ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilWebAccessChecker.php
Go to the documentation of this file.
1<?php
2// declare(strict_types=1);
3
4use ILIAS\HTTP\Cookies\CookieFactory;
5use ILIAS\HTTP\Cookies\CookieWrapper;
6use ILIAS\HTTP\GlobalHttpState;
7use Psr\Http\Message\UriInterface;
8
9require_once('./Services/WebAccessChecker/classes/class.ilWACSignedPath.php');
10require_once('./Services/WebAccessChecker/classes/class.ilWACPath.php');
11require_once('./Services/WebAccessChecker/classes/class.ilWACSecurePath.php');
12require_once('./Services/Init/classes/class.ilInitialisation.php');
13require_once('./Services/FileDelivery/classes/class.ilFileDelivery.php');
14
21class ilWebAccessChecker
22{
23 const DISPOSITION = 'disposition';
24 const STATUS_CODE = 'status_code';
25 const REVALIDATE = 'revalidate';
26 const CM_FILE_TOKEN = 1;
27 const CM_FOLDER_TOKEN = 2;
28 const CM_CHECKINGINSTANCE = 3;
29 const CM_SECFOLDER = 4;
33 protected $path_object = null;
37 protected $checked = false;
41 protected $disposition = ilFileDelivery::DISP_INLINE;
45 protected $override_mimetype = '';
49 protected $send_status_code = false;
53 protected $initialized = false;
57 protected $revalidate_folder_tokens = true;
61 protected static $use_seperate_logfile = false;
65 protected $applied_checking_methods = array();
69 private $http;
73 private $cookieFactory;
74
75
82 public function __construct(GlobalHttpState $httpState, CookieFactory $cookieFactory)
83 {
84 $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
85 $this->http = $httpState;
86 $this->cookieFactory = $cookieFactory;
87 }
88
89
94 public function check()
95 {
96 if (!$this->getPathObject()) {
97 throw new ilWACException(ilWACException::CODE_NO_PATH);
98 }
99
100 // Check if Path has been signed with a token
101 $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
102 if ($ilWACSignedPath->isSignedPath()) {
103 $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
104 if ($ilWACSignedPath->isSignedPathValid()) {
105 $this->setChecked(true);
106 $this->sendHeader('checked using token');
107
108 return true;
109 }
110 }
111
112 // Check if the whole secured folder has been signed
113 if ($ilWACSignedPath->isFolderSigned()) {
114 $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
115 if ($ilWACSignedPath->isFolderTokenValid()) {
116 if ($this->isRevalidateFolderTokens()) {
117 $ilWACSignedPath->revalidatingFolderToken();
118 }
119 $this->setChecked(true);
120 $this->sendHeader('checked using secure folder');
121
122 return true;
123 }
124 }
125
126 // Fallback, have to initiate ILIAS
127 $this->initILIAS();
128
129 if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
130 // Maybe the path has been registered, lets check
131 $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
132 $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
133 $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
134 if ($canBeDelivered) {
135 $this->sendHeader('checked using fallback');
136 if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
137 $ilWACSignedPath->revalidatingFolderToken();
138 }
139
140 $this->setChecked(true);
141
142 return true;
143 } else {
144 $this->setChecked(true);
145
146 return false;
147 }
148 }
149
150 // none of the checking mechanisms could have been applied. no access
151 $this->setChecked(true);
152 if ($this->getPathObject()->isInSecFolder()) {
153 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
154
155 return false;
156 } else {
157 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
158
159 return true;
160 }
161 }
162
163
169 protected function sendHeader($message)
170 {
171 $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
172 $this->http->saveResponse($response);
173 }
174
175
179 public function initILIAS()
180 {
181 if ($this->isInitialized()) {
182 return;
183 }
184
185 $GLOBALS['COOKIE_PATH'] = '/';
186
187 $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
188 ->withPath('/')
189 ->withExpires(0);
190
191 $response = $this->http->cookieJar()
192 ->with($cookie)
193 ->renderIntoResponseHeader($this->http->response());
194
195 $this->http->saveResponse($response);
196
197 ilContext::init(ilContext::CONTEXT_WAC);
198 try {
199 ilInitialisation::initILIAS();
200 $this->checkUser();
201 $this->checkPublicSection();
202 } catch (Exception $e) {
203 if ($e instanceof ilWACException
204 && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
205 throw $e;
206 }
207 if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
208 || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
209 $this->initAnonymousSession();
210 $this->checkUser();
211 $this->checkPublicSection();
212 }
213 }
214 $this->setInitialized(true);
215 }
216
217
222 protected function checkPublicSection()
223 {
224 global $DIC;
225 $not_on_login_page = $this->isRequestNotFromLoginPage();
226 $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
227 $is_null_user = ($DIC->user()->getId() === 0);
228 $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
229 $isset = isset($DIC['ilSetting']);
230 $instanceof = $DIC['ilSetting'] instanceof ilSetting;
231 if (!$isset || !$instanceof || (!$pub_section_activated && ($is_anonymous || ($is_null_user && $not_on_login_page)))) {
232 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
233 }
234 }
235
236
237 protected function checkUser()
238 {
239 global $DIC;
240
241 $is_user = $DIC->user() instanceof ilObjUser;
242 $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
243 $not_on_login_page = $this->isRequestNotFromLoginPage();
244 if (!$is_user || ($user_id_is_zero && $not_on_login_page)) {
245 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
246 }
247 }
248
249
253 public function isChecked()
254 {
255 return (bool) $this->checked;
256 }
257
258
264 public function setChecked($checked)
265 {
266 assert(is_bool($checked));
267 $this->checked = $checked;
268 }
269
270
274 public function getPathObject()
275 {
276 return $this->path_object;
277 }
278
279
285 public function setPathObject(ilWACPath $path_object)
286 {
287 $this->path_object = $path_object;
288 }
289
290
294 public function getDisposition()
295 {
296 return (string) $this->disposition;
297 }
298
299
305 public function setDisposition($disposition)
306 {
307 assert(is_string($disposition));
308 $this->disposition = $disposition;
309 }
310
311
315 public function getOverrideMimetype()
316 {
317 return (string) $this->override_mimetype;
318 }
319
320
326 public function setOverrideMimetype($override_mimetype)
327 {
328 assert(is_string($override_mimetype));
329 $this->override_mimetype = $override_mimetype;
330 }
331
332
336 public function isInitialized()
337 {
338 return (bool) $this->initialized;
339 }
340
341
345 public function setInitialized($initialized)
346 {
347 assert(is_bool($initialized));
348 $this->initialized = $initialized;
349 }
350
351
355 public function isSendStatusCode()
356 {
357 return (bool) $this->send_status_code;
358 }
359
360
366 public function setSendStatusCode($send_status_code)
367 {
368 assert(is_bool($send_status_code));
369 $this->send_status_code = $send_status_code;
370 }
371
372
376 public function isRevalidateFolderTokens()
377 {
378 return (bool) $this->revalidate_folder_tokens;
379 }
380
381
387 public function setRevalidateFolderTokens($revalidate_folder_tokens)
388 {
389 assert(is_bool($revalidate_folder_tokens));
390 $this->revalidate_folder_tokens = $revalidate_folder_tokens;
391 }
392
393
397 public static function isUseSeperateLogfile()
398 {
399 return (bool) self::$use_seperate_logfile;
400 }
401
402
408 public static function setUseSeperateLogfile($use_seperate_logfile)
409 {
410 assert(is_bool($use_seperate_logfile));
411 self::$use_seperate_logfile = $use_seperate_logfile;
412 }
413
414
418 public function getAppliedCheckingMethods()
419 {
420 return (array) $this->applied_checking_methods;
421 }
422
423
429 public function setAppliedCheckingMethods(array $applied_checking_methods)
430 {
431 $this->applied_checking_methods = $applied_checking_methods;
432 }
433
434
440 protected function addAppliedCheckingMethod($method)
441 {
442 assert(is_int($method));
443 $this->applied_checking_methods[] = $method;
444 }
445
446
447 protected function initAnonymousSession()
448 {
449 global $DIC;
450 include_once './Services/Context/classes/class.ilContext.php';
451 ilContext::init(ilContext::CONTEXT_WAC);
452 require_once("Services/Init/classes/class.ilInitialisation.php");
453 ilInitialisation::reinitILIAS();
457 $ilAuthSession = $DIC['ilAuthSession'];
458 $ilAuthSession->init();
459 $ilAuthSession->regenerateId();
460 $a_id = (int) ANONYMOUS_USER_ID;
461 $ilAuthSession->setUserId($a_id);
462 $ilAuthSession->setAuthenticated(false, $a_id);
463 $DIC->user()->setId($a_id);
464 }
465
466
470 protected function isRequestNotFromLoginPage()
471 {
472 $referrer = !is_null($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
473 $not_on_login_page = (strpos($referrer, 'login.php') === false
474 && strpos($referrer, '&baseClass=ilStartUpGUI') === false);
475
476 return $not_on_login_page;
477 }
478}
php
An exception for terminatinating execution or to throw for unit testing.
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:45
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:32
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:949
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:11
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:11
ilWACSecurePath\hasCheckingInstanceRegistered
static hasCheckingInstanceRegistered(ilWACPath $ilWACPath)
Searches a checking instance for the given wac path.
Definition: class.ilWACSecurePath.php:67
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:24
ilWebAccessChecker
Class ilWebAccessChecker.
Definition: class.ilWebAccessChecker.php:22
ilWebAccessChecker\__construct
__construct(GlobalHttpState $httpState, CookieFactory $cookieFactory)
ilWebAccessChecker constructor.
Definition: class.ilWebAccessChecker.php:82
ilWebAccessChecker\setUseSeperateLogfile
static setUseSeperateLogfile($use_seperate_logfile)
Definition: class.ilWebAccessChecker.php:408
ilWebAccessChecker\setSendStatusCode
setSendStatusCode($send_status_code)
Definition: class.ilWebAccessChecker.php:366
ilWebAccessChecker\setRevalidateFolderTokens
setRevalidateFolderTokens($revalidate_folder_tokens)
Definition: class.ilWebAccessChecker.php:387
ilWebAccessChecker\setAppliedCheckingMethods
setAppliedCheckingMethods(array $applied_checking_methods)
Definition: class.ilWebAccessChecker.php:429
ilWebAccessChecker\setPathObject
setPathObject(ilWACPath $path_object)
Definition: class.ilWebAccessChecker.php:285
ilWebAccessChecker\setOverrideMimetype
setOverrideMimetype($override_mimetype)
Definition: class.ilWebAccessChecker.php:326
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ILIAS\HTTP\GlobalHttpState
Interface GlobalHttpState.
Definition: GlobalHttpState.php:25
ILIAS\HTTP\GlobalHttpState\request
request()
Returns the current psr-7 server request.
Psr\Http\Message\UriInterface
Value object representing a URI.
Definition: UriInterface.php:25
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
$response
$response
Definition: proxy_ylocal.php:39
$DIC
global $DIC
Definition: saml.php:7
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54