ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Protected Attributes | Private Attributes
ilWebAccessChecker Class Reference

Class ilWebAccessChecker. More...

+ Collaboration diagram for ilWebAccessChecker:

Public Member Functions

 __construct (GlobalHttpState $httpState, CookieFactory $cookieFactory)
 ilWebAccessChecker constructor. More...
 
 check ()
 
 initILIAS ()
 
 isChecked ()
 
 setChecked ($checked)
 
 getPathObject ()
 
 setPathObject (ilWACPath $path_object)
 
 getDisposition ()
 
 setDisposition ($disposition)
 
 getOverrideMimetype ()
 
 setOverrideMimetype ($override_mimetype)
 
 isInitialized ()
 
 setInitialized ($initialized)
 
 isSendStatusCode ()
 
 setSendStatusCode ($send_status_code)
 
 isRevalidateFolderTokens ()
 
 setRevalidateFolderTokens ($revalidate_folder_tokens)
 
 getAppliedCheckingMethods ()
 
 setAppliedCheckingMethods (array $applied_checking_methods)
 

Static Public Member Functions

static isUseSeperateLogfile ()
 
static setUseSeperateLogfile ($use_seperate_logfile)
 

Data Fields

const DISPOSITION = 'disposition'
 
const STATUS_CODE = 'status_code'
 
const REVALIDATE = 'revalidate'
 
const CM_FILE_TOKEN = 1
 
const CM_FOLDER_TOKEN = 2
 
const CM_CHECKINGINSTANCE = 3
 
const CM_SECFOLDER = 4
 

Protected Member Functions

 sendHeader ($message)
 
 checkPublicSection ()
 
 checkUser ()
 
 addAppliedCheckingMethod ($method)
 
 isRequestNotFromLoginPage ()
 

Protected Attributes

 $path_object = null
 
 $checked = false
 
 $disposition = ilFileDelivery::DISP_INLINE
 
 $override_mimetype = ''
 
 $send_status_code = false
 
 $initialized = false
 
 $revalidate_folder_tokens = true
 
 $applied_checking_methods = array()
 

Static Protected Attributes

static $use_seperate_logfile = false
 

Private Attributes

 $http
 
 $cookieFactory
 

Detailed Description

Class ilWebAccessChecker.

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch
Version
1.0.0

Definition at line 21 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct ( GlobalHttpState  $httpState,
CookieFactory  $cookieFactory 
)

ilWebAccessChecker constructor.

Parameters
GlobalHttpState$httpState
CookieFactory$cookieFactory

Definition at line 82 of file class.ilWebAccessChecker.php.

References $cookieFactory, ILIAS\FileDelivery\http(), ILIAS\HTTP\GlobalHttpState\request(), and setPathObject().

83  {
84  $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
85  $this->http = $httpState;
86  $this->cookieFactory = $cookieFactory;
87  }
ilWebAccessChecker\setPathObject
setPathObject(ilWACPath $path_object)
Definition: class.ilWebAccessChecker.php:285
ILIAS\HTTP\GlobalHttpState\request
request()
Returns the current psr-7 server request.
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:10
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
+ Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod (   $method)
protected
Parameters
int$method
Returns
void

Definition at line 440 of file class.ilWebAccessChecker.php.

References $DIC, ilContext\CONTEXT_WAC, ilContext\init(), and ilInitialisation\reinitILIAS().

Referenced by check().

441  {
442  assert(is_int($method));
443  $this->applied_checking_methods[] = $method;
444  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )
Returns
bool
Exceptions
ilWACException

Definition at line 94 of file class.ilWebAccessChecker.php.

References addAppliedCheckingMethod(), ilWACException\CODE_NO_PATH, getPathObject(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), isRevalidateFolderTokens(), sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest(), ilWACCheckingInstanceTest\testBasic(), and ilWACCheckingInstanceTest\testNonCheckingInstanceNoSec().

95  {
96  if (!$this->getPathObject()) {
97  throw new ilWACException(ilWACException::CODE_NO_PATH);
98  }
99 
100  // Check if Path has been signed with a token
101  $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
102  if ($ilWACSignedPath->isSignedPath()) {
103  $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
104  if ($ilWACSignedPath->isSignedPathValid()) {
105  $this->setChecked(true);
106  $this->sendHeader('checked using token');
107 
108  return true;
109  }
110  }
111 
112  // Check if the whole secured folder has been signed
113  if ($ilWACSignedPath->isFolderSigned()) {
114  $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
115  if ($ilWACSignedPath->isFolderTokenValid()) {
116  if ($this->isRevalidateFolderTokens()) {
117  $ilWACSignedPath->revalidatingFolderToken();
118  }
119  $this->setChecked(true);
120  $this->sendHeader('checked using secure folder');
121 
122  return true;
123  }
124  }
125 
126  // Fallback, have to initiate ILIAS
127  $this->initILIAS();
128 
129  if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
130  // Maybe the path has been registered, lets check
131  $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
132  $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
133  $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
134  if ($canBeDelivered) {
135  $this->sendHeader('checked using fallback');
136  if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
137  $ilWACSignedPath->revalidatingFolderToken();
138  }
139 
140  $this->setChecked(true);
141 
142  return true;
143  } else {
144  $this->setChecked(true);
145 
146  return false;
147  }
148  }
149 
150  // none of the checking mechanisms could have been applied. no access
151  $this->setChecked(true);
152  if ($this->getPathObject()->isInSecFolder()) {
153  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
154 
155  return false;
156  } else {
157  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
158 
159  return true;
160  }
161  }
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:23
ilWACSecurePath\hasCheckingInstanceRegistered
static hasCheckingInstanceRegistered(ilWACPath $ilWACPath)
Searches a checking instance for the given wac path.
Definition: class.ilWACSecurePath.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )
protected
Returns
void
Exceptions
ilWACException

Definition at line 222 of file class.ilWebAccessChecker.php.

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, and isRequestNotFromLoginPage().

Referenced by initILIAS().

223  {
224  global $DIC;
225  $not_on_login_page = $this->isRequestNotFromLoginPage();
226  $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
227  $is_null_user = ($DIC->user()->getId() === 0);
228  $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
229  $isset = isset($DIC['ilSetting']);
230  $instanceof = $DIC['ilSetting'] instanceof ilSetting;
231  if (!$isset || !$instanceof || (!$pub_section_activated && ($is_anonymous || ($is_null_user && $not_on_login_page)))) {
232  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
233  }
234  }
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
$DIC
global $DIC
Definition: saml.php:7
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )
protected

Definition at line 237 of file class.ilWebAccessChecker.php.

References $DIC, ilWACException\ACCESS_DENIED_NO_LOGIN, and isRequestNotFromLoginPage().

Referenced by initILIAS().

238  {
239  global $DIC;
240 
241  $is_user = $DIC->user() instanceof ilObjUser;
242  $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
243  $not_on_login_page = $this->isRequestNotFromLoginPage();
244  if (!$is_user || ($user_id_is_zero && $not_on_login_page)) {
245  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
246  }
247  }
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
$DIC
global $DIC
Definition: saml.php:7
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )
Returns
int[]

Definition at line 418 of file class.ilWebAccessChecker.php.

References $applied_checking_methods, and array.

419  {
420  return (array) $this->applied_checking_methods;
421  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )
Returns
string

Definition at line 294 of file class.ilWebAccessChecker.php.

References $disposition.

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

295  {
296  return (string) $this->disposition;
297  }
+ Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )
Returns
string

Definition at line 315 of file class.ilWebAccessChecker.php.

References $override_mimetype.

316  {
317  return (string) $this->override_mimetype;
318  }

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )
Returns
ilWACPath

Definition at line 274 of file class.ilWebAccessChecker.php.

References $path_object.

Referenced by check(), ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\handleAccessErrors(), and initILIAS().

275  {
276  return $this->path_object;
277  }
+ Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )
Returns
void

Definition at line 179 of file class.ilWebAccessChecker.php.

References $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

180  {
181  if ($this->isInitialized()) {
182  return;
183  }
184 
185  $GLOBALS['COOKIE_PATH'] = '/';
186 
187  $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
188  ->withPath('/')
189  ->withExpires(0);
190 
191  $response = $this->http->cookieJar()
192  ->with($cookie)
193  ->renderIntoResponseHeader($this->http->response());
194 
195  $this->http->saveResponse($response);
196 
197  ilContext::init(ilContext::CONTEXT_WAC);
198  try {
199  ilInitialisation::initILIAS();
200  $this->checkUser();
201  $this->checkPublicSection();
202  } catch (Exception $e) {
203  if ($e instanceof ilWACException
204  && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
205  throw $e;
206  }
207  if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
208  || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
209  $this->initAnonymousSession();
210  $this->checkUser();
211  $this->checkPublicSection();
212  }
213  }
214  $this->setInitialized(true);
215  }
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:32
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:949
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:45
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )
Returns
bool

Definition at line 253 of file class.ilWebAccessChecker.php.

References $checked.

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

254  {
255  return (bool) $this->checked;
256  }
+ Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )
Returns
bool

Definition at line 336 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

337  {
338  return (bool) $this->initialized;
339  }
+ Here is the caller graph for this function:

◆ isRequestNotFromLoginPage()

ilWebAccessChecker::isRequestNotFromLoginPage ( )
protected
Returns
bool

Definition at line 470 of file class.ilWebAccessChecker.php.

References $_SERVER.

Referenced by checkPublicSection(), and checkUser().

471  {
472  $referrer = !is_null($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
473  $not_on_login_page = (strpos($referrer, 'login.php') === false
474  && strpos($referrer, '&baseClass=ilStartUpGUI') === false);
475 
476  return $not_on_login_page;
477  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
+ Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )
Returns
bool

Definition at line 376 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

Referenced by check().

377  {
378  return (bool) $this->revalidate_folder_tokens;
379  }
+ Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )
Returns
bool

Definition at line 355 of file class.ilWebAccessChecker.php.

References $send_status_code.

356  {
357  return (bool) $this->send_status_code;
358  }

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )
static
Returns
bool

Definition at line 397 of file class.ilWebAccessChecker.php.

398  {
399  return (bool) self::$use_seperate_logfile;
400  }

◆ sendHeader()

ilWebAccessChecker::sendHeader (   $message)
protected
Parameters
string$message
Returns
void

Definition at line 169 of file class.ilWebAccessChecker.php.

References $message, $response, and ILIAS\FileDelivery\http().

Referenced by check().

170  {
171  $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
172  $this->http->saveResponse($response);
173  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array  $applied_checking_methods)
Parameters
int[]$applied_checking_methods
Returns
void

Definition at line 429 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

430  {
431  $this->applied_checking_methods = $applied_checking_methods;
432  }

◆ setChecked()

ilWebAccessChecker::setChecked (   $checked)
Parameters
boolean$checked
Returns
void

Definition at line 264 of file class.ilWebAccessChecker.php.

References $checked.

Referenced by check().

265  {
266  assert(is_bool($checked));
267  $this->checked = $checked;
268  }
+ Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition (   $disposition)
Parameters
string$disposition
Returns
void

Definition at line 305 of file class.ilWebAccessChecker.php.

References $disposition.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

306  {
307  assert(is_string($disposition));
308  $this->disposition = $disposition;
309  }
+ Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized (   $initialized)
Parameters
bool$initialized

Definition at line 345 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

346  {
347  assert(is_bool($initialized));
348  $this->initialized = $initialized;
349  }
+ Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype (   $override_mimetype)
Parameters
string$override_mimetype
Returns
void

Definition at line 326 of file class.ilWebAccessChecker.php.

References $override_mimetype.

327  {
328  assert(is_string($override_mimetype));
329  $this->override_mimetype = $override_mimetype;
330  }

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath  $path_object)
Parameters
ilWACPath$path_object
Returns
void

Definition at line 285 of file class.ilWebAccessChecker.php.

References $path_object.

Referenced by __construct().

286  {
287  $this->path_object = $path_object;
288  }
+ Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens (   $revalidate_folder_tokens)
Parameters
bool$revalidate_folder_tokens
Returns
void

Definition at line 387 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

388  {
389  assert(is_bool($revalidate_folder_tokens));
390  $this->revalidate_folder_tokens = $revalidate_folder_tokens;
391  }
+ Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode (   $send_status_code)
Parameters
bool$send_status_code
Returns
void

Definition at line 366 of file class.ilWebAccessChecker.php.

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

367  {
368  assert(is_bool($send_status_code));
369  $this->send_status_code = $send_status_code;
370  }
+ Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile (   $use_seperate_logfile)
static
Parameters
bool$use_seperate_logfile
Returns
void

Definition at line 408 of file class.ilWebAccessChecker.php.

References $use_seperate_logfile.

409  {
410  assert(is_bool($use_seperate_logfile));
411  self::$use_seperate_logfile = $use_seperate_logfile;
412  }

Field Documentation

◆ $applied_checking_methods

ilWebAccessChecker::$applied_checking_methods = array()
protected

Definition at line 65 of file class.ilWebAccessChecker.php.

Referenced by getAppliedCheckingMethods(), and setAppliedCheckingMethods().

◆ $checked

ilWebAccessChecker::$checked = false
protected

Definition at line 37 of file class.ilWebAccessChecker.php.

Referenced by isChecked(), and setChecked().

◆ $cookieFactory

CookieFactory ilWebAccessChecker::$cookieFactory
private

Definition at line 73 of file class.ilWebAccessChecker.php.

Referenced by __construct().

◆ $disposition

ilWebAccessChecker::$disposition = ilFileDelivery::DISP_INLINE
protected

Definition at line 41 of file class.ilWebAccessChecker.php.

Referenced by getDisposition(), and setDisposition().

◆ $http

ILIAS DI HTTPServices ilWebAccessChecker::$http
private

Definition at line 69 of file class.ilWebAccessChecker.php.

◆ $initialized

ilWebAccessChecker::$initialized = false
protected

Definition at line 53 of file class.ilWebAccessChecker.php.

Referenced by isInitialized(), and setInitialized().

◆ $override_mimetype

ilWebAccessChecker::$override_mimetype = ''
protected

Definition at line 45 of file class.ilWebAccessChecker.php.

Referenced by getOverrideMimetype(), and setOverrideMimetype().

◆ $path_object

ilWebAccessChecker::$path_object = null
protected

Definition at line 33 of file class.ilWebAccessChecker.php.

Referenced by getPathObject(), and setPathObject().

◆ $revalidate_folder_tokens

ilWebAccessChecker::$revalidate_folder_tokens = true
protected

Definition at line 57 of file class.ilWebAccessChecker.php.

Referenced by isRevalidateFolderTokens(), and setRevalidateFolderTokens().

◆ $send_status_code

ilWebAccessChecker::$send_status_code = false
protected

Definition at line 49 of file class.ilWebAccessChecker.php.

Referenced by isSendStatusCode(), and setSendStatusCode().

◆ $use_seperate_logfile

ilWebAccessChecker::$use_seperate_logfile = false
staticprotected

Definition at line 61 of file class.ilWebAccessChecker.php.

Referenced by setUseSeperateLogfile().

◆ CM_CHECKINGINSTANCE

const ilWebAccessChecker::CM_CHECKINGINSTANCE = 3

Definition at line 28 of file class.ilWebAccessChecker.php.

◆ CM_FILE_TOKEN

const ilWebAccessChecker::CM_FILE_TOKEN = 1

Definition at line 26 of file class.ilWebAccessChecker.php.

◆ CM_FOLDER_TOKEN

const ilWebAccessChecker::CM_FOLDER_TOKEN = 2

Definition at line 27 of file class.ilWebAccessChecker.php.

◆ CM_SECFOLDER

const ilWebAccessChecker::CM_SECFOLDER = 4

Definition at line 29 of file class.ilWebAccessChecker.php.

◆ DISPOSITION

const ilWebAccessChecker::DISPOSITION = 'disposition'

Definition at line 23 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ REVALIDATE

const ilWebAccessChecker::REVALIDATE = 'revalidate'

Definition at line 25 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ STATUS_CODE

const ilWebAccessChecker::STATUS_CODE = 'status_code'

Definition at line 24 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

The documentation for this class was generated from the following file: