ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Static Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderLTI Class Reference

OAuth based lti authentication. More...

+ Inheritance diagram for ilAuthProviderLTI:
+ Collaboration diagram for ilAuthProviderLTI:

Static Public Member Functions

static getAuthModeByKey ($a_auth_key)
 Get auth mode by key. More...
 
static getKeyByAuthMode ($a_auth_mode)
 Get auth id by auth mode. More...
 
static getActiveAuthModes ()
 get all active authmode server ids More...
 
static getAuthModes ()
 
static lookupConsumer ($a_sid)
 Lookup consumer title. More...
 
static getServerIdByAuthMode ($a_auth_mode)
 Get auth id by auth mode. More...
 
static isAuthModeLTI ($a_auth_mode)
 Check if user auth mode is LDAP. More...
 

Data Fields

const AUTH_MODE_PREFIX = 'lti'
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Protected Member Functions

 findAuthKeyId ($a_oauth_consumer_key)
 find consumer key id type $ilDB More...
 
 findAuthPrefix ($a_lti_id)
 find lti id More...
 
 findGlobalRole ($a_lti_id)
 find global role of consumer More...
 
 findUserId ($a_oauth_user, $a_oauth_id, $a_user_prefix)
 Find user by auth mode and lti id. More...
 
 createUser (ilLTIToolConsumer $consumer)
 create new user More...
 
 updateUser ($a_local_user_id, ilLTIToolConsumer $consumer)
 update existing user More...
 
 handleLocalRoleAssignments ($user_id, ilLTIToolConsumer $consumer)
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $dataConnector = null
 

Additional Inherited Members

- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Detailed Description

OAuth based lti authentication.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de
Stefan Schneider

Definition at line 19 of file class.ilAuthProviderLTI.php.

Member Function Documentation

◆ createUser()

ilAuthProviderLTI::createUser ( ilLTIToolConsumer  $consumer)
protected

create new user

protected

Definition at line 222 of file class.ilAuthProviderLTI.php.

References $_POST, $GLOBALS, $ilSetting, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIToolConsumer\getExtConsumerId(), ilAuthProvider\getLogger(), ilLTIToolConsumer\getPrefix(), ilLTIToolConsumer\getRole(), IL_PASSWD_CRYPTED, and time.

223  {
224  global $ilClientIniFile, $ilSetting;
225 
226  $userObj = new ilObjUser();
227 
228  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
229  $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
230 
231  $newUser["login"] = $local_user;
232  $newUser["firstname"] = $_POST['lis_person_name_given'];
233  $newUser["lastname"] = $_POST['lis_person_name_family'];
234  $newUser['email'] = $_POST['lis_person_contact_email_primary'];
235 
236 
237  // set "plain md5" password (= no valid password)
238  $newUser["passwd"] = "";
239  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
240 
241  $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
242  $newUser['ext_account'] = $this->getCredentials()->getUsername();
243  $newUser["profile_incomplete"] = 0;
244 
245  // system data
246  $userObj->assignData($newUser);
247  $userObj->setTitle($userObj->getFullname());
248  $userObj->setDescription($userObj->getEmail());
249 
250  // set user language to system language
251  $userObj->setLanguage($ilSetting->get("language"));
252 
253  // Time limit
254  $userObj->setTimeLimitOwner(7);
255  $userObj->setTimeLimitUnlimited(0);
256  $userObj->setTimeLimitFrom(time() - 5);
257  $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
258 
259 
260  // Create user in DB
261  $userObj->setOwner(6);
262  $userObj->create();
263  $userObj->setActive(1);
264  $userObj->updateOwner();
265  $userObj->saveAsNew();
266  $userObj->writePrefs();
267 
268  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
269 
270  $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
271  return $userObj->getId();
272  }
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:415
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilSetting
global $ilSetting
Definition: privfeed.php:17
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId (   $a_oauth_consumer_key)
protected

find consumer key id type $ilDB

Parameters
type$a_oauth_consumer_key
Returns
type

Definition at line 140 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

141  {
142  global $ilDB;
143 
144  $query = 'SELECT consumer_pk from lti2_consumer where consumer_key256 = ' . $ilDB->quote($a_oauth_consumer_key, 'text');
145  // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
146  $this->getLogger()->debug($query);
147  $res = $ilDB->query($query);
148 
149  $lti_id = 0;
150  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
151  $lti_id = $row->consumer_pk;
152  // $lti_id = $row->id;
153  }
154  $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
155  return $lti_id;
156  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix (   $a_lti_id)
protected

find lti id

Parameters
type$a_lti_id

Definition at line 162 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

163  {
164  global $ilDB;
165 
166  $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
167  $this->getLogger()->debug($query);
168  $res = $ilDB->query($query);
169 
170  // $prefix = 'lti'.$a_lti_id.'_';
171  $prefix = '';
172  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
173  $prefix = $row->prefix;
174  }
175  $this->getLogger()->debug('LTI prefix: ' . $prefix);
176  return $prefix;
177  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findGlobalRole()

ilAuthProviderLTI::findGlobalRole (   $a_lti_id)
protected

find global role of consumer

Definition at line 182 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

183  {
184  global $ilDB;
185 
186  $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
187  $this->getLogger()->debug($query);
188  $res = $ilDB->query($query);
189 
190  $role = '';
191  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
192  $role = $row->role;
193  }
194  $this->getLogger()->debug('LTI role: ' . $role);
195  return $role;
196  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findUserId()

ilAuthProviderLTI::findUserId (   $a_oauth_user,
  $a_oauth_id,
  $a_user_prefix 
)
protected

Find user by auth mode and lti id.

Parameters
type$a_oauth_user
type$a_oauth_id

Definition at line 203 of file class.ilAuthProviderLTI.php.

References ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

204  {
205  $user_name = ilObjUser::_checkExternalAuthAccount(
206  self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
207  $a_oauth_user
208  );
209  $user_id = 0;
210  if ($user_name) {
211  $user_id = ilObjUser::_lookupId($user_name);
212  }
213  $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
214  return $user_id;
215  }
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
+ Here is the call graph for this function:

◆ getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )
static

get all active authmode server ids

Definition at line 393 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, $row, array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

394  {
395  global $ilDB;
396 
397  // move to connector
398  $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
399  $res = $ilDB->query($query);
400 
401  $sids = array();
402  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
403  $sids[] = $row->consumer_pk;
404  }
405  return $sids;
406  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey (   $a_auth_key)
static

Get auth mode by key.

Parameters
string$a_auth_mode
Returns
int auth_mode

Definition at line 366 of file class.ilAuthProviderLTI.php.

References array.

Referenced by ilAuthUtils\_getAuthModeName().

367  {
368  $auth_arr = explode('_', $a_auth_key);
369  if (count((array) $auth_arr) > 1) {
370  return 'lti_' . $auth_arr[1];
371  }
372  return 'lti';
373  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )
static

Definition at line 408 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, $row, array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

409  {
410  global $ilDB;
411 
412  // move to connector
413  $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
414  $res = $ilDB->query($query);
415 
416  $sids = array();
417  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
418  $sids[] = $row->consumer_pk;
419  }
420  return $sids;
421  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode (   $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int auth_mode

Definition at line 380 of file class.ilAuthProviderLTI.php.

References array, and AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

381  {
382  $auth_arr = explode('_', $a_auth_mode);
383  if (count((array) $auth_arr) > 1) {
384  return AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
385  }
386  return AUTH_PROVIDER_LTI;
387  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:28
+ Here is the caller graph for this function:

◆ getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode (   $a_auth_mode)
static

Get auth id by auth mode.

Parameters
type$a_auth_mode
Returns
null

Definition at line 442 of file class.ilAuthProviderLTI.php.

Referenced by ilAuthUtils\getAuthModeTranslation().

443  {
444  if (self::isAuthModeLTI($a_auth_mode)) {
445  $auth_arr = explode('_', $a_auth_mode);
446  return $auth_arr[1];
447  }
448  return null;
449  }
+ Here is the caller graph for this function:

◆ handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments (   $user_id,
ilLTIToolConsumer  $consumer 
)
protected

Definition at line 305 of file class.ilAuthProviderLTI.php.

References $_POST, $_SESSION, $GLOBALS, ilAuthProvider\$user_id, ilLTIToolConsumer\getExtConsumerId(), and ilAuthProvider\getLogger().

306  {
307  $target_ref_id = $_SESSION['lti_context_id'];
308  if (!$target_ref_id) {
309  $this->getLogger()->debug('No target id given');
310  return false;
311  }
312  $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
313 
314  // @todo read from lti data
315  $roles = $_POST['roles'];
316  if (!strlen($roles)) {
317  $this->getLogger()->debug('No role information given');
318  return false;
319  }
320  $role_arr = explode(',', $roles);
321 
322  foreach ($role_arr as $role_name) {
323  $role_name = trim($role_name);
324  switch ($role_name) {
325  case 'Administrator':
326 
327  $this->getLogger()->debug('Administrator role handling');
328  if ($obj_settings->getAdminRole()) {
329  $GLOBALS['DIC']->rbac()->admin()->assignUser(
330  $obj_settings->getAdminRole(),
331  $user_id
332  );
333  }
334  break;
335 
336  case 'Instructor':
337  $this->getLogger()->debug('Instructor role handling');
338  $this->getLogger()->debug('Tutor role for request: ' . $obj_settings->getTutorRole());
339  if ($obj_settings->getTutorRole()) {
340  $GLOBALS['DIC']->rbac()->admin()->assignUser(
341  $obj_settings->getTutorRole(),
342  $user_id
343  );
344  }
345  break;
346 
347  case 'Member':
348  case 'Learner':
349  $this->getLogger()->debug('Member role handling');
350  if ($obj_settings->getMemberRole()) {
351  $GLOBALS['DIC']->rbac()->admin()->assignUser(
352  $obj_settings->getMemberRole(),
353  $user_id
354  );
355  }
356  break;
357  }
358  }
359  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI (   $a_auth_mode)
static

Check if user auth mode is LDAP.

Parameters
type$a_auth_mode

Definition at line 455 of file class.ilAuthProviderLTI.php.

References AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

456  {
457  if (!$a_auth_mode) {
458  ilLoggerFactory::getLogger('lti')->warning('No auth mode given.');
459  return false;
460  }
461  $auth_arr = explode('_', $a_auth_mode);
462  return ($auth_arr[0] == AUTH_PROVIDER_LTI) and $auth_arr[1];
463  }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:28
+ Here is the call graph for this function:

◆ lookupConsumer()

static ilAuthProviderLTI::lookupConsumer (   $a_sid)
static

Lookup consumer title.

Parameters
type$a_sid
Returns
type

Definition at line 428 of file class.ilAuthProviderLTI.php.

References $consumer, and ilLTIToolConsumer\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

429  {
430  include_once './Services/LTI/classes/class.ilLTIDataConnector.php';
431  $connector = new ilLTIDataConnector();
432  include_once './Services/LTI/classes/InternalProvider/class.ilLTIToolConsumer.php';
433  $consumer = ilLTIToolConsumer::fromRecordId($a_sid, $connector);
434  return $consumer->getTitle();
435  }
ilLTIToolConsumer\fromRecordId
static fromRecordId($id, $dataConnector)
Load the tool consumer from the database by its record ID.
Definition: class.ilLTIToolConsumer.php:223
ilLTIDataConnector
Class to represent an LTI Data Connector for ILIAS.
Definition: class.ilLTIDataConnector.php:26
$consumer
$consumer
Definition: demo.php:30
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderLTI::updateUser (   $a_local_user_id,
ilLTIToolConsumer  $consumer 
)
protected

update existing user

protected

Definition at line 279 of file class.ilAuthProviderLTI.php.

References $_POST, $GLOBALS, $ilLog, ilAuthProvider\getLogger(), ilLTIToolConsumer\getRole(), and time.

280  {
281  global $ilClientIniFile,$ilLog,$rbacadmin;
282 
283  $user_obj = new ilObjUser($a_local_user_id);
284  $user_obj->setFirstname($_POST['lis_person_name_given']);
285  $user_obj->setLastname($_POST['lis_person_name_family']);
286  $user_obj->setEmail($_POST['lis_person_contact_email_primary']);
287  $user_obj->setActive(true);
288 
289  $until = $user_obj->getTimeLimitUntil();
290 
291  if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
292  $user_obj->setTimeLimitFrom(time() - 60);
293  $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
294  }
295  $user_obj->update();
296  $user_obj->refreshLogin();
297 
298  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
299  $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
300 
301  $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
302  return $user_obj->getId();
303  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:129
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

Field Documentation

◆ $dataConnector

ilAuthProviderLTI::$dataConnector = null
private

Definition at line 22 of file class.ilAuthProviderLTI.php.

◆ AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 21 of file class.ilAuthProviderLTI.php.

The documentation for this class was generated from the following file: