ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference

Description of class class. More...

+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 Constructor. More...
 
 getAuthSession ()
 Get auth session. More...
 
 getCredentials ()
 Get auth credentials. More...
 
 getProviders ()
 Get providers. More...
 
 getStatus ()
 
 resetStatus ()
 Reset status. More...
 
 getLogger ()
 Get logger. More...
 
 migrateAccount (ilAuthSession $session)
 Migrate Account to existing user account. More...
 
 migrateAccountNew ()
 Create new user account. More...
 
 authenticate ()
 Try to authenticate user. More...
 

Data Fields

const MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 Handle account migration. More...
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 Handle successful authentication. More...
 
 checkActivation (ilObjUser $user)
 Check activation. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 Check time limit. More...
 
 checkIp (ilObjUser $user)
 Check ip. More...
 
 checkSimultaneousLogins (ilObjUser $user)
 Check simultaneous logins. More...
 
 handleAuthenticationFail ()
 Handle failed authenication. More...
 

Private Attributes

 $logger = null
 
 $credentials = null
 
 $status = null
 
 $providers = array()
 
 $auth_session = null
 
 $authenticated = false
 

Detailed Description

Description of class class.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 11 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)

Constructor.

Parameters
ilAuthSession$session
ilAuthCredentials$credentials

Definition at line 30 of file class.ilAuthFrontend.php.

References $credentials, $providers, $status, and ilLoggerFactory\getLogger().

31  {
32  $this->logger = ilLoggerFactory::getLogger('auth');
33 
34  $this->auth_session = $session;
35  $this->credentials = $credentials;
36  $this->status = $status;
37  $this->providers = $providers;
38  }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Try to authenticate user.

Definition at line 174 of file class.ilAuthFrontend.php.

References League\OAuth2\Client\Provider\$provider, getLogger(), getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

175  {
176  foreach($this->getProviders() as $provider)
177  {
178  $this->resetStatus();
179 
180  $this->getLogger()->debug('Trying authentication against: ' . get_class($provider));
181 
182  $provider->doAuthentication($this->getStatus());
183 
184  $this->getLogger()->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
185 
186  switch($this->getStatus()->getStatus())
187  {
188  case ilAuthStatus::STATUS_AUTHENTICATED:
189  return $this->handleAuthenticationSuccess($provider);
190 
191  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
192  $this->getLogger()->notice("Account migration required.");
193  return $this->handleAccountMigration($provider);
194 
195  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
196  default:
197  $this->getLogger()->debug('Authentication failed against: ' . get_class($provider));
198  break;
199  }
200  }
201  return $this->handleAuthenticationFail();
202  }
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:62
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:230
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Handle account migration.
Definition: class.ilAuthFrontend.php:208
ilAuthFrontend\resetStatus
resetStatus()
Reset status.
Definition: class.ilAuthFrontend.php:78
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:475
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Check activation.

Parameters
ilObjUser$user

Definition at line 387 of file class.ilAuthFrontend.php.

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

388  {
389  return $user->getActive();
390  }
ilObjUser\getActive
getActive()
get user active state public
Definition: class.ilObjUser.php:2137
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( \ilObjUser  $user)
protected
Parameters
\ilObjUser$user
Returns
bool

Definition at line 396 of file class.ilAuthFrontend.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), array, ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

397  {
398  if(in_array($user->getId(), array(ANONYMOUS_USER_ID)))
399  {
400  return true;
401  }
402 
403  $isInactive = !$user->getActive();
404  if(!$isInactive)
405  {
406  return true;
407  }
408 
409  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
410  $security = ilSecuritySettings::_getInstance();
411  $maxLoginAttempts = $security->getLoginMaxAttempts();
412 
413  if(!(int)$maxLoginAttempts)
414  {
415  return true;
416  }
417 
418  $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
419 
420  return $numLoginAttempts < $maxLoginAttempts;
421  }
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4681
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Check ip.

Definition at line 436 of file class.ilAuthFrontend.php.

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

437  {
438  $clientip = $user->getClientIP();
439  if (trim($clientip) != "")
440  {
441  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
442  $clientip = str_replace(".","\\.",$clientip);
443  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
444 
445  ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
446 
447  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
448  {
449  return false;
450  }
451  }
452  return true;
453  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjUser\getClientIP
getClientIP()
get client ip number public
Definition: class.ilObjUser.php:1816
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Check simultaneous logins.

Parameters
ilObjUser$user

Definition at line 459 of file class.ilAuthFrontend.php.

References $GLOBALS, getAuthSession(), ilObject\getId(), getLogger(), and ilObjUser\hasActiveSession().

Referenced by handleAuthenticationSuccess().

460  {
461  $this->getLogger()->debug('Setting prevent simultaneous session is: ' . (string) $GLOBALS['ilSetting']->get('ps_prevent_simultaneous_logins'));
462  if(
463  $GLOBALS['ilSetting']->get('ps_prevent_simultaneous_logins') &&
464  ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId())
465  )
466  {
467  return false;
468  }
469  return true;
470  }
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2451
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilObject\getId
getId()
get object id public
Definition: class.ilObject.php:290
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:44
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Check time limit.

Parameters
ilObjUser$user
Returns
type

Definition at line 428 of file class.ilAuthFrontend.php.

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

429  {
430  return $user->checkTimeLimit();
431  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Get auth session.

Returns
ilAuthSession

Definition at line 44 of file class.ilAuthFrontend.php.

References $auth_session.

Referenced by checkSimultaneousLogins(), and handleAuthenticationSuccess().

45  {
46  return $this->auth_session;
47  }
+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Get auth credentials.

Returns
ilAuthCredentials

Definition at line 53 of file class.ilAuthFrontend.php.

References $credentials.

Referenced by handleAuthenticationFail(), and migrateAccount().

54  {
55  return $this->credentials;
56  }
+ Here is the caller graph for this function:

◆ getLogger()

ilAuthFrontend::getLogger ( )

Get logger.

Returns
ilLogger

Definition at line 89 of file class.ilAuthFrontend.php.

References $logger.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), checkSimultaneousLogins(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), and migrateAccount().

90  {
91  return $this->logger;
92  }
+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )

Get providers.

Returns
ilAuthProviderInterface[] $provider

Definition at line 62 of file class.ilAuthFrontend.php.

References $providers.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), and migrateAccount().

63  {
64  return $this->providers;
65  }
+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )
Returns

Definition at line 70 of file class.ilAuthFrontend.php.

References $status.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), migrateAccount(), migrateAccountNew(), and resetStatus().

71  {
72  return $this->status;
73  }
+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Handle account migration.

Parameters
ilAuthProvider$provider

Definition at line 208 of file class.ilAuthFrontend.php.

References $_SESSION, ilLogLevel\DEBUG, ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getLogger(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), and ilSession\set().

Referenced by authenticate().

209  {
210  $this->getLogger()->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
211  $this->getLogger()->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
212  $this->getLogger()->debug('External account: ' . $provider->getExternalAccountName());
213 
214  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
215  #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
216 
217  ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
218  ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
219  ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
220 
221  $this->getLogger()->dump($_SESSION, ilLogLevel::DEBUG);
222 
223  return true;
224  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:401
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth...
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Handle failed authenication.

Definition at line 475 of file class.ilAuthFrontend.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), array, getCredentials(), getLogger(), and getStatus().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

476  {
477  $this->getLogger()->debug('Authentication failed for all authentication methods.');
478 
479  $user_id = ilObjUser::_lookupId($this->getCredentials()->getUsername());
480  if(!in_array($user_id, array(ANONYMOUS_USER_ID)))
481  {
482  ilObjUser::_incrementLoginAttempts($user_id);
483  $login_attempts = ilObjUser::_getLoginAttempts($user_id);
484 
485  $this->getLogger()->notice('Increased login attempts for user: ' . $this->getCredentials()->getUsername());
486 
487  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
488  $security = ilSecuritySettings::_getInstance();
489  $max_attempts = $security->getLoginMaxAttempts();
490 
491  if((int) $max_attempts && $login_attempts >= $max_attempts)
492  {
493  $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
494  $this->getLogger()->warning('User account set to inactive due to exceeded login attempts.');
495  ilObjUser::_setUserInactive($user_id);
496  }
497  }
498  }
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4693
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:53
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4681
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4704
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Handle successful authentication.

Parameters
ilAuthProviderInterface$provider

Definition at line 230 of file class.ilAuthFrontend.php.

References $_SERVER, $GLOBALS, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilObjUser\_resetLoginAttempts(), array, checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, getAuthSession(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), getLogger(), getStatus(), ilSessionControl\handleLoginEvent(), ilUserProfile\isProfileIncomplete(), ilSession\set(), ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), migrateAccount(), and migrateAccountNew().

231  {
232  include_once './Services/Object/classes/class.ilObjectFactory.php';
233  $factory = new ilObjectFactory();
234  $user = $factory->getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(),false);
235 
236  // reset expired status
237  $this->getAuthSession()->setExpired(false);
238 
239  if(!$user instanceof ilObjUser)
240  {
241  $this->getLogger()->error('Cannot instatiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
242  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
243  $this->getStatus()->setAuthenticatedUserId(0);
244  $this->getStatus()->setReason('auth_err_invalid_user_account');
245  return false;
246  }
247 
248  if(!$this->checkExceededLoginAttempts($user))
249  {
250  $this->getLogger()->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
251  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
252  $this->getStatus()->setAuthenticatedUserId(0);
253  $this->getStatus()->setReason('err_inactive_login_attempts');
254  return false;
255  }
256 
257  if(!$this->checkActivation($user))
258  {
259  $this->getLogger()->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
260  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
261  $this->getStatus()->setAuthenticatedUserId(0);
262  $this->getStatus()->setReason('err_inactive');
263  return false;
264  }
265 
266  // time limit
267  if(!$this->checkTimeLimit($user))
268  {
269  $this->getLogger()->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
270 
271  if($GLOBALS['ilSetting']->get('user_reactivate_code'))
272  {
273  $this->getLogger()->debug('Accout reactivation codes are active');
274  $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
275  }
276  else
277  {
278  $this->getLogger()->debug('Accout reactivation codes are inactive');
279  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
280  $this->getStatus()->setAuthenticatedUserId(0);
281  }
282  $this->getStatus()->setReason('time_limit_reached');
283  return false;
284  }
285 
286  // ip check
287  if(!$this->checkIp($user))
288  {
289  $this->getLogger()->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
290  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
291  $this->getStatus()->setAuthenticatedUserId(0);
292 
293  $this->getStatus()->setTranslatedReason(
294  sprintf(
295  $GLOBALS['DIC']->language()->txt('wrong_ip_detected'),
296  $_SERVER['REMOTE_ADDR']
297  )
298  );
299  return false;
300  }
301 
302  // check simultaneos logins
303  $this->getLogger()->debug('Check simutaneous login');
304  if(!$this->checkSimultaneousLogins($user))
305  {
306  $this->getLogger()->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
307  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
308  $this->getStatus()->setAuthenticatedUserId(0);
309  $this->getStatus()->setReason('simultaneous_login_detected');
310  return false;
311  }
312 
313  // check if profile is complete
314  include_once "Services/User/classes/class.ilUserProfile.php";
315  if(ilUserProfile::isProfileIncomplete($user) && ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
316  {
317  ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
318  $user->setProfileIncomplete(true);
319  $user->update();
320  }
321 
322  // redirects in case of error (session pool limit reached)
323  ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
324 
325 
326  // @todo move to event handling
327  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
328  ilOnlineTracking::addUser($user->getId());
329 
330  // @todo move to event handling
331  include_once 'Modules/Forum/classes/class.ilObjForum.php';
332  ilObjForum::_updateOldAccess($user->getId());
333 
334  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
335  $security_settings = ilSecuritySettings::_getInstance();
336 
337  // determine first login of user for setting an indicator
338  // which still is available in PersonalDesktop, Repository, ...
339  // (last login date is set to current date in next step)
340  if(
341  $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
342  $user->getLastLogin() == null
343  )
344  {
345  $user->resetLastPasswordChange();
346  }
347  $user->refreshLogin();
348 
349  // reset counter for failed logins
350  ilObjUser::_resetLoginAttempts($user->getId());
351 
352 
353  $this->getLogger()->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
354  $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
355 
356  include_once './Services/Init/classes/class.ilInitialisation.php';
357  ilInitialisation::initUserAccount();
358 
359  ilSession::set('orig_request_target', '');
360  $user->hasToAcceptTermsOfServiceInSession(true);
361 
362 
363  // --- anonymous/registered user
364  $this->getLogger()->info(
365  'logged in as '. $user->getLogin() .
366  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
367  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
368  );
369 
370  // finally raise event
371  global $ilAppEventHandler;
372  $ilAppEventHandler->raise(
373  'Services/Authentication',
374  'afterLogin',
375  array(
376  'username' => $user->getLogin())
377  );
378 
379  return true;
380 
381  }
ilObjUser\_lookupLogin
static _lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:771
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:872
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilObjectFactory
Class ilObjectFactory.
Definition: class.ilObjectFactory.php:20
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Check ip.
Definition: class.ilAuthFrontend.php:436
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(\ilObjUser $user)
Definition: class.ilAuthFrontend.php:396
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Check simultaneous logins.
Definition: class.ilAuthFrontend.php:459
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:401
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4670
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Check time limit.
Definition: class.ilAuthFrontend.php:428
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Check activation.
Definition: class.ilAuthFrontend.php:387
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:21
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:44
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Migrate Account to existing user account.

Parameters
ilAuthSession$session
type$a_username
type$a_auth_mode
type$a_desired_authmode
Exceptions

Definition at line 102 of file class.ilAuthFrontend.php.

References League\OAuth2\Client\Provider\$provider, ilSession\get(), getCredentials(), getLogger(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ilAuthSession\isAuthenticated(), and ilAuthStatus\STATUS_AUTHENTICATED.

103  {
104  if(!$session->isAuthenticated())
105  {
106  $this->getLogger()->warning('Desired user account is not authenticated');
107  return false;
108  }
109  include_once './Services/Object/classes/class.ilObjectFactory.php';
110  $user_factory = new ilObjectFactory();
111  $user = $user_factory->getInstanceByObjId($session->getUserId(), false);
112 
113  if(!$user instanceof ilObjUser)
114  {
115  $this->getLogger()->info('Cannot instanitate user account for account migration: ' . $session->getUserId());
116  return false;
117  }
118 
119  $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
120 
121  $this->getLogger()->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
122 
123  $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
124  $user->update();
125 
126  foreach($this->getProviders() as $provider)
127  {
128  if(!$provider instanceof ilAuthProviderAccountMigrationInterface)
129  {
130  $this->logger->warning('Provider: ' . get_class($provider) .' does not support account migration.');
131  throw new InvalidArgumentException('Invalid auth provider given.');
132  }
133  $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
134  $provider->migrateAccount($this->getStatus());
135  switch($this->getStatus()->getStatus())
136  {
137  case ilAuthStatus::STATUS_AUTHENTICATED:
138  return $this->handleAuthenticationSuccess($provider);
139 
140  }
141  }
142  return $this->handleAuthenticationFail();
143  }
ilObjectFactory
Class ilObjectFactory.
Definition: class.ilObjectFactory.php:20
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:62
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:230
ilSession\get
static get($a_var)
Get a value.
Definition: class.ilSession.php:412
ilAuthSession\isAuthenticated
isAuthenticated()
Check if session is authenticated.
Definition: class.ilAuthSession.php:122
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:53
ilAuthFrontend\getLogger
getLogger()
Get logger.
Definition: class.ilAuthFrontend.php:89
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:177
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:475
+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Create new user account.

Definition at line 148 of file class.ilAuthFrontend.php.

References League\OAuth2\Client\Provider\$provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), and ilAuthStatus\STATUS_AUTHENTICATED.

149  {
150  foreach($this->providers as $provider)
151  {
152  if(!$provider instanceof ilAuthProviderAccountMigrationInterface)
153  {
154  $this->logger->warning('Provider: ' . get_class($provider) .' does not support account migration.');
155  throw new InvalidArgumentException('Invalid auth provider given.');
156  }
157  $provider->createNewAccount($this->getStatus());
158 
159  switch($this->getStatus()->getStatus())
160  {
161  case ilAuthStatus::STATUS_AUTHENTICATED:
162  return $this->handleAuthenticationSuccess($provider);
163 
164  }
165  }
166  return $this->handleAuthenticationFail();
167  }
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:230
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:475
+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Reset status.

Definition at line 78 of file class.ilAuthFrontend.php.

References getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by ilAuthFrontendHTTP\authenticate(), and authenticate().

79  {
80  $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
81  $this->getStatus()->setReason('');
82  $this->getStatus()->setAuthenticatedUserId(0);
83  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthFrontend::$auth_session = null
private

Definition at line 21 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $authenticated

ilAuthFrontend::$authenticated = false
private

Definition at line 23 of file class.ilAuthFrontend.php.

◆ $credentials

ilAuthFrontend::$credentials = null
private

Definition at line 18 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getCredentials().

◆ $logger

ilAuthFrontend::$logger = null
private

Definition at line 17 of file class.ilAuthFrontend.php.

Referenced by getLogger().

◆ $providers

ilAuthFrontend::$providers = array()
private

Definition at line 20 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getProviders().

◆ $status

ilAuthFrontend::$status = null
private

Definition at line 19 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getStatus().

◆ MIG_DESIRED_AUTHMODE

const ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 15 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 13 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 14 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: