ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Protected Attributes
ilAuthContainerSOAP Class Reference

Authentication against external SOAP server More...

+ Inheritance diagram for ilAuthContainerSOAP:
+ Collaboration diagram for ilAuthContainerSOAP:

Public Member Functions

 __construct ()
 Constructor. More...
 
 initClient ()
 Init soap client. More...
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 Call is isValidSession of soap server. More...
 
 loginObserver ($a_username, $a_auth)
 Called after login and successful call of fetch data. More...
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Protected Attributes

 $server_host = null
 
 $server_port = null
 
 $server_uri = null
 
 $server_https = null
 
 $server_nms = null
 
 $use_dot_net = null
 
 $uri = null
 
 $client = null
 
 $response = null
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

Authentication against external SOAP server

Todo:
This class should inherit either from Auth_Container_SOAP or Auth_Container_SOAP5
Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$id$

Definition at line 35 of file class.ilAuthContainerSOAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerSOAP::__construct ( )

Constructor.

Definition at line 52 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, and initClient().

53  {
54  $_POST['username'] = $_GET['ext_uid'];
55  $_POST['password'] = $_GET['soap_pw'];
56 
57  parent::__construct();
58  $this->initClient();
59  }
ilAuthContainerSOAP\initClient
initClient()
Init soap client.
Definition: class.ilAuthContainerSOAP.php:65
$_POST
$_POST['username']
Definition: cron.php:12
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerSOAP::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)

Call is isValidSession of soap server.

Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Definition at line 97 of file class.ilAuthContainerSOAP.php.

References $GLOBALS, $new_user, $valid, and ilObjUser\_checkExternalAuthAccount().

98  {
99  $GLOBALS['ilLog']->write(__METHOD__.': Soap auth fetch data');
100 
101  // check whether external user exists in ILIAS database
102  $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
103 
104  if ($local_user == "")
105  {
106  $new_user = true;
107  }
108  else
109  {
110  $new_user = false;
111  }
112 
113  $soapAction = "";
114  $nspref = "";
115  if ($this->use_dotnet)
116  {
117  $soapAction = $this->server_nms."/isValidSession";
118  $nspref = "ns1:";
119  }
120  $valid = $this->client->call('isValidSession',
121  array($nspref.'ext_uid' => $a_username,
122  $nspref.'soap_pw' => $a_password,
123  $nspref.'new_user' => $new_user),
124  $this->server_nms,
125  $soapAction);
126 //echo "<br>== Request ==";
127 //echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
128 //echo "<br>== Response ==";
129 //echo "<br>Valid: -".$valid["valid"]."-";
130 //echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
131 
132  if (trim($valid["valid"]) == "false")
133  {
134  $valid["valid"] = false;
135  }
136 
137  // to do check SOAP error!?
138  $valid["local_user"] = $local_user;
139  $this->response = $valid;
140  return $valid['valid'] == true;
141  }
$valid
$valid
Definition: dummy_client.php:53
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$new_user
$new_user
Definition: dummy_client.php:24
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
+ Here is the call graph for this function:

◆ initClient()

ilAuthContainerSOAP::initClient ( )

Init soap client.

Returns

Definition at line 65 of file class.ilAuthContainerSOAP.php.

References $ilSetting, and $server_host.

Referenced by __construct().

66  {
67  global $ilSetting;
68 
69  $this->server_host = $ilSetting->get('soap_auth_server');
70  $this->server_port = $ilSetting->get('soap_auth_port');
71  $this->server_uri = $ilSetting->get('soap_auth_uri');
72  $this->server_https = $ilSetting->get('soap_auth_use_https');
73  $this->server_nms = $ilSetting->get('soap_auth_namespace');
74  $this->use_dot_net = $ilSetting->get('use_dotnet');
75 
76  $this->uri = $this->server_https ? 'https://' : 'http://';
77  $this->uri .= $this->server_host;
78 
79  if($this->server_port > 0)
80  {
81  $this->uri .= (':'.$this->server_port);
82  }
83  if($this->server_uri)
84  {
85  $this->uri .= ('/'.$this->server_uri);
86  }
87  $this->client = new nusoap_client($this->uri);
88  }
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7059
$ilSetting
global $ilSetting
Definition: privfeed.php:40
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerSOAP::loginObserver (   $a_username,
  $a_auth 
)

Called after login and successful call of fetch data.

Returns
Parameters
object$a_username
object$a_auth

Definition at line 149 of file class.ilAuthContainerSOAP.php.

References $_GET, $_POST, $GLOBALS, $ilSetting, $lng, ilAuthUtils\_generateLogin(), ilObjUser\_getLocalAccountsForEmail(), ilObjUser\_lookupLogin(), ilObjUserFolder\_lookupNewAccountMail(), ilObjUser\_writeAuthMode(), ilObjUser\_writeExternalAccount(), AUTH_SOAP_NO_ILIAS_USER, AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL, AUTH_WRONG_LOGIN, ilUtil\generatePasswords(), ilUserPasswordManager\getInstance(), ilObjectFactory\getInstanceByObjId(), IL_PASSWD_CRYPTED, IL_PASSWD_PLAIN, ilUtil\stripSlashes(), and Auth_Container\verifyPassword().

150  {
151  global $ilias, $rbacadmin, $lng, $ilSetting;
152 
153  $GLOBALS['ilLog']->write(__METHOD__.': SOAP login observer called');
154 
155 
156  // TODO: handle passed credentials via GET
157  /*
158  if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
159  {
160  $this->status = AUTH_WRONG_LOGIN;
161  return;
162  }
163  */
164 
165  // Not required anymore
166  /*
167  $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
168 
169  if (!$validation_data["valid"])
170  {
171  $this->status = AUTH_WRONG_LOGIN;
172  return;
173  }
174  */
175 
176  $local_user = $this->response["local_user"];
177  if ($local_user != "")
178  {
179  // to do: handle update of user
180  $a_auth->setAuth($local_user);
181  return true;
182  }
183  if(!$ilSetting->get("soap_auth_create_users"))
184  {
185  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
186  $a_auth->logout();
187  return false;
188  }
189 //echo "1";
190  // try to map external user via e-mail to ILIAS user
191  if ($this->response["email"] != "")
192  {
193 //echo "2";
194 //var_dump ($_POST);
195  $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
196 
197  // check, if password has been provided in user mapping screen
198  // (see ilStartUpGUI::showUserMappingSelection)
199  // FIXME
200  if ($_POST["LoginMappedUser"] != "")
201  {
202  if (count($email_user) > 0)
203  {
204  $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
205  require_once 'Services/User/classes/class.ilUserPasswordManager.php';
206  if(ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"])))
207  {
208  // password is correct -> map user
209  //$this->setAuth($local_user); (use login not id)
210  ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
211  ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
212  $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"]= "";
213  $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
214  $a_auth->status = '';
215  $a_auth->setAuth($local_user);
216  return true;
217  }
218  else
219  {
220 //echo "6"; exit;
221 
222  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
223  $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
224  $a_auth->logout();
225  return false;
226  }
227  }
228  }
229 
230  if (count($email_user) > 0 && $_POST["CreateUser"] == "")
231  {
232  $_GET["email"] = $this->response["email"];
233  $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
234  $a_auth->logout();
235  return false;
236  }
237  }
238 
239  $userObj = new ilObjUser();
240  $local_user = ilAuthUtils::_generateLogin($a_username);
241 
242  $newUser["firstname"] = $this->response["firstname"];
243  $newUser["lastname"] = $this->response["lastname"];
244  $newUser["email"] = $this->response["email"];
245 
246  $newUser["login"] = $local_user;
247 
248  // to do: set valid password and send mail
249  $newUser["passwd"] = "";
250  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
251 
252  // generate password, if local authentication is allowed
253  // and account mail is activated
254  $pw = "";
255 
256  if ($ilSetting->get("soap_auth_allow_local") &&
257  $ilSetting->get("soap_auth_account_mail"))
258  {
259  $pw = ilUtil::generatePasswords(1);
260  $pw = $pw[0];
261  $newUser["passwd"] = $pw;
262  $newUser["passwd_type"] = IL_PASSWD_PLAIN;
263  }
264 
265  //$newUser["gender"] = "m";
266  $newUser["auth_mode"] = "soap";
267  $newUser["ext_account"] = $a_username;
268  $newUser["profile_incomplete"] = 1;
269 
270  // system data
271  $userObj->assignData($newUser);
272  $userObj->setTitle($userObj->getFullname());
273  $userObj->setDescription($userObj->getEmail());
274 
275  // set user language to system language
276  $userObj->setLanguage($lng->lang_default);
277 
278  // Time limit
279  $userObj->setTimeLimitOwner(7);
280  $userObj->setTimeLimitUnlimited(1);
281  $userObj->setTimeLimitFrom(time());
282  $userObj->setTimeLimitUntil(time());
283 
284  // Create user in DB
285  $userObj->setOwner(0);
286  $userObj->create();
287  $userObj->setActive(1);
288 
289  $userObj->updateOwner();
290 
291  //insert user data in table user_data
292  $userObj->saveAsNew(false);
293 
294  // setup user preferences
295  $userObj->writePrefs();
296 
297  // to do: test this
298  $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(),true);
299 
300  // send account mail
301  if ($ilSetting->get("soap_auth_account_mail"))
302  {
303  include_once('./Services/User/classes/class.ilObjUserFolder.php');
304  $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
305  if (trim($amail["body"]) != "" && trim($amail["subject"]) != "")
306  {
307  include_once("Services/Mail/classes/class.ilAccountMail.php");
308  $acc_mail = new ilAccountMail();
309 
310  if ($pw != "")
311  {
312  $acc_mail->setUserPassword($pw);
313  }
314  $acc_mail->setUser($userObj);
315  $acc_mail->send();
316  }
317  }
318 
319  unset($userObj);
320  $a_auth->setAuth($local_user);
321  return true;
322  }
IL_PASSWD_PLAIN
const IL_PASSWD_PLAIN
Definition: class.ilObjUser.php:4
$_POST
$_POST['username']
Definition: cron.php:12
ilObjUser\_getLocalAccountsForEmail
_getLocalAccountsForEmail($a_email)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3838
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3962
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
AUTH_SOAP_NO_ILIAS_USER
const AUTH_SOAP_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:26
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
ilObjUser\_lookupLogin
_lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:808
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2673
AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL
Definition: class.ilAuthUtils.php:41
ilObjUser\_writeExternalAccount
_writeExternalAccount($a_usr_id, $a_ext_id)
Definition: class.ilObjUser.php:2046
Auth_Container\verifyPassword
verifyPassword($password1, $password2, $cryptType="md5")
Crypt and verfiy the entered password.
Definition: Container.php:101
ilObjUser\_writeAuthMode
_writeAuthMode($a_usr_id, $a_auth_mode)
Definition: class.ilObjUser.php:2056
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$lng
global $lng
Definition: privfeed.php:40
ilAccountMail
Class ilAccountMail.
Definition: class.ilAccountMail.php:13
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilUserPasswordManager\getInstance
static getInstance()
Single method to reduce footprint (included files, created instances)
Definition: class.ilUserPasswordManager.php:77
+ Here is the call graph for this function:

Field Documentation

◆ $client

ilAuthContainerSOAP::$client = null
protected

Definition at line 46 of file class.ilAuthContainerSOAP.php.

◆ $response

ilAuthContainerSOAP::$response = null
protected

Definition at line 47 of file class.ilAuthContainerSOAP.php.

◆ $server_host

ilAuthContainerSOAP::$server_host = null
protected

Definition at line 37 of file class.ilAuthContainerSOAP.php.

Referenced by initClient().

◆ $server_https

ilAuthContainerSOAP::$server_https = null
protected

Definition at line 40 of file class.ilAuthContainerSOAP.php.

◆ $server_nms

ilAuthContainerSOAP::$server_nms = null
protected

Definition at line 41 of file class.ilAuthContainerSOAP.php.

◆ $server_port

ilAuthContainerSOAP::$server_port = null
protected

Definition at line 38 of file class.ilAuthContainerSOAP.php.

◆ $server_uri

ilAuthContainerSOAP::$server_uri = null
protected

Definition at line 39 of file class.ilAuthContainerSOAP.php.

◆ $uri

ilAuthContainerSOAP::$uri = null
protected

Definition at line 44 of file class.ilAuthContainerSOAP.php.

◆ $use_dot_net

ilAuthContainerSOAP::$use_dot_net = null
protected

Definition at line 42 of file class.ilAuthContainerSOAP.php.

The documentation for this class was generated from the following file: