ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderApache Class Reference

Apache auth provider. More...

+ Inheritance diagram for ilAuthProviderApache:
+ Collaboration diagram for ilAuthProviderApache:

Public Member Functions

 __construct (\ilAuthCredentials $credentials)
 Constructor. More...
 
 doAuthentication (\ilAuthStatus $status)
 
 migrateAccount (\ilAuthStatus $status)
 Migrate existing account Maybe ldap sync has to be performed here. More...
 
 createNewAccount (\ilAuthStatus $status)
 Create new account for account migration. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 setExternalAccountName ($a_name)
 Set external account name. More...
 
 getTriggerAuthMode ()
 Get auth mode of current authentication type. More...
 
 getUserAuthModeName ()
 Get user auth mode name. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderAccountMigrationInterface
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 

Data Fields

const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1
 
const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2
 
const APACHE_AUTH_TYPE_BY_FUNCTION = 3
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Protected Member Functions

 getSettings ()
 Get setings. More...
 
 handleLDAPDataSource (ilAuthStatus $status)
 Handle ldap as data source. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $settings = null
 
 $migration_account = ''
 
 $force_new_account = false
 

Detailed Description

Apache auth provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 14 of file class.ilAuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderApache::__construct ( \ilAuthCredentials  $credentials)

Constructor.

Parameters
\ilAuthCredentials$credentials

Definition at line 30 of file class.ilAuthProviderApache.php.

References settings().

31  {
32  parent::__construct($credentials);
33 
34  include_once './Services/Administration/classes/class.ilSetting.php';
35  $this->settings = new ilSetting('apache_auth');
36  }
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:32
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ilAuthProviderApache::createNewAccount ( \ilAuthStatus  $status)

Create new account for account migration.

Parameters
\ilAuthStatus$status

Definition at line 142 of file class.ilAuthProviderApache.php.

References $GLOBALS, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), handleLDAPDataSource(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_AUTHENTICATED, and time.

Referenced by doAuthentication().

143  {
144  $this->force_new_account = true;
145  if($this->getSettings()->get('apache_enable_ldap'))
146  {
147  return $this->handleLDAPDataSource($status);
148  }
149  // create new account
150  if(
151  $this->getSettings()->get('apache_enable_local') &&
152  $this->getSettings()->get('apache_local_autocreate')
153  )
154  {
155  $this->getLogger()->info('Creating new apache auth account');
156  include_once './Services/User/classes/class.ilObjUser.php';
157  $user = new ilObjUser();
158 
159  $login = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
160  $user->setLogin($login);
161  $user->setExternalAccount($this->getCredentials()->getUsername());
162  $user->setProfileIncomplete(true);
163  $user->create();
164  $user->setAuthMode('apache');
165  // set a timestamp for last_password_change
166  // this ts is needed by ilSecuritySettings
167  $user->setLastPasswordChangeTS(time());
168  $user->setTimeLimitUnlimited(1);
169 
170  $user->setActive(1);
171  //insert user data in table user_data
172  $user->saveAsNew();
173  $user->writePrefs();
174  $GLOBALS['DIC']->rbac()->admin()->assignUser(
175  $this->getSettings()->get('apache_default_role', 4),
176  $user->getId(),
177  true
178  );
179  $status->setAuthenticatedUserId($user->getId());
180  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
181  return true;
182  }
183  return false;
184  }
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:611
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Handle ldap as data source.
Definition: class.ilAuthProviderApache.php:229
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderApache::doAuthentication ( \ilAuthStatus  $status)
Parameters
\ilAuthStatus$status
Returns
bool

Implements ilAuthProviderInterface.

Definition at line 51 of file class.ilAuthProviderApache.php.

References $_SERVER, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), createNewAccount(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilUtil\isLogin(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

52  {
53  if(!$this->getSettings()->get('apache_enable_auth'))
54  {
55  $this->getLogger()->info('Apache auth disabled.');
56  $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
57  return false;
58  }
59 
60  if(
61  !$this->getSettings()->get('apache_auth_indicator_name') ||
62  !$this->getSettings()->get('apache_auth_indicator_value')
63  )
64  {
65  $this->getLogger()->warning('Apache auth indicator match failure.');
66  $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
67  return false;
68  }
69 
70  if(
71  !in_array(
72  $_SERVER[$this->getSettings()->get('apache_auth_indicator_name')],
73  array_filter(array_map('trim', str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))))
74  )
75  )
76  {
77  $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
78  $this->handleAuthenticationFail($status, 'err_wrong_login');
79  return false;
80  }
81 
82  include_once './Services/Utilities/classes/class.ilUtil.php';
83  if(!ilUtil::isLogin($this->getCredentials()->getUsername()))
84  {
85  $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
86  $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
87  return false;
88  }
89 
90  if(!strlen($this->getCredentials()->getUsername()))
91  {
92  $this->getLogger()->info('No username given');
93  $this->handleAuthenticationFail($status, 'err_wrong_login');
94  return false;
95  }
96 
97  // Apache with ldap as data source
98  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
99  if($this->getSettings()->get('apache_enable_ldap'))
100  {
101  return $this->handleLDAPDataSource($status);
102  }
103 
104  $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
105  $usr_id = ilObjUser::_lookupId($login);
106  if(!$usr_id)
107  {
108  // try to create user
109  if($this->createNewAccount($status))
110  {
111  return true;
112  }
113  $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
114  $this->handleAuthenticationFail($status, 'err_wrong_login');
115  return false;
116  }
117 
118  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
119  $status->setAuthenticatedUserId($usr_id);
120  return true;
121  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Handle ldap as data source.
Definition: class.ilAuthProviderApache.php:229
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilAuthProviderApache\createNewAccount
createNewAccount(\ilAuthStatus $status)
Create new account for account migration.
Definition: class.ilAuthProviderApache.php:142
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1408
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderApache::getExternalAccountName ( )

Get external account name.

Returns
string

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 190 of file class.ilAuthProviderApache.php.

References $migration_account.

191  {
192  return $this->migration_account;
193  }

◆ getSettings()

ilAuthProviderApache::getSettings ( )
protected

Get setings.

Returns

Definition at line 42 of file class.ilAuthProviderApache.php.

References $settings.

Referenced by createNewAccount(), doAuthentication(), getUserAuthModeName(), handleLDAPDataSource(), and migrateAccount().

43  {
44  return $this->settings;
45  }
+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderApache::getTriggerAuthMode ( )

Get auth mode of current authentication type.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 207 of file class.ilAuthProviderApache.php.

References AUTH_APACHE.

208  {
209  return AUTH_APACHE;
210  }
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19

◆ getUserAuthModeName()

ilAuthProviderApache::getUserAuthModeName ( )

Get user auth mode name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 215 of file class.ilAuthProviderApache.php.

References getSettings().

216  {
217  if($this->getSettings()->get('apache_ldap_sid'))
218  {
219  return 'ldap_'.(string) $this->getSettings()->get('apache_ldap_sid');
220  }
221  return 'apache';
222  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderApache::handleLDAPDataSource ( ilAuthStatus  $status)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 229 of file class.ilAuthProviderApache.php.

References $server, ilObjUser\_lookupId(), array, ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilLDAPUserSynchronisation\setExternalAccount(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

230  {
231  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
232  $server = ilLDAPServer::getInstanceByServerId(
233  $this->getSettings()->get('apache_ldap_sid')
234  );
235 
236  $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
237 
238  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
239  $sync = new ilLDAPUserSynchronisation('ldap_'.$server->getServerId(), $server->getServerId());
240  $sync->setExternalAccount($this->getCredentials()->getUsername());
241  $sync->setUserData(array());
242  $sync->forceCreation($this->force_new_account);
243  $sync->forceReadLdapData(true);
244 
245  try {
246  $internal_account = $sync->sync();
247  $this->getLogger()->debug('Internal account: ' . $internal_account);
248  }
249  catch(UnexpectedValueException $e) {
250  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
251  $this->handleAuthenticationFail($status, 'err_wrong_login');
252  return false;
253  }
254  catch(ilLDAPSynchronisationForbiddenException $e) {
255  // No syncronisation allowed => create Error
256  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
257  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
258  return false;
259  }
260  catch(ilLDAPAccountMigrationRequiredException $e) {
261  // Account migration required
262  $this->setExternalAccountName($this->getCredentials()->getUsername());
263  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
264  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
265  return false;
266  }
267  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
268  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
269  return true;
270  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:118
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:64
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$server
$server
Definition: dummy_client.php:12
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthProviderApache\setExternalAccountName
setExternalAccountName($a_name)
Set external account name.
Definition: class.ilAuthProviderApache.php:199
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderApache::migrateAccount ( \ilAuthStatus  $status)

Migrate existing account Maybe ldap sync has to be performed here.

Parameters
ilAuthStatus$status
int$a_usr_id

Definition at line 129 of file class.ilAuthProviderApache.php.

References getSettings(), and handleLDAPDataSource().

130  {
131  $this->force_new_account = true;
132  if($this->getSettings()->get('apache_enable_ldap'))
133  {
134  return $this->handleLDAPDataSource($status);
135  }
136  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Handle ldap as data source.
Definition: class.ilAuthProviderApache.php:229
+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderApache::setExternalAccountName (   $a_name)

Set external account name.

Parameters
string$a_name

Definition at line 199 of file class.ilAuthProviderApache.php.

Referenced by handleLDAPDataSource().

200  {
201  $this->migration_account = $a_name;
202  }
+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

ilAuthProviderApache::$force_new_account = false
private

Definition at line 23 of file class.ilAuthProviderApache.php.

◆ $migration_account

ilAuthProviderApache::$migration_account = ''
private

Definition at line 22 of file class.ilAuthProviderApache.php.

Referenced by getExternalAccountName().

◆ $settings

ilAuthProviderApache::$settings = null
private

Definition at line 20 of file class.ilAuthProviderApache.php.

Referenced by getSettings().

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 18 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 16 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 17 of file class.ilAuthProviderApache.php.

The documentation for this class was generated from the following file: