ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAuthProviderECS.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6 include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7 
14 class ilAuthProviderECS extends ilAuthProvider implements ilAuthProviderInterface
15 {
16  protected $mid = null;
17  protected $abreviation = null;
18 
19  protected $currentServer = null;
20  protected $servers = null;
21 
22 
27  public function __construct(\ilAuthCredentials $credentials)
28  {
29  parent::__construct($credentials);
30 
31  $this->initECSServices();
32  }
33 
41  public function getAbreviation()
42  {
43  return $this->abreviation;
44  }
45 
51  public function getMID()
52  {
53  return $this->mid;
54  }
55 
56  public function setMID($a_mid)
57  {
58  $this->mid = $a_mid;
59  }
60 
65  public function setCurrentServer(ilECSSetting $server = null)
66  {
67  $this->currentServer = $server;
68  }
69 
74  public function getCurrentServer()
75  {
76  return $this->currentServer;
77  }
78 
83  public function getServerSettings()
84  {
85  return $this->servers;
86  }
87 
88 
94  public function doAuthentication(\ilAuthStatus $status)
95  {
96  $this->getLogger()->debug('Starting ECS authentication');
97  if(!$this->getServerSettings()->activeServerExists())
98  {
99  $this->getLogger()->warning('No active ecs server found. Aborting');
100  $this->handleAuthenticationFail($status, 'err_wrong_login');
101  return false;
102  }
103 
104  // Iterate through all active ecs instances
105  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
106  foreach($this->getServerSettings()->getServers() as $server)
107  {
108  $this->setCurrentServer($server);
109  if($this->validateHash())
110  {
111  // handle successful authentication
112  $new_usr_id = $this->handleLogin();
113  $this->getLogger()->info('ECS authentication successful.');
114  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
115  $status->setAuthenticatedUserId($new_usr_id);
116  return true;
117  }
118  }
119 
120  $this->getLogger()->warning('Could not validate ecs hash for any active server.');
121  $this->handleAuthenticationFail($status, 'err_wrong_login');
122  return false;
123  }
124 
125 
131  public function handleLogin()
132  {
133  include_once('./Services/WebServices/ECS/classes/class.ilECSUser.php');
134 
135  $user = new ilECSUser($_GET);
136 
137  if(!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId()))
138  {
139  $username = $this->createUser($user);
140  }
141  else
142  {
143  $username = $this->updateUser($user,$usr_id);
144  }
145 
146  // set user imported
147  include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
148  $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
149  $import->save();
150 
151  // Store remote user data
152  include_once './Services/WebServices/ECS/classes/class.ilECSRemoteUser.php';
153  $remote = new ilECSRemoteUser();
154  $remote->setServerId($this->getCurrentServer()->getServerId());
155  $remote->setMid($this->getMID());
156  $remote->setRemoteUserId($user->getImportId());
157  $remote->setUserId(ilObjUser::_lookupId($username));
158 
159  $this->getLogger()->info('Current user is: ' . $username);
160 
161  if(!$remote->exists())
162  {
163  $remote->create();
164  }
165  return ilObjUser::_lookupId($username);
166  }
167 
168 
177  public function validateHash()
178  {
179  global $ilLog;
180 
181  // fetch hash
182  if(isset($_GET['ecs_hash']) and strlen($_GET['ecs_hash']))
183  {
184  $hash = $_GET['ecs_hash'];
185  }
186  if(isset($_GET['ecs_hash_url']))
187  {
188  $hashurl = urldecode($_GET['ecs_hash_url']);
189  $hash = basename(parse_url($hashurl,PHP_URL_PATH));
190  //$hash = urldecode($_GET['ecs_hash_url']);
191  }
192 
193  $this->getLogger()->info('Using ecs hash: ' . $hash);
194  // Check if hash is valid ...
195  try
196  {
197  include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
198  $connector = new ilECSConnector($this->getCurrentServer());
199  $res = $connector->getAuth($hash);
200  $auths = $res->getResult();
201 
202  $this->getLogger()->dump($auths, ilLogLevel::DEBUG);
203 
204  if($auths->pid)
205  {
206  try
207  {
208  include_once './Services/WebServices/ECS/classes/class.ilECSCommunityReader.php';
209  $reader = ilECSCommunityReader::getInstanceByServerId($this->getCurrentServer()->getServerId());
210  $part = $reader->getParticipantByMID($auths->pid);
211 
212  if(is_object($part) and is_object($part->getOrganisation()))
213  {
214  $this->abreviation = $part->getOrganisation()->getAbbreviation();
215  }
216  else
217  {
218  $this->abreviation = $auths->abbr;
219  }
220  }
221  catch(Exception $e)
222  {
223  $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
224  return false;
225  }
226  }
227  else
228  {
229  $this->abreviation = $auths->abbr;
230  }
231 
232  $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
233  }
234  catch(ilECSConnectorException $e)
235  {
236  $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
237  return false;
238  }
239 
240  // read current mid
241  try
242  {
243  include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
244  $connector = new ilECSConnector($this->getCurrentServer());
245  $details = $connector->getAuth($hash,TRUE);
246 
247  $this->getLogger()->dump($details, ilLogLevel::DEBUG);
248  $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
249 
250  $this->setMID($details->getFirstSender());
251  }
252  catch(ilECSConnectorException $e)
253  {
254  $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
255  return false;
256  }
257  return true;
258  }
259 
260 
267  private function initECSServices()
268  {
269  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
270  $this->servers = ilECSServerSettings::getInstance();
271  }
272 
278  protected function createUser(ilECSUser $user)
279  {
280  global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
281 
282  $userObj = new ilObjUser();
283  $userObj->setOwner(SYSTEM_USER_ID);
284 
285  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
286  $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
287 
288  $newUser["login"] = $local_user;
289  $newUser["firstname"] = $user->getFirstname();
290  $newUser["lastname"] = $user->getLastname();
291  $newUser['email'] = $user->getEmail();
292  $newUser['institution'] = $user->getInstitution();
293 
294  // set "plain md5" password (= no valid password)
295  $newUser["passwd"] = "";
296  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
297 
298  $newUser["auth_mode"] = "ecs";
299  $newUser["profile_incomplete"] = 0;
300 
301  // system data
302  $userObj->assignData($newUser);
303  $userObj->setTitle($userObj->getFullname());
304  $userObj->setDescription($userObj->getEmail());
305 
306  // set user language to system language
307  $userObj->setLanguage($ilSetting->get("language"));
308 
309  // Time limit
310  $userObj->setTimeLimitOwner(7);
311  $userObj->setTimeLimitUnlimited(0);
312  $userObj->setTimeLimitFrom(time() - 5);
313  $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
314 
315  #$now = new ilDateTime(time(), IL_CAL_UNIX);
316  #$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
317 
318  // Create user in DB
319  $userObj->setOwner(6);
320  $userObj->create();
321  $userObj->setActive(1);
322  $userObj->updateOwner();
323  $userObj->saveAsNew();
324  $userObj->writePrefs();
325 
326  if($global_role = $this->getCurrentServer()->getGlobalRole())
327  {
328  $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
329  }
330  ilObject::_writeImportId($userObj->getId(), $user->getImportId());
331 
332  $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
333 
334  // Send Mail
335  #$this->sendNotification($userObj);
336  $this->resetMailOptions($userObj->getId());
337 
338  return $userObj->getLogin();
339  }
340 
346  protected function updateUser(ilECSUser $user,$a_local_user_id)
347  {
348  global $ilClientIniFile,$ilLog,$rbacadmin;
349 
350  $user_obj = new ilObjUser($a_local_user_id);
351  $user_obj->setFirstname($user->getFirstname());
352  $user_obj->setLastname($user->getLastname());
353  $user_obj->setEmail($user->getEmail());
354  $user_obj->setInstitution($user->getInstitution());
355  $user_obj->setActive(true);
356 
357  $until = $user_obj->getTimeLimitUntil();
358 
359  if($until < (time() + $ilClientIniFile->readVariable('session','expire')))
360  {
361  $user_obj->setTimeLimitFrom(time() - 60);
362  $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session","expire"));
363  }
364  $user_obj->update();
365  $user_obj->refreshLogin();
366 
367  if($global_role = $this->getCurrentServer()->getGlobalRole())
368  {
369  $rbacadmin->assignUser(
370  $this->getCurrentServer()->getGlobalRole(),
371  $user_obj->getId(),
372  true
373  );
374  }
375 
376  $this->resetMailOptions($a_local_user_id);
377 
378  $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
379  return $user_obj->getLogin();
380  }
381 
386  protected function resetMailOptions($a_usr_id)
387  {
388  include_once './Services/Mail/classes/class.ilMailOptions.php';
389  $options = new ilMailOptions($a_usr_id);
390  $options->updateOptions(
391  $options->getSignature(),
392  $options->getLinebreak(),
393  IL_MAIL_LOCAL,
394  $options->getCronjobNotification()
395  );
396  }
397 }
398 ?>
ilAuthProviderECS\resetMailOptions
resetMailOptions($a_usr_id)
Reset mail options to "local only".
Definition: class.ilAuthProviderECS.php:386
ilAuthProviderECS\handleLogin
handleLogin()
Called from base class after successful login.
Definition: class.ilAuthProviderECS.php:131
ilMailOptions
Class UserMail this class handles user mails.
Definition: class.ilMailOptions.php:17
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
ilECSUser\getFirstname
getFirstname()
get firstname
Definition: class.ilECSUser.php:86
ilAuthProviderECS\getServerSettings
getServerSettings()
Get server settings.
Definition: class.ilAuthProviderECS.php:83
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthProviderECS\getCurrentServer
getCurrentServer()
Get current server.
Definition: class.ilAuthProviderECS.php:74
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:611
ilECSRemoteUser
Storage of ecs remote user.
Definition: class.ilECSRemoteUser.php:8
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilAuthProviderECS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Tra ecs authentication.
Definition: class.ilAuthProviderECS.php:94
IL_MAIL_LOCAL
const IL_MAIL_LOCAL
Definition: class.ilMailOptions.php:4
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:118
ilAuthProviderECS\createUser
createUser(ilECSUser $user)
create new user
Definition: class.ilAuthProviderECS.php:278
ilECSCommunityReader\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilECSCommunityReader.php:98
ilAuthProviderECS\getAbreviation
getAbreviation()
get abbreviation
Definition: class.ilAuthProviderECS.php:41
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilAuthProviderECS
Auth prvider for ecs auth.
Definition: class.ilAuthProviderECS.php:14
ilAuthProviderECS\__construct
__construct(\ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderECS.php:27
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:64
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
ilECSUser\getLastname
getLastname()
getLastname
Definition: class.ilECSUser.php:96
ilECSImport
Storage of ECS imported objects.
Definition: class.ilECSImport.php:14
ilAuthProviderECS\initECSServices
initECSServices()
Init ECS Services private.
Definition: class.ilAuthProviderECS.php:267
ilAuthProviderECS\setCurrentServer
setCurrentServer(ilECSSetting $server=null)
Set current server.
Definition: class.ilAuthProviderECS.php:65
$ilLog
$ilLog
Definition: inc.setup_header.php:130
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProviderECS\updateUser
updateUser(ilECSUser $user, $a_local_user_id)
update existing user
Definition: class.ilAuthProviderECS.php:346
ilECSUser\getEmail
getEmail()
get email
Definition: class.ilECSUser.php:106
$server
$server
Definition: dummy_client.php:12
ilECSUser\getLogin
getLogin()
get login
Definition: class.ilECSUser.php:75
ilECSUser\getImportId
getImportId()
get Email
Definition: class.ilECSUser.php:127
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilObject\_writeImportId
static _writeImportId($a_obj_id, $a_import_id)
write import id to db (static)
Definition: class.ilObject.php:1158
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilECSUser\getInstitution
getInstitution()
get institution
Definition: class.ilECSUser.php:116
ilAuthProviderECS\validateHash
validateHash()
Validate ECS hash.
Definition: class.ilAuthProviderECS.php:177
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11
ilECSUser
Stores relevant user data.
Definition: class.ilECSUser.php:35
ilObject\_lookupObjIdByImportId
static _lookupObjIdByImportId($a_import_id)
Definition: class.ilObject.php:456