ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions
ilCASAuth Class Reference

Class CASAuth. More...

+ Inheritance diagram for ilCASAuth:
+ Collaboration diagram for ilCASAuth:

Public Member Functions

 ilCASAuth ($a_params)
 Constructor public. More...
 
 checkCASAuth ()
 check cas autehntication More...
 
 forceCASAuth ()
 
 getCASUser ()
 
 login ()
 Checks if the current user is authenticated yet public. More...
 
 logout ()
 Register variable in a session telling that the user has logged in successfully. More...
 
- Public Member Functions inherited from Auth
 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Additional Inherited Members

- Static Public Member Functions inherited from Auth
_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 
- Data Fields inherited from Auth
 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 
- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Class CASAuth.

CAS Authentication class.

Definition at line 37 of file class.ilCASAuth.php.

Member Function Documentation

◆ checkCASAuth()

ilCASAuth::checkCASAuth ( )

check cas autehntication

can be called before forceAuthentication, but forceAuthentication must be called afterwards

Definition at line 72 of file class.ilCASAuth.php.

References $PHPCAS_CLIENT.

73  {
74  global $PHPCAS_CLIENT;
75 
76  return $PHPCAS_CLIENT->isAuthenticated();
77  }
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176

◆ forceCASAuth()

ilCASAuth::forceCASAuth ( )

Definition at line 79 of file class.ilCASAuth.php.

References phpCAS\forceAuthentication().

80  {
81  phpCAS::forceAuthentication();
82  }
phpCAS\forceAuthentication
forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:961
+ Here is the call graph for this function:

◆ getCASUser()

ilCASAuth::getCASUser ( )

Definition at line 84 of file class.ilCASAuth.php.

References phpCAS\getUser().

85  {
86  return phpCAS::getUser();
87  }
phpCAS\getUser
getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1075
+ Here is the call graph for this function:

◆ ilCASAuth()

ilCASAuth::ilCASAuth (   $a_params)

Constructor public.

Definition at line 43 of file class.ilCASAuth.php.

References CAS_VERSION_2_0, and phpCAS\client().

44  {
45  if ($a_params["sessionName"] != "")
46  {
47  parent::Auth("", array("sessionName" => $a_params["sessionName"]));
48  }
49  else
50  {
51  parent::Auth("");
52  }
53 
54  include_once("./Services/CAS/lib/CAS.php");
55  $this->server_version = CAS_VERSION_2_0;
56  $this->server_hostname = $a_params["server_hostname"];
57  $this->server_port = (int) $a_params["server_port"];
58  $this->server_uri = $a_params["server_uri"];
59 
60  //phpCAS::setDebug();
61 //echo "-".$_GET['ticket']."-"; exit;
62  phpCAS::client($this->server_version, $this->server_hostname,
63  $this->server_port, (string) $this->server_uri);
64  }
phpCAS\client
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:81
+ Here is the call graph for this function:

◆ login()

ilCASAuth::login ( )

Checks if the current user is authenticated yet public.

Returns
boolean true if user is authenticated Set the maximum idle time
Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void public Set the maximum expire time
Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void public Checks if there is a session with valid auth information.

private

Returns
boolean Whether or not the user is authenticated. Start new auth session

public

Returns
void Login function

private

Returns
void

Definition at line 213 of file class.ilCASAuth.php.

References $ilSetting, Auth\$username, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, phpCAS\getUser(), IL_PASSWD_CRYPTED, logout(), and Auth\setAuth().

214  {
215  global $ilias, $rbacadmin, $ilSetting;
216 
217  if (phpCAS::getUser() != "")
218  {
219  $username = phpCAS::getUser();
220 
221  // Authorize this user
222  include_once('./Services/User/classes/class.ilObjUser.php');
223  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
224 
225  if ($local_user != "")
226  {
227  $this->setAuth($local_user);
228  }
229  else
230  {
231  if (!$ilSetting->get("cas_create_users"))
232  {
233  $this->status = AUTH_CAS_NO_ILIAS_USER;
234  $this->logout();
235  return;
236  }
237 
238  $userObj = new ilObjUser();
239 
240  $local_user = ilAuthUtils::_generateLogin($username);
241 
242  $newUser["firstname"] = $local_user;
243  $newUser["lastname"] = "";
244 
245  $newUser["login"] = $local_user;
246 
247  // set "plain md5" password (= no valid password)
248  $newUser["passwd"] = "";
249  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
250 
251  //$newUser["gender"] = "m";
252  $newUser["auth_mode"] = "cas";
253  $newUser["ext_account"] = $username;
254  $newUser["profile_incomplete"] = 1;
255 
256  // system data
257  $userObj->assignData($newUser);
258  $userObj->setTitle($userObj->getFullname());
259  $userObj->setDescription($userObj->getEmail());
260 
261  // set user language to system language
262  $userObj->setLanguage($ilSetting->get("language"));
263 
264  // Time limit
265  $userObj->setTimeLimitOwner(7);
266  $userObj->setTimeLimitUnlimited(1);
267  $userObj->setTimeLimitFrom(time());
268  $userObj->setTimeLimitUntil(time());
269 
270  // Create user in DB
271  $userObj->setOwner(0);
272  $userObj->create();
273  $userObj->setActive(1);
274 
275  $userObj->updateOwner();
276 
277  //insert user data in table user_data
278  $userObj->saveAsNew();
279 
280  // setup user preferences
281  $userObj->writePrefs();
282 
283  // to do: test this
284  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
285 
286  unset($userObj);
287 
288  $this->setAuth($local_user);
289 
290  }
291  }
292  else
293  {
294  // This should never occur unless CAS is not configured properly
295  $this->status = AUTH_WRONG_LOGIN;
296  }
297  }
ilCASAuth\logout
logout()
Register variable in a session telling that the user has logged in successfully.
Definition: class.ilCASAuth.php:341
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
phpCAS\getUser
getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1075
$ilSetting
global $ilSetting
Definition: privfeed.php:40
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
Auth\setAuth
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
Auth\$username
$username
Definition: Auth.php:175
+ Here is the call graph for this function:

◆ logout()

ilCASAuth::logout ( )

Register variable in a session telling that the user has logged in successfully.

public

Parameters
stringUsername
Returns
void Logout function

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

public

Returns
void

Definition at line 341 of file class.ilCASAuth.php.

Referenced by login().

342  {
343  parent::logout();
344  //PHPCAS::logout(); // CAS logout should be provided separately
345  // maybe on ILISA login screen
346  }
+ Here is the caller graph for this function:
The documentation for this class was generated from the following file: