ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 require_once('./Services/WebAccessChecker/classes/class.ilWACSignedPath.php');
3 require_once('./Services/WebAccessChecker/classes/class.ilWACPath.php');
4 require_once('./Services/WebAccessChecker/classes/class.ilWACSecurePath.php');
5 require_once('./Services/WebAccessChecker/classes/class.ilWACLog.php');
6 require_once('./Services/Init/classes/class.ilInitialisation.php');
7 require_once('./Services/FileDelivery/classes/class.ilFileDelivery.php');
8 require_once('./Services/WebAccessChecker/classes/class.ilWACCookie.php');
9 require_once('./Services/WebAccessChecker/classes/class.ilWACHeader.php');
10 
17 class ilWebAccessChecker {
18 
19  const DISPOSITION = 'disposition';
20  const STATUS_CODE = 'status_code';
21  const REVALIDATE = 'revalidate';
22  const CM_FILE_TOKEN = 1;
23  const CM_FOLDER_TOKEN = 2;
24  const CM_CHECKINGINSTANCE = 3;
25  const CM_SECFOLDER = 4;
29  protected $path_object = null;
33  protected $checked = false;
37  protected $disposition = ilFileDelivery::DISP_INLINE;
41  protected $override_mimetype = '';
45  protected $send_status_code = false;
49  protected $initialized = false;
53  protected $revalidate_folder_tokens = true;
57  protected static $DEBUG = false;
61  protected static $use_seperate_logfile = false;
65  protected $cookie = null;
69  protected $header = null;
73  protected $applied_checking_methods = array();
74 
75 
82  public function __construct($path, ilWACCookieInterface $ilWACCookieInterface = null, ilWACHeaderInterface $ilWACHeaderInterface = null) {
83  $this->setPathObject(new ilWACPath($path));
84  $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
85  $this->setHeader($ilWACHeaderInterface ? $ilWACHeaderInterface : new ilWACHeader());
86  }
87 
88 
93  public function check() {
94  ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
95  if (!$this->getPathObject()) {
96  throw new ilWACException(ilWACException::CODE_NO_PATH);
97  }
98 
99  // Check if Path has been signed with a token
100  $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
101  if ($ilWACSignedPath->isSignedPath()) {
102  $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
103  if ($ilWACSignedPath->isSignedPathValid()) {
104  $this->setChecked(true);
105  ilWACLog::getInstance()->write('checked using token');
106  $this->sendHeader('checked using token');
107 
108  return true;
109  }
110  }
111 
112  // Check if the whole secured folder has been signed
113  if ($ilWACSignedPath->isFolderSigned()) {
114  $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
115  if ($ilWACSignedPath->isFolderTokenValid()) {
116  if ($this->isRevalidateFolderTokens()) {
117  $ilWACSignedPath->revalidatingFolderToken();
118  }
119  $this->setChecked(true);
120  ilWACLog::getInstance()->write('checked using secure folder');
121  $this->sendHeader('checked using secure folder');
122 
123  return true;
124  }
125  }
126 
127  // Fallback, have to initiate ILIAS
128  $this->initILIAS();
129 
130  // Maybe the path has been registered, lets check
131  $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
132  if ($checkingInstance instanceof ilWACCheckingClass) {
133  $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
134  ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
135  $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
136  if ($canBeDelivered) {
137  ilWACLog::getInstance()->write('checked using fallback');
138  $this->sendHeader('checked using fallback');
139  if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
140  $ilWACSignedPath->revalidatingFolderToken();
141  }
142 
143  $this->setChecked(true);
144 
145  return true;
146  } else {
147  ilWACLog::getInstance()->write('checking-instance denied access');
148  $this->setChecked(true);
149 
150  return false;
151  }
152  }
153 
154  // none of the checking mechanisms could have been applied. no access
155  $this->setChecked(true);
156  ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
157  if ($this->getPathObject()->isInSecFolder()) {
158  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
159  ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
160 
161  return false;
162  } else {
163  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
164  ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
165 
166  return true;
167  }
168  }
169 
170 
174  protected function sendHeader($message) {
175  $this->getHeader()->sendHeader('X-ILIAS-WebAccessChecker: ' . $message);
176  }
177 
178 
183  public function initILIAS() {
184  if ($this->isInitialized()) {
185  return true;
186  }
187  $GLOBALS['COOKIE_PATH'] = '/';
188  $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
189  ilContext::init(ilContext::CONTEXT_WAC);
190  try {
191  ilWACLog::getInstance()->write('init ILIAS');
192  ilInitialisation::initILIAS();
193  $this->checkUser();
194  $this->checkPublicSection();
195  } catch (Exception $e) {
196  if ($e instanceof ilWACException
197  && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
198  throw $e;
199  }
200  if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
201  || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
202  $this->initAnonymousSession();
203  $this->checkUser();
204  $this->checkPublicSection();
205  }
206  }
207  $this->setInitialized(true);
208  }
209 
210 
211  protected function checkPublicSection() {
212  global $DIC;
213  $not_on_login_page = $this->isRequestNotFromLoginPage();
214  $is_anonymous = ((int)$DIC->user()->getId() === (int)ANONYMOUS_USER_ID);
215  $is_null_user = ($DIC->user()->getId() === 0);
216  $pub_section_activated = (bool)$DIC['ilSetting']->get('pub_section');
217  $isset = isset($DIC['ilSetting']);
218  $instanceof = $DIC['ilSetting'] instanceof ilSetting;
219  if (!$isset || !$instanceof || (!$pub_section_activated && ($is_anonymous || ($is_null_user && $not_on_login_page)))) {
220  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
221  }
222  }
223 
224 
225  protected function checkUser() {
226  global $DIC;
227 
228  $is_user = $DIC->user() instanceof ilObjUser;
229  $user_id_is_zero = ((int)$DIC->user()->getId() === 0);
230  $not_on_login_page = $this->isRequestNotFromLoginPage();
231  if (!$is_user || ($user_id_is_zero && $not_on_login_page)) {
232  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
233  }
234  }
235 
236 
240  public function isChecked() {
241  return $this->checked;
242  }
243 
244 
248  public function setChecked($checked) {
249  $this->checked = $checked;
250  }
251 
252 
256  public function getPathObject() {
257  return $this->path_object;
258  }
259 
260 
264  public function setPathObject($path_object) {
265  $this->path_object = $path_object;
266  }
267 
268 
272  public function getDisposition() {
273  return $this->disposition;
274  }
275 
276 
280  public function setDisposition($disposition) {
281  $this->disposition = $disposition;
282  }
283 
284 
288  public function getOverrideMimetype() {
289  return $this->override_mimetype;
290  }
291 
292 
296  public function setOverrideMimetype($override_mimetype) {
297  $this->override_mimetype = $override_mimetype;
298  }
299 
300 
304  public function isInitialized() {
305  return $this->initialized;
306  }
307 
308 
312  public function setInitialized($initialized) {
313  $this->initialized = $initialized;
314  }
315 
316 
320  public function isSendStatusCode() {
321  return $this->send_status_code;
322  }
323 
324 
328  public function setSendStatusCode($send_status_code) {
329  $this->send_status_code = $send_status_code;
330  }
331 
332 
336  public function isRevalidateFolderTokens() {
337  return $this->revalidate_folder_tokens;
338  }
339 
340 
344  public function setRevalidateFolderTokens($revalidate_folder_tokens) {
345  $this->revalidate_folder_tokens = $revalidate_folder_tokens;
346  }
347 
348 
352  public static function isDEBUG() {
353  return self::$DEBUG;
354  }
355 
356 
360  public static function setDEBUG($DEBUG) {
361  self::$DEBUG = $DEBUG;
362  }
363 
364 
368  public static function isUseSeperateLogfile() {
369  return self::$use_seperate_logfile;
370  }
371 
372 
376  public static function setUseSeperateLogfile($use_seperate_logfile) {
377  self::$use_seperate_logfile = $use_seperate_logfile;
378  }
379 
380 
384  public function getCookie() {
385  return $this->cookie;
386  }
387 
388 
392  public function setCookie($cookie) {
393  $this->cookie = $cookie;
394  }
395 
396 
400  public function getAppliedCheckingMethods() {
401  return $this->applied_checking_methods;
402  }
403 
404 
408  public function setAppliedCheckingMethods($applied_checking_methods) {
409  $this->applied_checking_methods = $applied_checking_methods;
410  }
411 
412 
416  protected function addAppliedCheckingMethod($method) {
417  $this->applied_checking_methods[] = $method;
418  }
419 
420 
424  public function getHeader() {
425  return $this->header;
426  }
427 
428 
432  public function setHeader($header) {
433  $this->header = $header;
434  }
435 
436 
437  protected function initAnonymousSession() {
438  global $DIC;
439  include_once './Services/Context/classes/class.ilContext.php';
440  ilContext::init(ilContext::CONTEXT_WAC);
441  require_once("Services/Init/classes/class.ilInitialisation.php");
442  ilInitialisation::reinitILIAS();
446  $ilAuthSession = $DIC['ilAuthSession'];
447  $ilAuthSession->init();
448  $ilAuthSession->regenerateId();
449  $a_id = (int)ANONYMOUS_USER_ID;
450  $ilAuthSession->setUserId($a_id);
451  $ilAuthSession->setAuthenticated(false, $a_id);
452  $DIC->user()->setId($a_id);
453  }
454 
455 
459  protected function isRequestNotFromLoginPage() {
460  $referrer = !is_null($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
461  $not_on_login_page = (strpos($referrer, 'login.php') === false
462  && strpos($referrer, '&baseClass=ilStartUpGUI') === false);
463 
464  return $not_on_login_page;
465  }
466 }
ilWebAccessChecker\setUseSeperateLogfile
static setUseSeperateLogfile($use_seperate_logfile)
Definition: class.ilWebAccessChecker.php:376
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:32
$path
$path
Definition: aliased.php:25
ilWACHeaderInterface
Class ilWACHeaderInterface.
Definition: interface.ilWACHeaderInterface.php:8
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:31
ilWebAccessChecker\setAppliedCheckingMethods
setAppliedCheckingMethods($applied_checking_methods)
Definition: class.ilWebAccessChecker.php:408
ilWACHeader
Class ilWACHeader.
Definition: class.ilWACHeader.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilWACCookieInterface
Class ilWACCookieInterface.
Definition: interface.ilWACCookieInterface.php:8
ilWACLog\getInstance
static getInstance()
Definition: class.ilWACLog.php:40
ilWebAccessChecker\__construct
__construct($path, ilWACCookieInterface $ilWACCookieInterface=null, ilWACHeaderInterface $ilWACHeaderInterface=null)
ilWebAccessChecker constructor.
Definition: class.ilWebAccessChecker.php:82
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:9
ilWebAccessChecker\setRevalidateFolderTokens
setRevalidateFolderTokens($revalidate_folder_tokens)
Definition: class.ilWebAccessChecker.php:344
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:839
ilWACCookie
Class ilWACCookie.
Definition: class.ilWACCookie.php:9
ilWebAccessChecker
Class ilWebAccessChecker.
Definition: class.ilWebAccessChecker.php:17
ilWebAccessChecker\setSendStatusCode
setSendStatusCode($send_status_code)
Definition: class.ilWebAccessChecker.php:328
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:13
header
Add a drawing to the header
Definition: 04printing.php:69
ilWACCheckingClass
Class ilWACCheckingClass.
Definition: interface.ilWACCheckingClass.php:10
ilWebAccessChecker\setOverrideMimetype
setOverrideMimetype($override_mimetype)
Definition: class.ilWebAccessChecker.php:296
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:42
$DIC
global $DIC
Definition: imagemanager.php:32