ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference

Description of class class. More...

+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 Constructor. More...
 
 getAuthSession ()
 Get auth session. More...
 
 getCredentials ()
 Get auth credentials. More...
 
 getProviders ()
 Get providers. More...
 
 getStatus ()
 
 resetStatus ()
 Reset status. More...
 
 getLogger ()
 Get logger. More...
 
 migrateAccount (ilAuthSession $session)
 Migrate Account to existing user account. More...
 
 migrateAccountNew ()
 Create new user account. More...
 
 authenticate ()
 Try to authenticate user. More...
 

Data Fields

const MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 Handle account migration. More...
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 Handle successful authentication. More...
 
 checkActivation (ilObjUser $user)
 Check activation. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 Check time limit. More...
 
 checkIp (ilObjUser $user)
 Check ip. More...
 
 checkSimultaneousLogins (ilObjUser $user)
 Check simultaneous logins. More...
 
 handleAuthenticationFail ()
 Handle failed authenication. More...
 

Private Attributes

 $logger = null
 
 $credentials = null
 
 $status = null
 
 $providers = array()
 
 $auth_session = null
 
 $authenticated = false
 

Detailed Description

Description of class class.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 11 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)

Constructor.

Parameters
ilAuthSession$session
ilAuthCredentials$credentials

Definition at line 30 of file class.ilAuthFrontend.php.

31 {
32 $this->logger = ilLoggerFactory::getLogger('auth');
33
34 $this->auth_session = $session;
35 $this->credentials = $credentials;
36 $this->status = $status;
37 $this->providers = $providers;
38 }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82

References $credentials, $providers, $status, and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Try to authenticate user.

Reimplemented in ilAuthFrontendHTTP.

Definition at line 174 of file class.ilAuthFrontend.php.

175 {
176 foreach($this->getProviders() as $provider)
177 {
178 $this->resetStatus();
179
180 $this->getLogger()->debug('Trying authentication against: ' . get_class($provider));
181
182 $provider->doAuthentication($this->getStatus());
183
184 $this->getLogger()->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
185
186 switch($this->getStatus()->getStatus())
187 {
188 case ilAuthStatus::STATUS_AUTHENTICATED:
189 return $this->handleAuthenticationSuccess($provider);
190
191 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
192 $this->getLogger()->notice("Account migration required.");
193 return $this->handleAccountMigration($provider);
194
195 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
196 default:
197 $this->getLogger()->debug('Authentication failed against: ' . get_class($provider));
198 break;
199 }
200 }
201 return $this->handleAuthenticationFail();
202 }
ilAuthFrontend\resetStatus
resetStatus()
Reset status.
Definition: class.ilAuthFrontend.php:78
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:475
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Handle account migration.
Definition: class.ilAuthFrontend.php:208
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:62
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:230
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20

References League\OAuth2\Client\Provider\$provider, getLogger(), getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Check activation.

Parameters
ilObjUser$user

Definition at line 387 of file class.ilAuthFrontend.php.

388 {
389 return $user->getActive();
390 }
ilObjUser\getActive
getActive()
get user active state @access public
Definition: class.ilObjUser.php:2137

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( \ilObjUser  $user)
protected
Parameters
\ilObjUser$user
Returns
bool

Definition at line 396 of file class.ilAuthFrontend.php.

397 {
398 if(in_array($user->getId(), array(ANONYMOUS_USER_ID)))
399 {
400 return true;
401 }
402
403 $isInactive = !$user->getActive();
404 if(!$isInactive)
405 {
406 return true;
407 }
408
409 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
410 $security = ilSecuritySettings::_getInstance();
411 $maxLoginAttempts = $security->getLoginMaxAttempts();
412
413 if(!(int)$maxLoginAttempts)
414 {
415 return true;
416 }
417
418 $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
419
420 return $numLoginAttempts < $maxLoginAttempts;
421 }
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4681
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Check ip.

Definition at line 436 of file class.ilAuthFrontend.php.

437 {
438 $clientip = $user->getClientIP();
439 if (trim($clientip) != "")
440 {
441 $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
442 $clientip = str_replace(".","\\.",$clientip);
443 $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
444
445 ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
446
447 if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
448 {
449 return false;
450 }
451 }
452 return true;
453 }
ilObjUser\getClientIP
getClientIP()
get client ip number @access public
Definition: class.ilObjUser.php:1816
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Check simultaneous logins.

Parameters
ilObjUser$user

Definition at line 459 of file class.ilAuthFrontend.php.

460 {
461 $this->getLogger()->debug('Setting prevent simultaneous session is: ' . (string) $GLOBALS['ilSetting']->get('ps_prevent_simultaneous_logins'));
462 if(
463 $GLOBALS['ilSetting']->get('ps_prevent_simultaneous_logins') &&
464 ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId())
465 )
466 {
467 return false;
468 }
469 return true;
470 }
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2451
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:290
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18

References $GLOBALS, ilObject\getId(), getLogger(), and ilObjUser\hasActiveSession().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Check time limit.

Parameters
ilObjUser$user
Returns
type

Definition at line 428 of file class.ilAuthFrontend.php.

429 {
430 return $user->checkTimeLimit();
431 }

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Get auth session.

Returns
ilAuthSession

Definition at line 44 of file class.ilAuthFrontend.php.

45 {
46 return $this->auth_session;
47 }

References $auth_session.

Referenced by handleAuthenticationSuccess().

+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Get auth credentials.

Returns
ilAuthCredentials

Definition at line 53 of file class.ilAuthFrontend.php.

54 {
55 return $this->credentials;
56 }

References $credentials.

Referenced by handleAuthenticationFail(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getLogger()

ilAuthFrontend::getLogger ( )

Get logger.

Returns
ilLogger

Definition at line 89 of file class.ilAuthFrontend.php.

90 {
91 return $this->logger;
92 }

References $logger.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), checkSimultaneousLogins(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )

Get providers.

Returns
ilAuthProviderInterface[] $provider

Definition at line 62 of file class.ilAuthFrontend.php.

63 {
64 return $this->providers;
65 }

References $providers.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )
Returns
\ilAuthStatus

Definition at line 70 of file class.ilAuthFrontend.php.

71 {
72 return $this->status;
73 }

References $status.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), migrateAccount(), migrateAccountNew(), and resetStatus().

+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Handle account migration.

Parameters
ilAuthProvider$provider

Definition at line 208 of file class.ilAuthFrontend.php.

209 {
210 $this->getLogger()->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
211 $this->getLogger()->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
212 $this->getLogger()->debug('External account: ' . $provider->getExternalAccountName());
213
214 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
215 #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
216
217 ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
218 ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
219 ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
220
221 $this->getLogger()->dump($_SESSION, ilLogLevel::DEBUG);
222
223 return true;
224 }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:401
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

References $_SESSION, League\OAuth2\Client\Provider\$provider, ilLogLevel\DEBUG, ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getLogger(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), and ilSession\set().

Referenced by authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Handle failed authenication.

Reimplemented in ilAuthFrontendHTTP.

Definition at line 475 of file class.ilAuthFrontend.php.

476 {
477 $this->getLogger()->debug('Authentication failed for all authentication methods.');
478
479 $user_id = ilObjUser::_lookupId($this->getCredentials()->getUsername());
480 if(!in_array($user_id, array(ANONYMOUS_USER_ID)))
481 {
482 ilObjUser::_incrementLoginAttempts($user_id);
483 $login_attempts = ilObjUser::_getLoginAttempts($user_id);
484
485 $this->getLogger()->notice('Increased login attempts for user: ' . $this->getCredentials()->getUsername());
486
487 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
488 $security = ilSecuritySettings::_getInstance();
489 $max_attempts = $security->getLoginMaxAttempts();
490
491 if((int) $max_attempts && $login_attempts >= $max_attempts)
492 {
493 $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
494 $this->getLogger()->warning('User account set to inactive due to exceeded login attempts.');
495 ilObjUser::_setUserInactive($user_id);
496 }
497 }
498 }
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:53
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4693
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4704

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), getCredentials(), getLogger(), and getStatus().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Handle successful authentication.

Parameters
ilAuthProviderInterface$provider

Definition at line 230 of file class.ilAuthFrontend.php.

231 {
232 include_once './Services/Object/classes/class.ilObjectFactory.php';
233 $factory = new ilObjectFactory();
234 $user = $factory->getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(),false);
235
236 // reset expired status
237 $this->getAuthSession()->setExpired(false);
238
239 if(!$user instanceof ilObjUser)
240 {
241 $this->getLogger()->error('Cannot instatiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
242 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
243 $this->getStatus()->setAuthenticatedUserId(0);
244 $this->getStatus()->setReason('auth_err_invalid_user_account');
245 return false;
246 }
247
248 if(!$this->checkExceededLoginAttempts($user))
249 {
250 $this->getLogger()->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
251 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
252 $this->getStatus()->setAuthenticatedUserId(0);
253 $this->getStatus()->setReason('err_inactive_login_attempts');
254 return false;
255 }
256
257 if(!$this->checkActivation($user))
258 {
259 $this->getLogger()->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
260 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
261 $this->getStatus()->setAuthenticatedUserId(0);
262 $this->getStatus()->setReason('err_inactive');
263 return false;
264 }
265
266 // time limit
267 if(!$this->checkTimeLimit($user))
268 {
269 $this->getLogger()->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
270
271 if($GLOBALS['ilSetting']->get('user_reactivate_code'))
272 {
273 $this->getLogger()->debug('Accout reactivation codes are active');
274 $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
275 }
276 else
277 {
278 $this->getLogger()->debug('Accout reactivation codes are inactive');
279 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
280 $this->getStatus()->setAuthenticatedUserId(0);
281 }
282 $this->getStatus()->setReason('time_limit_reached');
283 return false;
284 }
285
286 // ip check
287 if(!$this->checkIp($user))
288 {
289 $this->getLogger()->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
290 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
291 $this->getStatus()->setAuthenticatedUserId(0);
292
293 $this->getStatus()->setTranslatedReason(
294 sprintf(
295 $GLOBALS['DIC']->language()->txt('wrong_ip_detected'),
296 $_SERVER['REMOTE_ADDR']
297 )
298 );
299 return false;
300 }
301
302 // check simultaneos logins
303 $this->getLogger()->debug('Check simutaneous login');
304 if(!$this->checkSimultaneousLogins($user))
305 {
306 $this->getLogger()->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
307 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
308 $this->getStatus()->setAuthenticatedUserId(0);
309 $this->getStatus()->setReason('simultaneous_login_detected');
310 return false;
311 }
312
313 // check if profile is complete
314 include_once "Services/User/classes/class.ilUserProfile.php";
315 if(ilUserProfile::isProfileIncomplete($user) && ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
316 {
317 ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
318 $user->setProfileIncomplete(true);
319 $user->update();
320 }
321
322 // redirects in case of error (session pool limit reached)
323 ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
324
325
326 // @todo move to event handling
327 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
328 ilOnlineTracking::addUser($user->getId());
329
330 // @todo move to event handling
331 include_once 'Modules/Forum/classes/class.ilObjForum.php';
332 ilObjForum::_updateOldAccess($user->getId());
333
334 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
335 $security_settings = ilSecuritySettings::_getInstance();
336
337 // determine first login of user for setting an indicator
338 // which still is available in PersonalDesktop, Repository, ...
339 // (last login date is set to current date in next step)
340 if(
341 $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
342 $user->getLastLogin() == null
343 )
344 {
345 $user->resetLastPasswordChange();
346 }
347 $user->refreshLogin();
348
349 // reset counter for failed logins
350 ilObjUser::_resetLoginAttempts($user->getId());
351
352
353 $this->getLogger()->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
354 $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
355
356 include_once './Services/Init/classes/class.ilInitialisation.php';
357 ilInitialisation::initUserAccount();
358
359 ilSession::set('orig_request_target', '');
360 $user->hasToAcceptTermsOfServiceInSession(true);
361
362
363 // --- anonymous/registered user
364 $this->getLogger()->info(
365 'logged in as '. $user->getLogin() .
366 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
367 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
368 );
369
370 // finally raise event
371 global $ilAppEventHandler;
372 $ilAppEventHandler->raise(
373 'Services/Authentication',
374 'afterLogin',
375 array(
376 'username' => $user->getLogin())
377 );
378
379 return true;
380
381 }
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Check activation.
Definition: class.ilAuthFrontend.php:387
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Check ip.
Definition: class.ilAuthFrontend.php:436
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(\ilObjUser $user)
Definition: class.ilAuthFrontend.php:396
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Check time limit.
Definition: class.ilAuthFrontend.php:428
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Check simultaneous logins.
Definition: class.ilAuthFrontend.php:459
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:44
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:21
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4670
ilObjUser\_lookupLogin
static _lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:771
ilObjectFactory
Class ilObjectFactory.
Definition: class.ilObjectFactory.php:21
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:872

References $_SERVER, $GLOBALS, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilObjUser\_resetLoginAttempts(), checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, getAuthSession(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), getLogger(), getStatus(), ilSessionControl\handleLoginEvent(), ilUserProfile\isProfileIncomplete(), ilSession\set(), sprintf, ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Migrate Account to existing user account.

Parameters
ilAuthSession$session
type$a_username
type$a_auth_mode
type$a_desired_authmode
Exceptions

InvalidArgumentException if current auth provider does not support account migration

Definition at line 102 of file class.ilAuthFrontend.php.

103 {
104 if(!$session->isAuthenticated())
105 {
106 $this->getLogger()->warning('Desired user account is not authenticated');
107 return false;
108 }
109 include_once './Services/Object/classes/class.ilObjectFactory.php';
110 $user_factory = new ilObjectFactory();
111 $user = $user_factory->getInstanceByObjId($session->getUserId(), false);
112
113 if(!$user instanceof ilObjUser)
114 {
115 $this->getLogger()->info('Cannot instanitate user account for account migration: ' . $session->getUserId());
116 return false;
117 }
118
119 $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
120
121 $this->getLogger()->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
122
123 $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
124 $user->update();
125
126 foreach($this->getProviders() as $provider)
127 {
128 if(!$provider instanceof ilAuthProviderAccountMigrationInterface)
129 {
130 $this->logger->warning('Provider: ' . get_class($provider) .' does not support account migration.');
131 throw new InvalidArgumentException('Invalid auth provider given.');
132 }
133 $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
134 $provider->migrateAccount($this->getStatus());
135 switch($this->getStatus()->getStatus())
136 {
137 case ilAuthStatus::STATUS_AUTHENTICATED:
138 return $this->handleAuthenticationSuccess($provider);
139
140 }
141 }
142 return $this->handleAuthenticationFail();
143 }
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:177
ilAuthSession\isAuthenticated
isAuthenticated()
Check if session is authenticated.
Definition: class.ilAuthSession.php:122
ilSession\get
static get($a_var)
Get a value.
Definition: class.ilSession.php:412

References League\OAuth2\Client\Provider\$provider, ilSession\get(), getCredentials(), getLogger(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ilAuthSession\isAuthenticated(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Create new user account.

Definition at line 148 of file class.ilAuthFrontend.php.

149 {
150 foreach($this->providers as $provider)
151 {
152 if(!$provider instanceof ilAuthProviderAccountMigrationInterface)
153 {
154 $this->logger->warning('Provider: ' . get_class($provider) .' does not support account migration.');
155 throw new InvalidArgumentException('Invalid auth provider given.');
156 }
157 $provider->createNewAccount($this->getStatus());
158
159 switch($this->getStatus()->getStatus())
160 {
161 case ilAuthStatus::STATUS_AUTHENTICATED:
162 return $this->handleAuthenticationSuccess($provider);
163
164 }
165 }
166 return $this->handleAuthenticationFail();
167 }

References League\OAuth2\Client\Provider\$provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Reset status.

Definition at line 78 of file class.ilAuthFrontend.php.

79 {
80 $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
81 $this->getStatus()->setReason('');
82 $this->getStatus()->setAuthenticatedUserId(0);
83 }

References getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by authenticate(), and ilAuthFrontendHTTP\authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthFrontend::$auth_session = null
private

Definition at line 21 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $authenticated

ilAuthFrontend::$authenticated = false
private

Definition at line 23 of file class.ilAuthFrontend.php.

◆ $credentials

ilAuthFrontend::$credentials = null
private

Definition at line 18 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getCredentials().

◆ $logger

ilAuthFrontend::$logger = null
private

Definition at line 17 of file class.ilAuthFrontend.php.

Referenced by getLogger().

◆ $providers

ilAuthFrontend::$providers = array()
private

Definition at line 20 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getProviders().

◆ $status

ilAuthFrontend::$status = null
private

Definition at line 19 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getStatus().

◆ MIG_DESIRED_AUTHMODE

const ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 15 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 13 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 14 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: