ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilCASAuth Class Reference

Class CASAuth. More...

+ Inheritance diagram for ilCASAuth:
+ Collaboration diagram for ilCASAuth:

Public Member Functions

 ilCASAuth ($a_params)
 Constructor @access public. More...
 
 checkCASAuth ()
 check cas autehntication More...
 
 forceCASAuth ()
 
 getCASUser ()
 
 login ()
 Checks if the current user is authenticated yet @access public. More...
 
 logout ()
 Register variable in a session telling that the user has logged in successfully. More...
 
- Public Member Functions inherited from Auth
 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Additional Inherited Members

- Static Public Member Functions inherited from Auth
_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 
- Data Fields inherited from Auth
 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 
- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Class CASAuth.

CAS Authentication class.

Definition at line 37 of file class.ilCASAuth.php.

Member Function Documentation

◆ checkCASAuth()

ilCASAuth::checkCASAuth ( )

check cas autehntication

can be called before forceAuthentication, but forceAuthentication must be called afterwards

Definition at line 72 of file class.ilCASAuth.php.

73 {
74 global $PHPCAS_CLIENT;
75
76 return $PHPCAS_CLIENT->isAuthenticated();
77 }
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176

References $PHPCAS_CLIENT.

◆ forceCASAuth()

ilCASAuth::forceCASAuth ( )

Definition at line 79 of file class.ilCASAuth.php.

80 {
82 }
forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:961

References phpCAS\forceAuthentication().

+ Here is the call graph for this function:

◆ getCASUser()

ilCASAuth::getCASUser ( )

Definition at line 84 of file class.ilCASAuth.php.

85 {
86 return phpCAS::getUser();
87 }
getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1075

References phpCAS\getUser().

+ Here is the call graph for this function:

◆ ilCASAuth()

ilCASAuth::ilCASAuth (   $a_params)

Constructor @access public.

Definition at line 43 of file class.ilCASAuth.php.

44 {
45 if ($a_params["sessionName"] != "")
46 {
47 parent::Auth("", array("sessionName" => $a_params["sessionName"]));
48 }
49 else
50 {
51 parent::Auth("");
52 }
53
54 include_once("./Services/CAS/lib/CAS.php");
55 $this->server_version = CAS_VERSION_2_0;
56 $this->server_hostname = $a_params["server_hostname"];
57 $this->server_port = (int) $a_params["server_port"];
58 $this->server_uri = $a_params["server_uri"];
59
60 //phpCAS::setDebug();
61//echo "-".$_GET['ticket']."-"; exit;
62 phpCAS::client($this->server_version, $this->server_hostname,
63 $this->server_port, (string) $this->server_uri);
64 }
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
const CAS_VERSION_2_0
Definition: CAS.php:81

References CAS_VERSION_2_0, and phpCAS\client().

+ Here is the call graph for this function:

◆ login()

ilCASAuth::login ( )

Checks if the current user is authenticated yet @access public.

Returns
boolean true if user is authenticated Set the maximum idle time
Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void @access public Set the maximum expire time
Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void @access public Checks if there is a session with valid auth information.

@access private

Returns
boolean Whether or not the user is authenticated. Start new auth session

@access public

Returns
void Login function

@access private

Returns
void

Reimplemented from Auth.

Definition at line 213 of file class.ilCASAuth.php.

214 {
215 global $ilias, $rbacadmin, $ilSetting;
216
217 if (phpCAS::getUser() != "")
218 {
220
221 // Authorize this user
222 include_once('./Services/User/classes/class.ilObjUser.php');
224
225 if ($local_user != "")
226 {
227 $this->setAuth($local_user);
228 }
229 else
230 {
231 if (!$ilSetting->get("cas_create_users"))
232 {
233 $this->status = AUTH_CAS_NO_ILIAS_USER;
234 $this->logout();
235 return;
236 }
237
238 $userObj = new ilObjUser();
239
241
242 $newUser["firstname"] = $local_user;
243 $newUser["lastname"] = "";
244
245 $newUser["login"] = $local_user;
246
247 // set "plain md5" password (= no valid password)
248 $newUser["passwd"] = "";
249 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
250
251 //$newUser["gender"] = "m";
252 $newUser["auth_mode"] = "cas";
253 $newUser["ext_account"] = $username;
254 $newUser["profile_incomplete"] = 1;
255
256 // system data
257 $userObj->assignData($newUser);
258 $userObj->setTitle($userObj->getFullname());
259 $userObj->setDescription($userObj->getEmail());
260
261 // set user language to system language
262 $userObj->setLanguage($ilSetting->get("language"));
263
264 // Time limit
265 $userObj->setTimeLimitOwner(7);
266 $userObj->setTimeLimitUnlimited(1);
267 $userObj->setTimeLimitFrom(time());
268 $userObj->setTimeLimitUntil(time());
269
270 // Create user in DB
271 $userObj->setOwner(0);
272 $userObj->create();
273 $userObj->setActive(1);
274
275 $userObj->updateOwner();
276
277 //insert user data in table user_data
278 $userObj->saveAsNew();
279
280 // setup user preferences
281 $userObj->writePrefs();
282
283 // to do: test this
284 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
285
286 unset($userObj);
287
288 $this->setAuth($local_user);
289
290 }
291 }
292 else
293 {
294 // This should never occur unless CAS is not configured properly
295 $this->status = AUTH_WRONG_LOGIN;
296 }
297 }
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
$username
Definition: Auth.php:175
const AUTH_CAS_NO_ILIAS_USER
const IL_PASSWD_CRYPTED
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
logout()
Register variable in a session telling that the user has logged in successfully.
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
global $ilSetting
Definition: privfeed.php:40

References $ilSetting, Auth\$username, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, phpCAS\getUser(), IL_PASSWD_CRYPTED, logout(), and Auth\setAuth().

+ Here is the call graph for this function:

◆ logout()

ilCASAuth::logout ( )

Register variable in a session telling that the user has logged in successfully.

@access public

Parameters
stringUsername
Returns
void Logout function

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

@access public

Returns
void

Reimplemented from Auth.

Definition at line 341 of file class.ilCASAuth.php.

342 {
343 parent::logout();
344 //PHPCAS::logout(); // CAS logout should be provided separately
345 // maybe on ILISA login screen
346 }

Referenced by login().

+ Here is the caller graph for this function:

The documentation for this class was generated from the following file: