Apache auth provider. More...

Inheritance diagram for ilAuthProviderApache:

Collaboration diagram for ilAuthProviderApache:

Public Member Functions
	__construct (\ilAuthCredentials $credentials)
	Constructor. More...

	doAuthentication (\ilAuthStatus $status)

	migrateAccount (\ilAuthStatus $status)
	Migrate existing account Maybe ldap sync has to be performed here. More...

	createNewAccount (\ilAuthStatus $status)
	Create new account for account migration. More...

	getExternalAccountName ()
	Get external account name. More...

	setExternalAccountName ($a_name)
	Set external account name. More...

	getTriggerAuthMode ()
	Get auth mode of current authentication type. More...

	getUserAuthModeName ()
	Get user auth mode name. More...

Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...

	getLogger ()
	Get logger. More...

	getCredentials ()

	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

Public Member Functions inherited from ilAuthProviderAccountMigrationInterface
	getTriggerAuthMode ()
	Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...

	getUserAuthModeName ()
	Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...

	getExternalAccountName ()
	Get external account name. More...

	migrateAccount (ilAuthStatus $status)
	Create new account. More...

	createNewAccount (ilAuthStatus $status)
	Create new ILIAS account for external_account. More...

Data Fields
const	APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

const	APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

const	APACHE_AUTH_TYPE_BY_FUNCTION = 3

Data Fields inherited from ilAuthProvider
const	STATUS_UNDEFINED = 0

const	STATUS_AUTHENTICATION_SUCCESS = 1

const	STATUS_AUTHENTICATION_FAILED = 2

const	STATUS_MIGRATION = 3

Protected Member Functions
	getSettings ()
	Get setings. More...

	handleLDAPDataSource (ilAuthStatus $status)
	Handle ldap as data source. More...

Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, $a_reason)
	Handle failed authentication. More...

Private Attributes
	$settings = null

	$migration_account = ''

	$force_new_account = false

Detailed Description

Apache auth provider.

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 14 of file class.ilAuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderApache::__construct ( \ilAuthCredentials $credentials )

Constructor.

Parameters

\ilAuthCredentials $credentials

Definition at line 30 of file class.ilAuthProviderApache.php.

        {
                parent::__construct($credentials);
                
                include_once './Services/Administration/classes/class.ilSetting.php';
                $this->settings = new ilSetting('apache_auth');
        }

References ilAuthProvider\$credentials, and settings().

Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ilAuthProviderApache::createNewAccount ( \ilAuthStatus $status )

Create new account for account migration.

Parameters

\ilAuthStatus $status

Definition at line 142 of file class.ilAuthProviderApache.php.

        {
                $this->force_new_account = true;
                if($this->getSettings()->get('apache_enable_ldap'))
                {
                        return $this->handleLDAPDataSource($status);
                }
                // create new account
                if(
                        $this->getSettings()->get('apache_enable_local') && 
                        $this->getSettings()->get('apache_local_autocreate')
                )
                {
                        $this->getLogger()->info('Creating new apache auth account');
                        include_once './Services/User/classes/class.ilObjUser.php';
                        $user = new ilObjUser();
                        
                        $login = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
                        $user->setLogin($login);
                        $user->setExternalAccount($this->getCredentials()->getUsername());
                        $user->setProfileIncomplete(true);
                        $user->create();
                        $user->setAuthMode('apache');
                        // set a timestamp for last_password_change
                        // this ts is needed by ilSecuritySettings
                        $user->setLastPasswordChangeTS(time());
                        $user->setTimeLimitUnlimited(1);
 
                        $user->setActive(1);
                        //insert user data in table user_data
                        $user->saveAsNew();
                        $user->writePrefs();
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                                $this->getSettings()->get('apache_default_role', 4),
                                $user->getId(),
                                true
                        );
                        $status->setAuthenticatedUserId($user->getId());
                        $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
                        return true;
                }
                return false;
        }

References $GLOBALS, ilAuthProvider\$status, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), handleLDAPDataSource(), and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by doAuthentication().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderApache::doAuthentication ( \ilAuthStatus $status )

Parameters

\ilAuthStatus $status

Returns: bool

Implements ilAuthProviderInterface.

Definition at line 51 of file class.ilAuthProviderApache.php.

        {
                if(!$this->getSettings()->get('apache_enable_auth'))
                {
                        $this->getLogger()->info('Apache auth disabled.');
                        $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
                        return false;
                }
 
                if(
                        !$this->getSettings()->get('apache_auth_indicator_name') ||
                        !$this->getSettings()->get('apache_auth_indicator_value')
                        )
                {
                        $this->getLogger()->warning('Apache auth indicator match failure.');
                        $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
                        return false;
                }
 
                if(
                        !in_array(
                                $_SERVER[$this->getSettings()->get('apache_auth_indicator_name')],
                                array_filter(array_map('trim', str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))))
                        )
                )
                {
                        $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
                        $this->handleAuthenticationFail($status, 'err_wrong_login');
                        return false;
                }
 
                include_once './Services/Utilities/classes/class.ilUtil.php';
                if(!ilUtil::isLogin($this->getCredentials()->getUsername()))
                {
                        $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
                        $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
                        return false;
                }
 
                if(!strlen($this->getCredentials()->getUsername()))
                {
                        $this->getLogger()->info('No username given');
                        $this->handleAuthenticationFail($status, 'err_wrong_login');
                        return false;
                }
                
                // Apache with ldap as data source
                include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                if($this->getSettings()->get('apache_enable_ldap'))
                {
                        return $this->handleLDAPDataSource($status);
                }
                
                $login  = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
                $usr_id = ilObjUser::_lookupId($login);
                if(!$usr_id)
                {
                        // try to create user
                        if($this->createNewAccount($status))
                        {
                                return true;
                        }
                        $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
                        $this->handleAuthenticationFail($status, 'err_wrong_login');
                        return false;
                }
 
                $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
                $status->setAuthenticatedUserId($usr_id);
                return true;
        }

References $_SERVER, ilAuthProvider\$status, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), createNewAccount(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilUtil\isLogin(), and ilAuthStatus\STATUS_AUTHENTICATED.

Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderApache::getExternalAccountName ( )

Get external account name.

Returns: string

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 190 of file class.ilAuthProviderApache.php.

        {
                return $this->migration_account;
        }

References $migration_account.

◆ getSettings()

ilAuthProviderApache::getSettings ( )

protected

Get setings.

Returns: \ilSetting

Definition at line 42 of file class.ilAuthProviderApache.php.

        {
                return $this->settings;
        }

References $settings.

Referenced by createNewAccount(), doAuthentication(), getUserAuthModeName(), handleLDAPDataSource(), and migrateAccount().

Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderApache::getTriggerAuthMode ( )

Get auth mode of current authentication type.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 207 of file class.ilAuthProviderApache.php.

        {
                return AUTH_APACHE;
        }

References AUTH_APACHE.

◆ getUserAuthModeName()

ilAuthProviderApache::getUserAuthModeName ( )

Get user auth mode name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 215 of file class.ilAuthProviderApache.php.

        {
                if($this->getSettings()->get('apache_ldap_sid'))
                {
                        return 'ldap_'.(string) $this->getSettings()->get('apache_ldap_sid');
                }
                return 'apache';
        }

References getSettings().

Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderApache::handleLDAPDataSource ( ilAuthStatus $status )

protected

Handle ldap as data source.

Parameters

Auth	$auth
string	$ext_account

Definition at line 229 of file class.ilAuthProviderApache.php.

        {
                include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                $server = ilLDAPServer::getInstanceByServerId(
                        $this->getSettings()->get('apache_ldap_sid')
                );
                
                $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
 
                include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
                $sync = new ilLDAPUserSynchronisation('ldap_'.$server->getServerId(), $server->getServerId());
                $sync->setExternalAccount($this->getCredentials()->getUsername());
                $sync->setUserData(array());
                $sync->forceCreation($this->force_new_account);
                $sync->forceReadLdapData(true);
                
                try {
                        $internal_account = $sync->sync();
                        $this->getLogger()->debug('Internal account: ' . $internal_account);
                }
                catch(UnexpectedValueException $e) {
                        $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
                        $this->handleAuthenticationFail($status, 'err_wrong_login');
                        return false;
                }
                catch(ilLDAPSynchronisationForbiddenException $e) {
                        // No syncronisation allowed => create Error
                        $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
                        $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
                        return false;
                }
                catch(ilLDAPAccountMigrationRequiredException $e) {
                        // Account migration required
                        $this->setExternalAccountName($this->getCredentials()->getUsername());
                        $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
                        $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
                        return false;
                }
                $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
                $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
                return true;
        }

References $server, ilAuthProvider\$status, ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), setExternalAccountName(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderApache::migrateAccount ( \ilAuthStatus $status )

Migrate existing account Maybe ldap sync has to be performed here.

Parameters

ilAuthStatus	$status
int	$a_usr_id

Definition at line 129 of file class.ilAuthProviderApache.php.

        {
                $this->force_new_account = true;
                if($this->getSettings()->get('apache_enable_ldap'))
                {
                        return $this->handleLDAPDataSource($status);
                }
        }

References getSettings(), and handleLDAPDataSource().

Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderApache::setExternalAccountName ( $a_name )

Set external account name.

Parameters

string $a_name

Definition at line 199 of file class.ilAuthProviderApache.php.

        {
                $this->migration_account = $a_name;
        }

Referenced by handleLDAPDataSource().

Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

ilAuthProviderApache::$force_new_account = false

private

Definition at line 23 of file class.ilAuthProviderApache.php.

◆ $migration_account

ilAuthProviderApache::$migration_account = ''

private

Definition at line 22 of file class.ilAuthProviderApache.php.

Referenced by getExternalAccountName().

◆ $settings

ilAuthProviderApache::$settings = null

private

Definition at line 20 of file class.ilAuthProviderApache.php.

Referenced by getSettings().

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 18 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 16 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 17 of file class.ilAuthProviderApache.php.

The documentation for this class was generated from the following file:

Services/AuthApache/classes/class.ilAuthProviderApache.php

Public Member Functions

Data Fields

Protected Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ createNewAccount()

◆ doAuthentication()

◆ getExternalAccountName()

◆ getSettings()

◆ getTriggerAuthMode()

◆ getUserAuthModeName()

◆ handleLDAPDataSource()

◆ migrateAccount()

◆ setExternalAccountName()

Field Documentation

◆ $force_new_account

◆ $migration_account

◆ $settings

◆ APACHE_AUTH_TYPE_BY_FUNCTION

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING