ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Public Member Functions | Protected Attributes
ilAuthContainerSOAP Class Reference

@classDescription Authentication against external SOAP server More...

+ Inheritance diagram for ilAuthContainerSOAP:
+ Collaboration diagram for ilAuthContainerSOAP:

Public Member Functions

 __construct ()
 Constructor. More...
 
 initClient ()
 Init soap client. More...
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 Call is isValidSession of soap server. More...
 
 loginObserver ($a_username, $a_auth)
 Called after login and successful call of fetch data. More...
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Protected Attributes

 $server_host = null
 
 $server_port = null
 
 $server_uri = null
 
 $server_https = null
 
 $server_nms = null
 
 $use_dot_net = null
 
 $uri = null
 
 $client = null
 
 $response = null
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

@classDescription Authentication against external SOAP server

Todo:
This class should inherit either from Auth_Container_SOAP or Auth_Container_SOAP5
Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$id$

Definition at line 35 of file class.ilAuthContainerSOAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerSOAP::__construct ( )

Constructor.

Definition at line 52 of file class.ilAuthContainerSOAP.php.

53 {
54 $_POST['username'] = $_GET['ext_uid'];
55 $_POST['password'] = $_GET['soap_pw'];
56
57 parent::__construct();
58 $this->initClient();
59 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST['username']
Definition: cron.php:12

References $_GET, $_POST, and initClient().

+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerSOAP::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)

Call is isValidSession of soap server.

Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Reimplemented from Auth_Container.

Definition at line 97 of file class.ilAuthContainerSOAP.php.

98 {
99 $GLOBALS['ilLog']->write(__METHOD__.': Soap auth fetch data');
100
101 // check whether external user exists in ILIAS database
102 $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
103
104 if ($local_user == "")
105 {
106 $new_user = true;
107 }
108 else
109 {
110 $new_user = false;
111 }
112
113 $soapAction = "";
114 $nspref = "";
115 if ($this->use_dotnet)
116 {
117 $soapAction = $this->server_nms."/isValidSession";
118 $nspref = "ns1:";
119 }
120 $valid = $this->client->call('isValidSession',
121 array($nspref.'ext_uid' => $a_username,
122 $nspref.'soap_pw' => $a_password,
123 $nspref.'new_user' => $new_user),
124 $this->server_nms,
125 $soapAction);
126//echo "<br>== Request ==";
127//echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
128//echo "<br>== Response ==";
129//echo "<br>Valid: -".$valid["valid"]."-";
130//echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
131
132 if (trim($valid["valid"]) == "false")
133 {
134 $valid["valid"] = false;
135 }
136
137 // to do check SOAP error!?
138 $valid["local_user"] = $local_user;
139 $this->response = $valid;
140 return $valid['valid'] == true;
141 }
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
$valid
$valid
Definition: dummy_client.php:53
$new_user
$new_user
Definition: dummy_client.php:24
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4

References $GLOBALS, $new_user, $valid, and ilObjUser\_checkExternalAuthAccount().

+ Here is the call graph for this function:

◆ initClient()

ilAuthContainerSOAP::initClient ( )

Init soap client.

Returns

Definition at line 65 of file class.ilAuthContainerSOAP.php.

66 {
67 global $ilSetting;
68
69 $this->server_host = $ilSetting->get('soap_auth_server');
70 $this->server_port = $ilSetting->get('soap_auth_port');
71 $this->server_uri = $ilSetting->get('soap_auth_uri');
72 $this->server_https = $ilSetting->get('soap_auth_use_https');
73 $this->server_nms = $ilSetting->get('soap_auth_namespace');
74 $this->use_dot_net = $ilSetting->get('use_dotnet');
75
76 $this->uri = $this->server_https ? 'https://' : 'http://';
77 $this->uri .= $this->server_host;
78
79 if($this->server_port > 0)
80 {
81 $this->uri .= (':'.$this->server_port);
82 }
83 if($this->server_uri)
84 {
85 $this->uri .= ('/'.$this->server_uri);
86 }
87 $this->client = new nusoap_client($this->uri);
88 }
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7059
$ilSetting
global $ilSetting
Definition: privfeed.php:40

References $ilSetting, and $server_host.

Referenced by __construct().

+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerSOAP::loginObserver (   $a_username,
  $a_auth 
)

Called after login and successful call of fetch data.

Returns
Parameters
object$a_username
object$a_auth

Reimplemented from ilAuthContainerBase.

Definition at line 149 of file class.ilAuthContainerSOAP.php.

150 {
151 global $ilias, $rbacadmin, $lng, $ilSetting;
152
153 $GLOBALS['ilLog']->write(__METHOD__.': SOAP login observer called');
154
155
156 // TODO: handle passed credentials via GET
157 /*
158 if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
159 {
160 $this->status = AUTH_WRONG_LOGIN;
161 return;
162 }
163 */
164
165 // Not required anymore
166 /*
167 $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
168
169 if (!$validation_data["valid"])
170 {
171 $this->status = AUTH_WRONG_LOGIN;
172 return;
173 }
174 */
175
176 $local_user = $this->response["local_user"];
177 if ($local_user != "")
178 {
179 // to do: handle update of user
180 $a_auth->setAuth($local_user);
181 return true;
182 }
183 if(!$ilSetting->get("soap_auth_create_users"))
184 {
185 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
186 $a_auth->logout();
187 return false;
188 }
189//echo "1";
190 // try to map external user via e-mail to ILIAS user
191 if ($this->response["email"] != "")
192 {
193//echo "2";
194//var_dump ($_POST);
195 $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
196
197 // check, if password has been provided in user mapping screen
198 // (see ilStartUpGUI::showUserMappingSelection)
199 // FIXME
200 if ($_POST["LoginMappedUser"] != "")
201 {
202 if (count($email_user) > 0)
203 {
204 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
205 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
206 if(ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"])))
207 {
208 // password is correct -> map user
209 //$this->setAuth($local_user); (use login not id)
210 ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
211 ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
212 $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
213 $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
214 $a_auth->status = '';
215 $a_auth->setAuth($local_user);
216 return true;
217 }
218 else
219 {
220//echo "6"; exit;
221
222 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
223 $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
224 $a_auth->logout();
225 return false;
226 }
227 }
228 }
229
230 if (count($email_user) > 0 && $_POST["CreateUser"] == "")
231 {
232 $_GET["email"] = $this->response["email"];
233 $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
234 $a_auth->logout();
235 return false;
236 }
237 }
238
239 $userObj = new ilObjUser();
240 $local_user = ilAuthUtils::_generateLogin($a_username);
241
242 $newUser["firstname"] = $this->response["firstname"];
243 $newUser["lastname"] = $this->response["lastname"];
244 $newUser["email"] = $this->response["email"];
245
246 $newUser["login"] = $local_user;
247
248 // to do: set valid password and send mail
249 $newUser["passwd"] = "";
250 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
251
252 // generate password, if local authentication is allowed
253 // and account mail is activated
254 $pw = "";
255
256 if ($ilSetting->get("soap_auth_allow_local") &&
257 $ilSetting->get("soap_auth_account_mail"))
258 {
259 $pw = ilUtil::generatePasswords(1);
260 $pw = $pw[0];
261 $newUser["passwd"] = $pw;
262 $newUser["passwd_type"] = IL_PASSWD_PLAIN;
263 }
264
265 //$newUser["gender"] = "m";
266 $newUser["auth_mode"] = "soap";
267 $newUser["ext_account"] = $a_username;
268 $newUser["profile_incomplete"] = 1;
269
270 // system data
271 $userObj->assignData($newUser);
272 $userObj->setTitle($userObj->getFullname());
273 $userObj->setDescription($userObj->getEmail());
274
275 // set user language to system language
276 $userObj->setLanguage($lng->lang_default);
277
278 // Time limit
279 $userObj->setTimeLimitOwner(7);
280 $userObj->setTimeLimitUnlimited(1);
281 $userObj->setTimeLimitFrom(time());
282 $userObj->setTimeLimitUntil(time());
283
284 // Create user in DB
285 $userObj->setOwner(0);
286 $userObj->create();
287 $userObj->setActive(1);
288
289 $userObj->updateOwner();
290
291 //insert user data in table user_data
292 $userObj->saveAsNew(false);
293
294 // setup user preferences
295 $userObj->writePrefs();
296
297 // to do: test this
298 $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
299
300 // send account mail
301 if ($ilSetting->get("soap_auth_account_mail"))
302 {
303 include_once('./Services/User/classes/class.ilObjUserFolder.php');
304 $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
305 if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
306 {
307 include_once("Services/Mail/classes/class.ilAccountMail.php");
308 $acc_mail = new ilAccountMail();
309
310 if ($pw != "")
311 {
312 $acc_mail->setUserPassword($pw);
313 }
314 $acc_mail->setUser($userObj);
315 $acc_mail->send();
316 }
317 }
318
319 unset($userObj);
320 $a_auth->setAuth($local_user);
321 return true;
322 }
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
Auth_Container\verifyPassword
verifyPassword($password1, $password2, $cryptType="md5")
Crypt and verfiy the entered password.
Definition: Container.php:101
AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
Definition: class.ilAuthUtils.php:41
AUTH_SOAP_NO_ILIAS_USER
const AUTH_SOAP_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:26
IL_PASSWD_PLAIN
const IL_PASSWD_PLAIN
Definition: class.ilObjUser.php:4
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAccountMail
Class ilAccountMail.
Definition: class.ilAccountMail.php:14
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
ilObjUser\_writeExternalAccount
_writeExternalAccount($a_usr_id, $a_ext_id)
Definition: class.ilObjUser.php:2046
ilObjUser\_lookupLogin
_lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:808
ilObjUser\_writeAuthMode
_writeAuthMode($a_usr_id, $a_auth_mode)
Definition: class.ilObjUser.php:2056
ilObjUser\_getLocalAccountsForEmail
_getLocalAccountsForEmail($a_email)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3838
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilUserPasswordManager\getInstance
static getInstance()
Single method to reduce footprint (included files, created instances)
Definition: class.ilUserPasswordManager.php:77
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3962
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2673
$lng
global $lng
Definition: privfeed.php:40

References $_GET, $_POST, $GLOBALS, $ilSetting, $lng, ilAuthUtils\_generateLogin(), ilObjUser\_getLocalAccountsForEmail(), ilObjUser\_lookupLogin(), ilObjUserFolder\_lookupNewAccountMail(), ilObjUser\_writeAuthMode(), ilObjUser\_writeExternalAccount(), AUTH_SOAP_NO_ILIAS_USER, AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL, AUTH_WRONG_LOGIN, ilUtil\generatePasswords(), ilUserPasswordManager\getInstance(), ilObjectFactory\getInstanceByObjId(), IL_PASSWD_CRYPTED, IL_PASSWD_PLAIN, ilUtil\stripSlashes(), and Auth_Container\verifyPassword().

+ Here is the call graph for this function:

Field Documentation

◆ $client

ilAuthContainerSOAP::$client = null
protected

Definition at line 46 of file class.ilAuthContainerSOAP.php.

◆ $response

ilAuthContainerSOAP::$response = null
protected

Definition at line 47 of file class.ilAuthContainerSOAP.php.

◆ $server_host

ilAuthContainerSOAP::$server_host = null
protected

Definition at line 37 of file class.ilAuthContainerSOAP.php.

Referenced by initClient().

◆ $server_https

ilAuthContainerSOAP::$server_https = null
protected

Definition at line 40 of file class.ilAuthContainerSOAP.php.

◆ $server_nms

ilAuthContainerSOAP::$server_nms = null
protected

Definition at line 41 of file class.ilAuthContainerSOAP.php.

◆ $server_port

ilAuthContainerSOAP::$server_port = null
protected

Definition at line 38 of file class.ilAuthContainerSOAP.php.

◆ $server_uri

ilAuthContainerSOAP::$server_uri = null
protected

Definition at line 39 of file class.ilAuthContainerSOAP.php.

◆ $uri

ilAuthContainerSOAP::$uri = null
protected

Definition at line 44 of file class.ilAuthContainerSOAP.php.

◆ $use_dot_net

ilAuthContainerSOAP::$use_dot_net = null
protected

Definition at line 42 of file class.ilAuthContainerSOAP.php.

The documentation for this class was generated from the following file: