ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilWebAccessChecker.php
Go to the documentation of this file.
1<?php
2require_once('./Services/WebAccessChecker/classes/class.ilWACSignedPath.php');
3require_once('./Services/WebAccessChecker/classes/class.ilWACPath.php');
4require_once('./Services/WebAccessChecker/classes/class.ilWACSecurePath.php');
5require_once('./Services/WebAccessChecker/classes/class.ilWACLog.php');
6require_once('./Services/Init/classes/class.ilInitialisation.php');
7require_once('./Services/FileDelivery/classes/class.ilFileDelivery.php');
8require_once('./Services/WebAccessChecker/classes/class.ilWACCookie.php');
9require_once('./Services/WebAccessChecker/classes/class.ilWACHeader.php');
10
17class ilWebAccessChecker {
18
19 const DISPOSITION = 'disposition';
20 const STATUS_CODE = 'status_code';
21 const REVALIDATE = 'revalidate';
22 const CM_FILE_TOKEN = 1;
23 const CM_FOLDER_TOKEN = 2;
24 const CM_CHECKINGINSTANCE = 3;
25 const CM_SECFOLDER = 4;
29 protected $path_object = null;
33 protected $checked = false;
37 protected $disposition = ilFileDelivery::DISP_INLINE;
41 protected $override_mimetype = '';
45 protected $send_status_code = false;
49 protected $initialized = false;
53 protected $revalidate_folder_tokens = true;
57 protected static $DEBUG = false;
61 protected static $use_seperate_logfile = false;
65 protected $cookie = null;
69 protected $header = null;
73 protected $applied_checking_methods = array();
74
75
82 public function __construct($path, ilWACCookieInterface $ilWACCookieInterface = null, ilWACHeaderInterface $ilWACHeaderInterface = null) {
83 $this->setPathObject(new ilWACPath($path));
84 $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
85 $this->setHeader($ilWACHeaderInterface ? $ilWACHeaderInterface : new ilWACHeader());
86 }
87
88
93 public function check() {
94 ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
95 if (!$this->getPathObject()) {
96 throw new ilWACException(ilWACException::CODE_NO_PATH);
97 }
98
99 // Check if Path has been signed with a token
100 $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
101 if ($ilWACSignedPath->isSignedPath()) {
102 $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
103 if ($ilWACSignedPath->isSignedPathValid()) {
104 $this->setChecked(true);
105 ilWACLog::getInstance()->write('checked using token');
106 $this->sendHeader('checked using token');
107
108 return true;
109 }
110 }
111
112 // Check if the whole secured folder has been signed
113 if ($ilWACSignedPath->isFolderSigned()) {
114 $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
115 if ($ilWACSignedPath->isFolderTokenValid()) {
116 if ($this->isRevalidateFolderTokens()) {
117 $ilWACSignedPath->revalidatingFolderToken();
118 }
119 $this->setChecked(true);
120 ilWACLog::getInstance()->write('checked using secure folder');
121 $this->sendHeader('checked using secure folder');
122
123 return true;
124 }
125 }
126
127 // Fallback, have to initiate ILIAS
128 $this->initILIAS();
129
130 // Maybe the path has been registered, lets check
131 $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
132 if ($checkingInstance instanceof ilWACCheckingClass) {
133 $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
134 ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
135 $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
136 if ($canBeDelivered) {
137 ilWACLog::getInstance()->write('checked using fallback');
138 $this->sendHeader('checked using fallback');
139 if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
140 $ilWACSignedPath->revalidatingFolderToken();
141 }
142
143 $this->setChecked(true);
144
145 return true;
146 } else {
147 ilWACLog::getInstance()->write('checking-instance denied access');
148 $this->setChecked(true);
149
150 return false;
151 }
152 }
153
154 // none of the checking mechanisms could have been applied. no access
155 $this->setChecked(true);
156 ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
157 if ($this->getPathObject()->isInSecFolder()) {
158 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
159 ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
160
161 return false;
162 } else {
163 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
164 ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
165
166 return true;
167 }
168 }
169
170
174 protected function sendHeader($message) {
175 $this->getHeader()->sendHeader('X-ILIAS-WebAccessChecker: ' . $message);
176 }
177
178
183 public function initILIAS() {
184 if ($this->isInitialized()) {
185 return true;
186 }
187 $GLOBALS['COOKIE_PATH'] = '/';
188 $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
189 ilContext::init(ilContext::CONTEXT_WAC);
190 try {
191 ilWACLog::getInstance()->write('init ILIAS');
192 ilInitialisation::initILIAS();
193 $this->checkUser();
194 $this->checkPublicSection();
195 } catch (Exception $e) {
196 if ($e instanceof ilWACException
197 && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
198 throw $e;
199 }
200 if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
201 || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
202 $this->initAnonymousSession();
203 $this->checkUser();
204 $this->checkPublicSection();
205 }
206 }
207 $this->setInitialized(true);
208 }
209
210
211 protected function checkPublicSection() {
212 global $DIC;
213 $not_on_login_page = $this->isRequestNotFromLoginPage();
214 $is_anonymous = ((int)$DIC->user()->getId() === (int)ANONYMOUS_USER_ID);
215 $is_null_user = ($DIC->user()->getId() === 0);
216 $pub_section_activated = (bool)$DIC['ilSetting']->get('pub_section');
217 $isset = isset($DIC['ilSetting']);
218 $instanceof = $DIC['ilSetting'] instanceof ilSetting;
219 if (!$isset || !$instanceof || (!$pub_section_activated && ($is_anonymous || ($is_null_user && $not_on_login_page)))) {
220 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
221 }
222 }
223
224
225 protected function checkUser() {
226 global $DIC;
227
228 $is_user = $DIC->user() instanceof ilObjUser;
229 $user_id_is_zero = ((int)$DIC->user()->getId() === 0);
230 $not_on_login_page = $this->isRequestNotFromLoginPage();
231 if (!$is_user || ($user_id_is_zero && $not_on_login_page)) {
232 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
233 }
234 }
235
236
240 public function isChecked() {
241 return $this->checked;
242 }
243
244
248 public function setChecked($checked) {
249 $this->checked = $checked;
250 }
251
252
256 public function getPathObject() {
257 return $this->path_object;
258 }
259
260
264 public function setPathObject($path_object) {
265 $this->path_object = $path_object;
266 }
267
268
272 public function getDisposition() {
273 return $this->disposition;
274 }
275
276
280 public function setDisposition($disposition) {
281 $this->disposition = $disposition;
282 }
283
284
288 public function getOverrideMimetype() {
289 return $this->override_mimetype;
290 }
291
292
296 public function setOverrideMimetype($override_mimetype) {
297 $this->override_mimetype = $override_mimetype;
298 }
299
300
304 public function isInitialized() {
305 return $this->initialized;
306 }
307
308
312 public function setInitialized($initialized) {
313 $this->initialized = $initialized;
314 }
315
316
320 public function isSendStatusCode() {
321 return $this->send_status_code;
322 }
323
324
328 public function setSendStatusCode($send_status_code) {
329 $this->send_status_code = $send_status_code;
330 }
331
332
336 public function isRevalidateFolderTokens() {
337 return $this->revalidate_folder_tokens;
338 }
339
340
344 public function setRevalidateFolderTokens($revalidate_folder_tokens) {
345 $this->revalidate_folder_tokens = $revalidate_folder_tokens;
346 }
347
348
352 public static function isDEBUG() {
353 return self::$DEBUG;
354 }
355
356
360 public static function setDEBUG($DEBUG) {
361 self::$DEBUG = $DEBUG;
362 }
363
364
368 public static function isUseSeperateLogfile() {
369 return self::$use_seperate_logfile;
370 }
371
372
376 public static function setUseSeperateLogfile($use_seperate_logfile) {
377 self::$use_seperate_logfile = $use_seperate_logfile;
378 }
379
380
384 public function getCookie() {
385 return $this->cookie;
386 }
387
388
392 public function setCookie($cookie) {
393 $this->cookie = $cookie;
394 }
395
396
400 public function getAppliedCheckingMethods() {
401 return $this->applied_checking_methods;
402 }
403
404
408 public function setAppliedCheckingMethods($applied_checking_methods) {
409 $this->applied_checking_methods = $applied_checking_methods;
410 }
411
412
416 protected function addAppliedCheckingMethod($method) {
417 $this->applied_checking_methods[] = $method;
418 }
419
420
424 public function getHeader() {
425 return $this->header;
426 }
427
428
432 public function setHeader($header) {
433 $this->header = $header;
434 }
435
436
437 protected function initAnonymousSession() {
438 global $DIC;
439 include_once './Services/Context/classes/class.ilContext.php';
440 ilContext::init(ilContext::CONTEXT_WAC);
441 require_once("Services/Init/classes/class.ilInitialisation.php");
442 ilInitialisation::reinitILIAS();
446 $ilAuthSession = $DIC['ilAuthSession'];
447 $ilAuthSession->init();
448 $ilAuthSession->regenerateId();
449 $a_id = (int)ANONYMOUS_USER_ID;
450 $ilAuthSession->setUserId($a_id);
451 $ilAuthSession->setAuthenticated(false, $a_id);
452 $DIC->user()->setId($a_id);
453 }
454
455
459 protected function isRequestNotFromLoginPage() {
460 $referrer = !is_null($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
461 $not_on_login_page = (strpos($referrer, 'login.php') === false
462 && strpos($referrer, '&baseClass=ilStartUpGUI') === false);
463
464 return $not_on_login_page;
465 }
466}
$path
$path
Definition: aliased.php:25
php
An exception for terminatinating execution or to throw for unit testing.
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:42
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:31
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:839
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilWACCookie
Class ilWACCookie.
Definition: class.ilWACCookie.php:9
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
ilWACHeader
Class ilWACHeader.
Definition: class.ilWACHeader.php:10
ilWACLog\getInstance
static getInstance()
Definition: class.ilWACLog.php:40
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:9
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:13
ilWebAccessChecker
Class ilWebAccessChecker.
Definition: class.ilWebAccessChecker.php:17
ilWebAccessChecker\__construct
__construct($path, ilWACCookieInterface $ilWACCookieInterface=null, ilWACHeaderInterface $ilWACHeaderInterface=null)
ilWebAccessChecker constructor.
Definition: class.ilWebAccessChecker.php:82
ilWebAccessChecker\setUseSeperateLogfile
static setUseSeperateLogfile($use_seperate_logfile)
Definition: class.ilWebAccessChecker.php:376
ilWebAccessChecker\setSendStatusCode
setSendStatusCode($send_status_code)
Definition: class.ilWebAccessChecker.php:328
ilWebAccessChecker\setRevalidateFolderTokens
setRevalidateFolderTokens($revalidate_folder_tokens)
Definition: class.ilWebAccessChecker.php:344
ilWebAccessChecker\setAppliedCheckingMethods
setAppliedCheckingMethods($applied_checking_methods)
Definition: class.ilWebAccessChecker.php:408
ilWebAccessChecker\setOverrideMimetype
setOverrideMimetype($override_mimetype)
Definition: class.ilWebAccessChecker.php:296
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilWACCheckingClass
Class ilWACCheckingClass.
Definition: interface.ilWACCheckingClass.php:10
ilWACCookieInterface
Class ilWACCookieInterface.
Definition: interface.ilWACCookieInterface.php:8
ilWACHeaderInterface
Class ilWACHeaderInterface.
Definition: interface.ilWACHeaderInterface.php:8
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$DIC
global $DIC
Definition: imagemanager.php:32