
124 $this->server_nms,
125 $soapAction);
126//echo "<br>== Request ==";
127//echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
128//echo "<br>== Response ==";
129//echo "<br>Valid: -".$valid["valid"]."-";
130//echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
131
132 if (trim($valid["valid"]) == "false")
133 {
134 $valid["valid"] = false;
135 }
136
137 // to do check SOAP error!?
138 $valid["local_user"] = $local_user;
139 $this->response = $valid;
140 return $valid['valid'] == true;
141 }
142
149 public function loginObserver($a_username,$a_auth)
150 {
151 global $ilias, $rbacadmin, $lng, $ilSetting;
152
153 $GLOBALS['ilLog']->write(__METHOD__.': SOAP login observer called');
154
155
156 // TODO: handle passed credentials via GET
157 /*
158 if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
159 {
160 $this->status = AUTH_WRONG_LOGIN;
161 return;
162 }
163 */
164
165 // Not required anymore
166 /*
167 $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
168
169 if (!$validation_data["valid"])
170 {
171 $this->status = AUTH_WRONG_LOGIN;
172 return;
173 }
174 */
175
176 $local_user = $this->response["local_user"];
177 if ($local_user != "")
178 {
179 // to do: handle update of user
180 $a_auth->setAuth($local_user);
181 return true;
182 }
183 if(!$ilSetting->get("soap_auth_create_users"))
184 {
185 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
186 $a_auth->logout();
187 return false;
188 }
189//echo "1";
190 // try to map external user via e-mail to ILIAS user
191 if ($this->response["email"] != "")
192 {
193//echo "2";
194//var_dump ($_POST);
195 $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
196
197 // check, if password has been provided in user mapping screen
198 // (see ilStartUpGUI::showUserMappingSelection)
199 // FIXME
200 if ($_POST["LoginMappedUser"] != "")
201 {
202 if (count($email_user) > 0)
203 {
204 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
205 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
206 if(ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"])))
207 {
208 // password is correct -> map user
209 //$this->setAuth($local_user); (use login not id)
210 ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
211 ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
212 $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
213 $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
214 $a_auth->status = '';
215 $a_auth->setAuth($local_user);
216 return true;
217 }
218 else
219 {
220//echo "6"; exit;
221
222 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
223 $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
224 $a_auth->logout();
225 return false;
226 }
227 }
228 }
229
230 if (count($email_user) > 0 && $_POST["CreateUser"] == "")
231 {
232 $_GET["email"] = $this->response["email"];
233 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
234 $a_auth->logout();
235 return false;
236 }
237 }
238
239 $userObj = new ilObjUser();
240 $local_user = ilAuthUtils::_generateLogin($a_username);
241
242 $newUser["firstname"] = $this->response["firstname"];
243 $newUser["lastname"] = $this->response["lastname"];
244 $newUser["email"] = $this->response["email"];
245
246 $newUser["login"] = $local_user;
247
248 // to do: set valid password and send mail
249 $newUser["passwd"] = "";
250 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
251
252 // generate password, if local authentication is allowed
253 // and account mail is activated
254 $pw = "";
255
256 if ($ilSetting->get("soap_auth_allow_local") &&
257 $ilSetting->get("soap_auth_account_mail"))
258 {
259 $pw = ilUtil::generatePasswords(1);
260 $pw = $pw[0];
261 $newUser["passwd"] = $pw;
262 $newUser["passwd_type"] = IL_PASSWD_PLAIN;
263 }
264
265 //$newUser["gender"] = "m";
266 $newUser["auth_mode"] = "soap";
267 $newUser["ext_account"] = $a_username;
268 $newUser["profile_incomplete"] = 1;
269
270 // system data
271 $userObj->assignData($newUser);
272 $userObj->setTitle($userObj->getFullname());
273 $userObj->setDescription($userObj->getEmail());
274
275 // set user language to system language
276 $userObj->setLanguage($lng->lang_default);
277
278 // Time limit
279 $userObj->setTimeLimitOwner(7);
280 $userObj->setTimeLimitUnlimited(1);
281 $userObj->setTimeLimitFrom(time());
282 $userObj->setTimeLimitUntil(time());
283
284 // Create user in DB
285 $userObj->setOwner(0);
286 $userObj->create();
287 $userObj->setActive(1);
288
289 $userObj->updateOwner();
290
291 //insert user data in table user_data
292 $userObj->saveAsNew(false);
293
294 // setup user preferences
295 $userObj->writePrefs();
296
297 // to do: test this
298 $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
299
300 // send account mail
301 if ($ilSetting->get("soap_auth_account_mail"))
302 {
303 include_once('./Services/User/classes/class.ilObjUserFolder.php');
304 $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
305 if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
306 {
307 include_once("Services/Mail/classes/class.ilAccountMail.php");
308 $acc_mail = new ilAccountMail();
309
310 if ($pw != "")
311 {
312 $acc_mail->setUserPassword($pw);
313 }
314 $acc_mail->setUser($userObj);
315 $acc_mail->send();
316 }
317 }
318
319 unset($userObj);
320 $a_auth->setAuth($local_user);
321 return true;
322 }
323}
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
Auth_Container
Definition: Container.php:40
Auth_Container\verifyPassword
verifyPassword($password1, $password2, $cryptType="md5")
Crypt and verfiy the entered password.
Definition: Container.php:101
AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
Definition: class.ilAuthUtils.php:41
AUTH_SOAP_NO_ILIAS_USER
const AUTH_SOAP_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:26
IL_PASSWD_PLAIN
const IL_PASSWD_PLAIN
Definition: class.ilObjUser.php:4
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAccountMail
Class ilAccountMail.
Definition: class.ilAccountMail.php:14
ilAuthContainerSOAP
@classDescription Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:36
ilAuthContainerSOAP\loginObserver
loginObserver($a_username, $a_auth)
Called after login and successful call of fetch data.
Definition: class.ilAuthContainerSOAP.php:149
ilAuthContainerSOAP\fetchData
fetchData($a_username, $a_password, $isChallengeResponse=false)
Call is isValidSession of soap server.
Definition: class.ilAuthContainerSOAP.php:97
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
ilObjUser\_writeExternalAccount
_writeExternalAccount($a_usr_id, $a_ext_id)
Definition: class.ilObjUser.php:2046
ilObjUser\_lookupLogin
_lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:808
ilObjUser\_writeAuthMode
_writeAuthMode($a_usr_id, $a_auth_mode)
Definition: class.ilObjUser.php:2056
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
ilObjUser\_getLocalAccountsForEmail
_getLocalAccountsForEmail($a_email)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3838
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilUserPasswordManager\getInstance
static getInstance()
Single method to reduce footprint (included files, created instances)
Definition: class.ilUserPasswordManager.php:77
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3962
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2673
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7059
$_POST
$_POST['username']
Definition: cron.php:12
$valid
$valid
Definition: dummy_client.php:53
$new_user
$new_user
Definition: dummy_client.php:24
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$lng
global $lng
Definition: privfeed.php:40
$ilSetting
global $ilSetting
Definition: privfeed.php:40