ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAuthProviderECS.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7
15{
16 protected $mid = null;
17 protected $abreviation = null;
18
19 protected $currentServer = null;
20 protected $servers = null;
21
22
28 {
29 parent::__construct($credentials);
30
31 $this->initECSServices();
32 }
33
41 public function getAbreviation()
42 {
43 return $this->abreviation;
44 }
45
51 public function getMID()
52 {
53 return $this->mid;
54 }
55
56 public function setMID($a_mid)
57 {
58 $this->mid = $a_mid;
59 }
60
65 public function setCurrentServer(ilECSSetting $server = null)
66 {
67 $this->currentServer = $server;
68 }
69
74 public function getCurrentServer()
75 {
77 }
78
83 public function getServerSettings()
84 {
85 return $this->servers;
86 }
87
88
95 {
96 $this->getLogger()->debug('Starting ECS authentication');
97 if(!$this->getServerSettings()->activeServerExists())
98 {
99 $this->getLogger()->warning('No active ecs server found. Aborting');
100 $this->handleAuthenticationFail($status, 'err_wrong_login');
101 return false;
102 }
103
104 // Iterate through all active ecs instances
105 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
106 foreach($this->getServerSettings()->getServers() as $server)
107 {
108 $this->setCurrentServer($server);
109 if($this->validateHash())
110 {
111 // handle successful authentication
112 $new_usr_id = $this->handleLogin();
113 $this->getLogger()->info('ECS authentication successful.');
115 $status->setAuthenticatedUserId($new_usr_id);
116 return true;
117 }
118 }
119
120 $this->getLogger()->warning('Could not validate ecs hash for any active server.');
121 $this->handleAuthenticationFail($status, 'err_wrong_login');
122 return false;
123 }
124
125
131 public function handleLogin()
132 {
133 include_once('./Services/WebServices/ECS/classes/class.ilECSUser.php');
134
135 $user = new ilECSUser($_GET);
136
137 if(!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId()))
138 {
139 $username = $this->createUser($user);
140 }
141 else
142 {
143 $username = $this->updateUser($user,$usr_id);
144 }
145
146 // set user imported
147 include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
148 $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
149 $import->save();
150
151 // Store remote user data
152 include_once './Services/WebServices/ECS/classes/class.ilECSRemoteUser.php';
153 $remote = new ilECSRemoteUser();
154 $remote->setServerId($this->getCurrentServer()->getServerId());
155 $remote->setMid($this->getMID());
156 $remote->setRemoteUserId($user->getImportId());
157 $remote->setUserId(ilObjUser::_lookupId($username));
158
159 $this->getLogger()->info('Current user is: ' . $username);
160
161 if(!$remote->exists())
162 {
163 $remote->create();
164 }
165 return ilObjUser::_lookupId($username);
166 }
167
168
177 public function validateHash()
178 {
179 global $ilLog;
180
181 // fetch hash
182 if(isset($_GET['ecs_hash']) and strlen($_GET['ecs_hash']))
183 {
184 $hash = $_GET['ecs_hash'];
185 }
186 if(isset($_GET['ecs_hash_url']))
187 {
188 $hashurl = urldecode($_GET['ecs_hash_url']);
189 $hash = basename(parse_url($hashurl,PHP_URL_PATH));
190 //$hash = urldecode($_GET['ecs_hash_url']);
191 }
192
193 $this->getLogger()->info('Using ecs hash: ' . $hash);
194 // Check if hash is valid ...
195 try
196 {
197 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
198 $connector = new ilECSConnector($this->getCurrentServer());
199 $res = $connector->getAuth($hash);
200 $auths = $res->getResult();
201
202 $this->getLogger()->dump($auths, ilLogLevel::DEBUG);
203
204 if($auths->pid)
205 {
206 try
207 {
208 include_once './Services/WebServices/ECS/classes/class.ilECSCommunityReader.php';
210 $part = $reader->getParticipantByMID($auths->pid);
211
212 if(is_object($part) and is_object($part->getOrganisation()))
213 {
214 $this->abreviation = $part->getOrganisation()->getAbbreviation();
215 }
216 else
217 {
218 $this->abreviation = $auths->abbr;
219 }
220 }
221 catch(Exception $e)
222 {
223 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
224 return false;
225 }
226 }
227 else
228 {
229 $this->abreviation = $auths->abbr;
230 }
231
232 $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
233 }
235 {
236 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
237 return false;
238 }
239
240 // read current mid
241 try
242 {
243 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
244 $connector = new ilECSConnector($this->getCurrentServer());
245 $details = $connector->getAuth($hash,TRUE);
246
247 $this->getLogger()->dump($details, ilLogLevel::DEBUG);
248 $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
249
250 $this->setMID($details->getFirstSender());
251 }
253 {
254 $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
255 return false;
256 }
257 return true;
258 }
259
260
267 private function initECSServices()
268 {
269 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
270 $this->servers = ilECSServerSettings::getInstance();
271 }
272
278 protected function createUser(ilECSUser $user)
279 {
280 global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
281
282 $userObj = new ilObjUser();
283 $userObj->setOwner(SYSTEM_USER_ID);
284
285 include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
286 $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
287
288 $newUser["login"] = $local_user;
289 $newUser["firstname"] = $user->getFirstname();
290 $newUser["lastname"] = $user->getLastname();
291 $newUser['email'] = $user->getEmail();
292 $newUser['institution'] = $user->getInstitution();
293
294 // set "plain md5" password (= no valid password)
295 $newUser["passwd"] = "";
296 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
297
298 $newUser["auth_mode"] = "ecs";
299 $newUser["profile_incomplete"] = 0;
300
301 // system data
302 $userObj->assignData($newUser);
303 $userObj->setTitle($userObj->getFullname());
304 $userObj->setDescription($userObj->getEmail());
305
306 // set user language to system language
307 $userObj->setLanguage($ilSetting->get("language"));
308
309 // Time limit
310 $userObj->setTimeLimitOwner(7);
311 $userObj->setTimeLimitUnlimited(0);
312 $userObj->setTimeLimitFrom(time() - 5);
313 $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
314
315 #$now = new ilDateTime(time(), IL_CAL_UNIX);
316 #$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
317
318 // Create user in DB
319 $userObj->setOwner(6);
320 $userObj->create();
321 $userObj->setActive(1);
322 $userObj->updateOwner();
323 $userObj->saveAsNew();
324 $userObj->writePrefs();
325
326 if($global_role = $this->getCurrentServer()->getGlobalRole())
327 {
328 $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
329 }
330 ilObject::_writeImportId($userObj->getId(), $user->getImportId());
331
332 $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
333
334 // Send Mail
335 #$this->sendNotification($userObj);
336 $this->resetMailOptions($userObj->getId());
337
338 return $userObj->getLogin();
339 }
340
346 protected function updateUser(ilECSUser $user,$a_local_user_id)
347 {
348 global $ilClientIniFile,$ilLog,$rbacadmin;
349
350 $user_obj = new ilObjUser($a_local_user_id);
351 $user_obj->setFirstname($user->getFirstname());
352 $user_obj->setLastname($user->getLastname());
353 $user_obj->setEmail($user->getEmail());
354 $user_obj->setInstitution($user->getInstitution());
355 $user_obj->setActive(true);
356
357 $until = $user_obj->getTimeLimitUntil();
358
359 if($until < (time() + $ilClientIniFile->readVariable('session','expire')))
360 {
361 $user_obj->setTimeLimitFrom(time() - 60);
362 $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session","expire"));
363 }
364 $user_obj->update();
365 $user_obj->refreshLogin();
366
367 if($global_role = $this->getCurrentServer()->getGlobalRole())
368 {
369 $rbacadmin->assignUser(
370 $this->getCurrentServer()->getGlobalRole(),
371 $user_obj->getId(),
372 true
373 );
374 }
375
376 $this->resetMailOptions($a_local_user_id);
377
378 $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
379 return $user_obj->getLogin();
380 }
381
386 protected function resetMailOptions($a_usr_id)
387 {
388 include_once './Services/Mail/classes/class.ilMailOptions.php';
389 $options = new ilMailOptions($a_usr_id);
390 $options->updateOptions(
391 $options->getSignature(),
392 $options->getLinebreak(),
394 $options->getCronjobNotification()
395 );
396 }
397}
398?>
$_GET["client_id"]
An exception for terminatinating execution or to throw for unit testing.
const IL_MAIL_LOCAL
const IL_PASSWD_CRYPTED
Auth prvider for ecs auth.
doAuthentication(\ilAuthStatus $status)
Tra ecs authentication.
__construct(\ilAuthCredentials $credentials)
Constructor.
getServerSettings()
Get server settings.
getAbreviation()
get abbreviation
createUser(ilECSUser $user)
create new user
initECSServices()
Init ECS Services @access private.
handleLogin()
Called from base class after successful login.
getCurrentServer()
Get current server.
updateUser(ilECSUser $user, $a_local_user_id)
update existing user
validateHash()
Validate ECS hash.
resetMailOptions($a_usr_id)
Reset mail options to "local only".
setCurrentServer(ilECSSetting $server=null)
Set current server.
Base class for authentication providers (radius, ldap, apache, ...)
getLogger()
Get logger.
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Auth status implementation.
setStatus($a_status)
Set auth status.
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
static getInstanceByServerId($a_server_id)
Get instance by server id.
Storage of ECS imported objects.
Storage of ecs remote user.
static getInstance()
Get singleton instance.
Stores relevant user data.
getFirstname()
get firstname
getLastname()
getLastname
getLogin()
get login
getImportId()
get Email
getEmail()
get email
getInstitution()
get institution
Class UserMail this class handles user mails.
static _lookupId($a_user_str)
Lookup id by login.
static _writeImportId($a_obj_id, $a_import_id)
write import id to db (static)
static _lookupObjIdByImportId($a_import_id)
$server
Interface of auth credentials.
Standard interface for auth provider implementations.
global $ilSetting
Definition: privfeed.php:17
if(!is_array($argv)) $options