ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
sspmod_core_Auth_UserPassOrgBase Class Reference
+ Inheritance diagram for sspmod_core_Auth_UserPassOrgBase:
+ Collaboration diagram for sspmod_core_Auth_UserPassOrgBase:

Public Member Functions

 __construct ($info, &$config)
 Constructor for this authentication source. More...
 
 getUsernameOrgMethod ()
 Retrieve the way organizations as part of the username should be handled. More...
 
 getRememberUsernameEnabled ()
 Getter for the authsource config option remember.username.enabled. More...
 
 getRememberUsernameChecked ()
 Getter for the authsource config option remember.username.checked. More...
 
 authenticate (&$state)
 Initialize login. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static handleLogin ($authStateId, $username, $password, $organization)
 Handle login request. More...
 
static listOrganizations ($authStateId)
 Get available organizations. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Data Fields

const STAGEID = 'sspmod_core_Auth_UserPassOrgBase.state'
 The string used to identify our states. More...
 
const AUTHID = 'sspmod_core_Auth_UserPassOrgBase.AuthId'
 The key of the AuthId field in the state. More...
 
const ORGID = 'sspmod_core_Auth_UserPassOrgBase.SelectedOrg'
 The key of the OrgId field in the state, identifies which org was selected. More...
 

Protected Member Functions

 setUsernameOrgMethod ($usernameOrgMethod)
 Configure the way organizations as part of the username is handled. More...
 
 login ($username, $password, $organization)
 Attempt to log in using the given username, password and organization. More...
 
 getOrganizations ()
 Retrieve list of organizations. More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Protected Attributes

 $rememberUsernameEnabled = FALSE
 
 $rememberUsernameChecked = FALSE
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Private Attributes

 $usernameOrgMethod
 What way do we handle the organization as part of the username. More...
 

Additional Inherited Members

- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 

Detailed Description

Definition at line 14 of file UserPassOrgBase.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_Auth_UserPassOrgBase::__construct (   $info,
$config 
)

Constructor for this authentication source.

All subclasses who implement their own constructor must call this constructor before using $config for anything.

Parameters
array$infoInformation about this authentication source.
array&$configConfiguration for this authentication source.

Definition at line 70 of file UserPassOrgBase.php.

References $config, and $info.

70  {
71  assert('is_array($info)');
72  assert('is_array($config)');
73 
74  // Call the parent constructor first, as required by the interface
75  parent::__construct($info, $config);
76 
77  // Get the remember username config options
78  if (isset($config['remember.username.enabled'])) {
79  $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
80  unset($config['remember.username.enabled']);
81  }
82  if (isset($config['remember.username.checked'])) {
83  $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
84  unset($config['remember.username.checked']);
85  }
86 
87  $this->usernameOrgMethod = 'none';
88  }
$info
$info
Definition: index.php:5

Member Function Documentation

◆ authenticate()

sspmod_core_Auth_UserPassOrgBase::authenticate ( $state)

Initialize login.

This function saves the information about the login, and redirects to a login page.

Parameters
array&$stateInformation about the current authentication.

Definition at line 149 of file UserPassOrgBase.php.

References SimpleSAML_Auth_Source\$authId, $id, $params, $password, $state, $url, array, SimpleSAML\Module\getModuleURL(), getOrganizations(), login(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

149  {
150  assert('is_array($state)');
151 
152  // We are going to need the authId in order to retrieve this authentication source later
153  $state[self::AUTHID] = $this->authId;
154 
155  $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
156 
157  $url = SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
158  $params = array('AuthState' => $id);
159  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
160  }
$params
$params
Definition: disable.php:11
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ getOrganizations()

sspmod_core_Auth_UserPassOrgBase::getOrganizations ( )
abstractprotected

Retrieve list of organizations.

The list of organizations is an associative array. The key of the array is the id of the organization, and the value is the description. The value can be another array, in which case that array is expected to contain language-code to description mappings.

Returns
array Associative array with the organizations.

Referenced by authenticate().

+ Here is the caller graph for this function:

◆ getRememberUsernameChecked()

sspmod_core_Auth_UserPassOrgBase::getRememberUsernameChecked ( )

Getter for the authsource config option remember.username.checked.

Returns
bool

Definition at line 136 of file UserPassOrgBase.php.

References $rememberUsernameChecked.

136  {
137  return $this->rememberUsernameChecked;
138  }
sspmod_core_Auth_UserPassOrgBase\$rememberUsernameChecked
$rememberUsernameChecked
Definition: UserPassOrgBase.php:58

◆ getRememberUsernameEnabled()

sspmod_core_Auth_UserPassOrgBase::getRememberUsernameEnabled ( )

Getter for the authsource config option remember.username.enabled.

Returns
bool

Definition at line 128 of file UserPassOrgBase.php.

References $rememberUsernameEnabled.

128  {
129  return $this->rememberUsernameEnabled;
130  }
sspmod_core_Auth_UserPassOrgBase\$rememberUsernameEnabled
$rememberUsernameEnabled
Definition: UserPassOrgBase.php:50

◆ getUsernameOrgMethod()

sspmod_core_Auth_UserPassOrgBase::getUsernameOrgMethod ( )

Retrieve the way organizations as part of the username should be handled.

There are three possible values:

  • 'none': Force the user to select the correct organization from the dropdown box.
  • 'allow': Allow the user to enter the organization as part of the username.
  • 'force': Remove the dropdown box.
Returns
string The method which should be used.

Definition at line 120 of file UserPassOrgBase.php.

References $usernameOrgMethod.

120  {
121  return $this->usernameOrgMethod;
122  }
sspmod_core_Auth_UserPassOrgBase\$usernameOrgMethod
$usernameOrgMethod
What way do we handle the organization as part of the username.
Definition: UserPassOrgBase.php:42

◆ handleLogin()

static sspmod_core_Auth_UserPassOrgBase::handleLogin (   $authStateId,
  $username,
  $password,
  $organization 
)
static

Handle login request.

This function is used by the login form (core/www/loginuserpassorg.php) when the user enters a username and password. On success, it will not return. On wrong username/password failure, and other errors, it will throw an exception.

Parameters
string$authStateIdThe identifier of the authentication state.
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
string$organizationThe id of the organization the user chose.

Definition at line 205 of file UserPassOrgBase.php.

References $attributes, $authStateId, $password, $source, $state, SimpleSAML_Auth_Source\completeAuth(), SimpleSAML_Auth_Source\getById(), and SimpleSAML_Auth_State\loadState().

205  {
206  assert('is_string($authStateId)');
207  assert('is_string($username)');
208  assert('is_string($password)');
209  assert('is_string($organization)');
210 
211  /* Retrieve the authentication state. */
212  $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
213 
214  /* Find authentication source. */
215  assert('array_key_exists(self::AUTHID, $state)');
216  $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
217  if ($source === NULL) {
218  throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
219  }
220 
221  $orgMethod = $source->getUsernameOrgMethod();
222  if ($orgMethod !== 'none') {
223  $tmp = explode('@', $username, 2);
224  if (count($tmp) === 2) {
225  $username = $tmp[0];
226  $organization = $tmp[1];
227  } else {
228  if ($orgMethod === 'force') {
229  /* The organization should be a part of the username, but isn't. */
230  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
231  }
232  }
233  }
234 
235  /* Attempt to log in. */
236  $attributes = $source->login($username, $password, $organization);
237 
238  // Add the selected Org to the state
239  $state[self::ORGID] = $organization;
240  $state['PersistentAuthData'][] = self::ORGID;
241 
242  $state['Attributes'] = $attributes;
243  SimpleSAML_Auth_Source::completeAuth($state);
244  }
$attributes
$attributes
Definition: serviceValidate.php:33
$password
$password
Definition: pwgen.php:17
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Error_Error
Definition: Error.php:10
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15
+ Here is the call graph for this function:

◆ listOrganizations()

static sspmod_core_Auth_UserPassOrgBase::listOrganizations (   $authStateId)
static

Get available organizations.

This function is used by the login form to get the available organizations.

Parameters
string$authStateIdThe identifier of the authentication state.
Returns
array|NULL Array of organizations. NULL if the user must enter the organization as part of the username.

Definition at line 256 of file UserPassOrgBase.php.

References $authStateId, $source, $state, SimpleSAML_Auth_Source\getById(), and SimpleSAML_Auth_State\loadState().

256  {
257  assert('is_string($authStateId)');
258 
259  /* Retrieve the authentication state. */
260  $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
261 
262  /* Find authentication source. */
263  assert('array_key_exists(self::AUTHID, $state)');
264  $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
265  if ($source === NULL) {
266  throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
267  }
268 
269  $orgMethod = $source->getUsernameOrgMethod();
270  if ($orgMethod === 'force') {
271  return NULL;
272  }
273 
274  return $source->getOrganizations();
275  }
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15
+ Here is the call graph for this function:

◆ login()

sspmod_core_Auth_UserPassOrgBase::login (   $username,
  $password,
  $organization 
)
abstractprotected

Attempt to log in using the given username, password and organization.

On a successful login, this function should return the users attributes. On failure, it should throw an exception/error. If the error was caused by the user entering the wrong username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.

Note that both the username and the password are UTF-8 encoded.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
string$organizationThe id of the organization the user chose.
Returns
array Associative array with the user's attributes.

Referenced by authenticate().

+ Here is the caller graph for this function:

◆ setUsernameOrgMethod()

sspmod_core_Auth_UserPassOrgBase::setUsernameOrgMethod (   $usernameOrgMethod)
protected

Configure the way organizations as part of the username is handled.

There are three possible values:

  • 'none': Force the user to select the correct organization from the dropdown box.
  • 'allow': Allow the user to enter the organization as part of the username.
  • 'force': Remove the dropdown box.

If unconfigured, the default is 'none'.

Parameters
string$usernameOrgMethodThe method which should be used.

Definition at line 103 of file UserPassOrgBase.php.

References $usernameOrgMethod.

Referenced by sspmod_ldap_Auth_Source_LDAPMulti\__construct().

103  {
104  assert('in_array($usernameOrgMethod, array("none", "allow", "force"), TRUE)');
105 
106  $this->usernameOrgMethod = $usernameOrgMethod;
107  }
sspmod_core_Auth_UserPassOrgBase\$usernameOrgMethod
$usernameOrgMethod
What way do we handle the organization as part of the username.
Definition: UserPassOrgBase.php:42
+ Here is the caller graph for this function:

Field Documentation

◆ $rememberUsernameChecked

sspmod_core_Auth_UserPassOrgBase::$rememberUsernameChecked = FALSE
protected

Definition at line 58 of file UserPassOrgBase.php.

Referenced by getRememberUsernameChecked().

◆ $rememberUsernameEnabled

sspmod_core_Auth_UserPassOrgBase::$rememberUsernameEnabled = FALSE
protected

Definition at line 50 of file UserPassOrgBase.php.

Referenced by getRememberUsernameEnabled().

◆ $usernameOrgMethod

sspmod_core_Auth_UserPassOrgBase::$usernameOrgMethod
private

What way do we handle the organization as part of the username.

Three values: 'none': Force the user to select the correct organization from the dropdown box. 'allow': Allow the user to enter the organization as part of the username. 'force': Remove the dropdown box.

Definition at line 42 of file UserPassOrgBase.php.

Referenced by sspmod_ldap_Auth_Source_LDAPMulti\__construct(), getUsernameOrgMethod(), and setUsernameOrgMethod().

◆ AUTHID

const sspmod_core_Auth_UserPassOrgBase::AUTHID = 'sspmod_core_Auth_UserPassOrgBase.AuthId'

The key of the AuthId field in the state.

Definition at line 26 of file UserPassOrgBase.php.

◆ ORGID

const sspmod_core_Auth_UserPassOrgBase::ORGID = 'sspmod_core_Auth_UserPassOrgBase.SelectedOrg'

The key of the OrgId field in the state, identifies which org was selected.

Definition at line 32 of file UserPassOrgBase.php.

◆ STAGEID

const sspmod_core_Auth_UserPassOrgBase::STAGEID = 'sspmod_core_Auth_UserPassOrgBase.state'

The string used to identify our states.

Definition at line 20 of file UserPassOrgBase.php.

The documentation for this class was generated from the following file: