ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilOpenIdConnectSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
11 class ilOpenIdConnectSettingsGUI
12 {
13  const STAB_SETTINGS = 'settings';
14  const STAB_PROFILE = 'profile';
15  const STAB_ROLES = 'roles';
16 
17  const DEFAULT_CMD = 'settings';
18 
22  private $ref_id = 0;
23 
24 
28  private $settings = null;
29 
33  protected $lng = null;
34 
38  protected $ctrl = null;
39 
43  protected $logger = null;
44 
48  protected $access = null;
49 
53  protected $review;
54 
58  protected $error = null;
59 
63  protected $mainTemplate = null;
64 
68  protected $tabs = null;
69 
73  public function __construct($a_ref_id)
74  {
75  global $DIC;
76 
77  $this->ref_id = $a_ref_id;
78 
79  $this->lng = $DIC->language();
80  $this->lng->loadLanguageModule('auth');
81 
82  $this->mainTemplate = $DIC->ui()->mainTemplate();
83  $this->tabs = $DIC->tabs();
84  $this->ctrl = $DIC->ctrl();
85  $this->logger = $DIC->logger()->auth();
86 
87  $this->access = $DIC->access();
88  $this->review = $DIC->rbac()->review();
89  $this->error = $DIC['ilErr'];
90 
91 
92  $this->settings = ilOpenIdConnectSettings::getInstance();
93  }
94 
98  protected function checkAccess($a_permission)
99  {
100  if (!$this->checkAccessBool($a_permission)) {
101  $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
102  }
103  }
104 
109  protected function checkAccessBool($a_permission)
110  {
111  return $this->access->checkAccess($a_permission, '', $this->ref_id);
112  }
113 
114 
118  public function executeCommand()
119  {
120  $this->checkAccess('read');
121 
122  switch ($this->ctrl->getNextClass()) {
123  default:
124  $cmd = $this->ctrl->getCmd(self::DEFAULT_CMD);
125  $this->$cmd();
126  break;
127  }
128  }
129 
133  protected function settings(ilPropertyFormGUI $form = null)
134  {
135  $this->checkAccess('read');
136  $this->setSubTabs(self::STAB_SETTINGS);
137 
138 
139  if (!$form instanceof ilPropertyFormGUI) {
140  $form = $this->initSettingsForm();
141  }
142 
143  $this->mainTemplate->setContent($form->getHTML());
144  }
145 
149  protected function initSettingsForm()
150  {
151  $form = new ilPropertyFormGUI();
152  $form->setTitle($this->lng->txt('auth_oidc_settings_title'));
153  $form->setFormAction($this->ctrl->getFormAction($this));
154 
155  // activation
156  $activation = new ilCheckboxInputGUI(
157  $this->lng->txt('auth_oidc_settings_activation'),
158  'activation'
159  );
160  $activation->setChecked($this->settings->getActive());
161  $form->addItem($activation);
162 
163  // provider
164  $provider = new ilTextInputGUI(
165  $this->lng->txt('auth_oidc_settings_provider'),
166  'provider'
167  );
168  $provider->setRequired(true);
169  $provider->setValue($this->settings->getProvider());
170  $form->addItem($provider);
171 
172  $client_id = new ilTextInputGUI(
173  $this->lng->txt('auth_oidc_settings_client_id'),
174  'client_id'
175  );
176  $client_id->setRequired(true);
177  $client_id->setValue($this->settings->getClientId());
178  $form->addItem($client_id);
179 
180  // secret
181  $secret = new ilPasswordInputGUI(
182  $this->lng->txt('auth_oidc_settings_secret'),
183  'secret'
184  );
185  $secret->setSkipSyntaxCheck(true);
186  $secret->setRetype(false);
187  $secret->setRequired(false);
188  if (strlen($this->settings->getSecret())) {
189  $secret->setValue('******');
190  }
191  $form->addItem($secret);
192 
193  // login element
194  $login_element = new ilRadioGroupInputGUI(
195  $this->lng->txt('auth_oidc_settings_le'),
196  'le'
197  );
198  $login_element->setRequired(true);
199  $login_element->setValue($this->settings->getLoginElementType());
200  $form->addItem($login_element);
201 
202  // le -> type text
203  $text_option = new ilRadioOption(
204  $this->lng->txt('auth_oidc_settings_txt'),
205  ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT
206  );
207  $login_element->addOption($text_option);
208 
209  // le -> type text -> text
210  $text = new ilTextInputGUI(
211  '',
212  'le_text'
213  );
214  $text->setValue($this->settings->getLoginElemenText());
215  $text->setMaxLength(120);
216  $text->setInfo($this->lng->txt('auth_oidc_settings_txt_val_info'));
217  $text_option->addSubItem($text);
218 
219  // le -> type img
220  $img_option = new ilRadioOption(
221  $this->lng->txt('auth_oidc_settings_img'),
222  ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG
223  );
224  $login_element->addOption($img_option);
225 
226  $image = new ilImageFileInputGUI(
227  '',
228  'le_img'
229  );
230  $image->setALlowDeletion(false);
231 
232  if ($this->settings->hasImageFile()) {
233  $image->setImage($this->settings->getImageFilePath());
234  }
235  $image->setInfo($this->lng->txt('auth_oidc_settings_img_file_info'));
236  $img_option->addSubItem($image);
237 
238  // login options
239  $login_options = new ilRadioGroupInputGUI(
240  $this->lng->txt('auth_oidc_settings_login_options'),
241  'login_prompt'
242  );
243  $login_options->setValue($this->settings->getLoginPromptType());
244 
245  // enforce login
246  $enforce = new ilRadioOption(
247  $this->lng->txt('auth_oidc_settings_login_option_enforce'),
248  ilOpenIdConnectSettings::LOGIN_ENFORCE
249  );
250  $enforce->setInfo($this->lng->txt('auth_oidc_settings_login_option_enforce_info'));
251  $login_options->addOption($enforce);
252 
253  // default login
254  $default = new ilRadioOption(
255  $this->lng->txt('auth_oidc_settings_login_option_default'),
256  ilOpenIdConnectSettings::LOGIN_STANDARD
257  );
258  $default->setInfo($this->lng->txt('auth_oidc_settings_login_option_default_info'));
259  $login_options->addOption($default);
260 
261  $form->addItem($login_options);
262 
263  // logout scope
264  $logout_scope = new ilRadioGroupInputGUI(
265  $this->lng->txt('auth_oidc_settings_logout_scope'),
266  'logout_scope'
267  );
268  $logout_scope->setValue($this->settings->getLogoutScope());
269 
270  // scope global
271  $global_scope = new ilRadioOption(
272  $this->lng->txt('auth_oidc_settings_logout_scope_global'),
273  ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL
274  );
275  $global_scope->setInfo($this->lng->txt('auth_oidc_settings_logout_scope_global_info'));
276  $logout_scope->addOption($global_scope);
277 
278  // ilias scope
279  $ilias_scope = new ilRadioOption(
280  $this->lng->txt('auth_oidc_settings_logout_scope_local'),
281  ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL
282  );
283  $logout_scope->addOption($ilias_scope);
284 
285  $form->addItem($logout_scope);
286 
287  $use_custom_session = new ilCheckboxInputGUI(
288  $this->lng->txt('auth_oidc_settings_custom_session_duration_type'),
289  'custom_session'
290  );
291  $use_custom_session->setOptionTitle(
292  $this->lng->txt('auth_oidc_settings_custom_session_duration_option')
293  );
294  $use_custom_session->setChecked($this->settings->isCustomSession());
295  $form->addItem($use_custom_session);
296 
297  // session duration
298  $session = new ilNumberInputGUI(
299  $this->lng->txt('auth_oidc_settings_session_duration'),
300  'session_duration'
301  );
302  $session->setValue($this->settings->getSessionDuration());
303  $session->setSuffix($this->lng->txt('minutes'));
304  $session->setMinValue(5);
305  $session->setMaxValue(1440);
306  $session->setRequired(true);
307  $use_custom_session->addSubItem($session);
308 
309  if ($this->checkAccessBool('write')) {
310  // save button
311  $form->addCommandButton('saveSettings', $this->lng->txt('save'));
312  }
313 
314 
315  // User sync settings --------------------------------------------------------------
316  $user_sync = new ilFormSectionHeaderGUI();
317  $user_sync->setTitle($this->lng->txt('auth_oidc_settings_section_user_sync'));
318  $form->addItem($user_sync);
319 
320  $sync = new ilCheckboxInputGUI(
321  $this->lng->txt('auth_oidc_settings_user_sync'),
322  'sync'
323  );
324  $sync->setChecked($this->settings->isSyncAllowed());
325  $sync->setInfo($this->lng->txt('auth_oidc_settings_user_sync_info'));
326  $sync->setValue(1);
327  $form->addItem($sync);
328 
329  $roles = new ilSelectInputGUI(
330  $this->lng->txt('auth_oidc_settings_default_role'),
331  'role'
332  );
333  $roles->setValue($this->settings->getRole());
334  $roles->setInfo($this->lng->txt('auth_oidc_settings_default_role_info'));
335  $roles->setOptions($this->prepareRoleSelection());
336  $roles->setRequired(true);
337  $sync->addSubItem($roles);
338 
339  $user_attr = new ilTextInputGUI(
340  $this->lng->txt('auth_oidc_settings_user_attr'),
341  'username'
342  );
343  $user_attr->setValue($this->settings->getUidField());
344  $user_attr->setRequired(true);
345  $form->addItem($user_attr);
346 
347  return $form;
348  }
349 
353  protected function saveSettings()
354  {
355  $this->checkAccess('write');
356 
357  $form = $this->initSettingsForm();
358  if (!$form->checkInput()) {
359  ilUtil::sendFailure(
360  $this->lng->txt('err_check_input')
361  );
362  $form->setValuesByPost();
363  $this->settings($form);
364  return;
365  }
366 
367  $this->settings->setActive((bool) $form->getInput('activation'));
368  $this->settings->setProvider((string) $form->getInput('provider'));
369  $this->settings->setClientId((string) $form->getInput('client_id'));
370  if (strlen($form->getInput('secret')) && strcmp($form->getInput('secret'), '******') !== 0) {
371  $this->settings->setSecret((string) $form->getInput('secret'));
372  }
373  $this->settings->setLoginElementType((int) $form->getInput('le'));
374  $this->settings->setLoginElementText((string) $form->getInput('le_text'));
375  $this->settings->setLoginPromptType((int) $form->getInput('login_prompt'));
376  $this->settings->setLogoutScope((int) $form->getInput('logout_scope'));
377  $this->settings->useCustomSession((bool) $form->getInput('custom_session'));
378  $this->settings->setSessionDuration((int) $form->getInput('session_duration'));
379  $this->settings->allowSync((bool) $form->getInput('sync'));
380  $this->settings->setRole((int) $form->getInput('role'));
381  $this->settings->setUidField((string) $form->getInput('username'));
382 
383  $fileData = (array) $form->getInput('le_img');
384 
385  if (strlen($fileData['tmp_name'])) {
386  $this->saveImageFromHttpRequest();
387  }
388 
389  $this->settings->save();
390 
391  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
392  $this->ctrl->redirect($this, 'settings');
393  }
394 
398  protected function saveImageFromHttpRequest()
399  {
400  global $DIC;
401 
402  try {
403  $upload = $DIC->upload();
404  if (!$upload->hasBeenProcessed()) {
405  $upload->process();
406  }
407  foreach ($upload->getResults() as $single_file_upload) {
408  if ($single_file_upload->getStatus() == \ILIAS\FileUpload\DTO\ProcessingStatus::OK) {
409  $this->settings->deleteImageFile();
410  $upload->moveFilesTo(
411  ilOpenIdConnectSettings::FILE_STORAGE,
412  \ILIAS\FileUpload\Location::WEB
413  );
414  $this->settings->setLoginElementImage($single_file_upload->getName());
415  }
416  }
417  } catch (\ILIAS\Filesystem\Exception\IllegalStateException $e) {
418  $this->logger->warning('Upload failed with message: ' . $e->getMessage());
419  }
420  }
421 
426  protected function prepareRoleSelection($a_with_select_option = true) : array
427  {
428  $global_roles = ilUtil::_sortIds(
429  $this->review->getGlobalRoles(),
430  'object_data',
431  'title',
432  'obj_id'
433  );
434 
435  $select = [];
436  if ($a_with_select_option) {
437  $select[0] = $this->lng->txt('links_select_one');
438  }
439  foreach ($global_roles as $role_id) {
440  if ($role_id == ANONYMOUS_ROLE_ID) {
441  continue;
442  }
443  $select[$role_id] = ilObject::_lookupTitle($role_id);
444  }
445  return $select;
446  }
447 
448 
452  protected function profile(ilPropertyFormGUI $form = null)
453  {
454  $this->checkAccess('read');
455  $this->setSubTabs(self::STAB_PROFILE);
456 
457  if (!$form instanceof ilPropertyFormGUI) {
458  $form = $this->initProfileForm();
459  }
460  $this->mainTemplate->setContent($form->getHTML());
461  }
462 
466  protected function initProfileForm() : \ilPropertyFormGUI
467  {
468  $form = new ilPropertyFormGUI();
469  $form->setTitle($this->lng->txt('auth_oidc_mapping_table'));
470  $form->setFormAction($this->ctrl->getFormAction($this, 'saveProfile'));
471 
472  foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
473  $text_form = new ilTextInputGUI($this->lng->txt($lng_key));
474  $text_form->setPostVar($field . "_value");
475  $text_form->setValue($this->settings->getProfileMappingFieldValue($field));
476  $form->addItem($text_form);
477 
478  $checkbox_form = new ilCheckboxInputGUI('');
479  $checkbox_form->setValue(1);
480  $checkbox_form->setPostVar($field . "_update");
481  $checkbox_form->setChecked($this->settings->getProfileMappingFieldUpdate($field));
482  $checkbox_form->setOptionTitle($this->lng->txt('auth_oidc_update_field_info'));
483  $form->addItem($checkbox_form);
484  }
485 
486  if ($this->checkAccessBool('write')) {
487  $form->addCommandButton('saveProfile', $this->lng->txt('save'));
488  }
489  return $form;
490  }
491 
495  protected function saveProfile()
496  {
497  $this->checkAccessBool('write');
498 
499  $form = $this->initProfileForm();
500  if (!$form->checkInput()) {
501  ilUtil::sendFailure($this->lng->txt('err_check_input'));
502  $form->setValuesByPost();
503  $this->profile($form);
504  return false;
505  }
506 
507  foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
508  $this->settings->setProfileMappingFieldValue(
509  $field,
510  $form->getInput($field . '_value')
511  );
512  $this->settings->setProfileMappingFieldUpdate(
513  $field,
514  $form->getInput($field . '_update')
515  );
516  }
517  $this->settings->save();
518  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
519  $this->ctrl->redirect($this, self::STAB_PROFILE);
520  }
521 
525  protected function roles(\ilPropertyFormGUI $form = null)
526  {
527  $this->checkAccess('read');
528  $this->setSubTabs(self::STAB_ROLES);
529 
530  if (!$form instanceof ilPropertyFormGUI) {
531  $form = $this->initRolesForm();
532  }
533  $this->mainTemplate->setContent($form->getHTML());
534  }
535 
539  protected function initRolesForm()
540  {
541  $form = new ilPropertyFormGUI();
542  $form->setTitle($this->lng->txt('auth_oidc_role_mapping_table'));
543  $form->setFormAction($this->ctrl->getFormAction($this, self::STAB_ROLES));
544 
545  foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
546  $role_map = new ilTextInputGUI(
547  $role_title,
548  'role_map_' . $role_id
549  );
550  $role_map->setInfo($this->lng->txt('auth_oidc_role_info'));
551  $role_map->setValue($this->settings->getRoleMappingValueForId($role_id));
552  $form->addItem($role_map);
553 
554  $update = new ilCheckboxInputGUI(
555  '',
556  'role_map_update_' . $role_id
557  );
558  $update->setOptionTitle($this->lng->txt('auth_oidc_update_role_info'));
559  $update->setValue(1);
560  $update->setChecked(!$this->settings->getRoleMappingUpdateForId($role_id));
561  $form->addItem($update);
562  }
563 
564  if ($this->checkAccessBool('write')) {
565  $form->addCommandButton('saveRoles', $this->lng->txt('save'));
566  }
567  return $form;
568  }
569 
573  protected function saveRoles()
574  {
575  $this->checkAccess('write');
576  $form = $this->initRolesForm();
577  if ($form->checkInput()) {
578  $this->logger->dump($_POST, \ilLogLevel::DEBUG);
579 
580 
581  $role_settings = [];
582  $role_valid = true;
583  foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
584  if (!strlen(trim($form->getInput('role_map_' . $role_id)))) {
585  continue;
586  }
587 
588  $role_params = explode('::', $form->getInput('role_map_' . $role_id));
589  $this->logger->dump($role_params, \ilLogLevel::DEBUG);
590 
591  if (count($role_params) !== 2) {
592  $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
593  $role_valid = false;
594  continue;
595  }
596  $role_settings[$role_id]['update'] = (bool) !$form->getInput('role_map_update_' . $role_id);
597  $role_settings[$role_id]['value'] = (string) $form->getInput('role_map_' . $role_id);
598  }
599 
600  if (!$role_valid) {
601  $form->setValuesByPost();
602  \ilUtil::sendFailure($this->lng->txt('err_check_input'));
603  $this->roles($form);
604  return;
605  }
606 
607  $this->settings->setRoleMappings($role_settings);
608  $this->settings->save();
609  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
610  $this->ctrl->redirect($this, 'roles');
611  }
612 
613  $form->setValuesByPost();
614  \ilUtil::sendFailure($this->lng->txt('err_check_input'));
615  $this->roles($form);
616  }
617 
621  protected function setSubTabs(string $active_tab)
622  {
623  $this->tabs->addSubTab(
624  self::STAB_SETTINGS,
625  $this->lng->txt('auth_oidc_' . self::STAB_SETTINGS),
626  $this->ctrl->getLinkTarget($this, self::STAB_SETTINGS)
627  );
628  $this->tabs->addSubTab(
629  self::STAB_PROFILE,
630  $this->lng->txt('auth_oidc_' . self::STAB_PROFILE),
631  $this->ctrl->getLinkTarget($this, self::STAB_PROFILE)
632  );
633  $this->tabs->addSubTab(
634  self::STAB_ROLES,
635  $this->lng->txt('auth_oidc_' . self::STAB_ROLES),
636  $this->ctrl->getLinkTarget($this, self::STAB_ROLES)
637  );
638 
639  $this->tabs->activateSubTab($active_tab);
640  }
641 }
ilOpenIdConnectSettingsGUI\settings
settings(ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:133
ilOpenIdConnectSettingsGUI\setSubTabs
setSubTabs(string $active_tab)
Set sub tabs.
Definition: class.ilOpenIdConnectSettingsGUI.php:621
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilOpenIdConnectSettingsGUI\saveImageFromHttpRequest
saveImageFromHttpRequest()
Save image from http request.
Definition: class.ilOpenIdConnectSettingsGUI.php:398
ilOpenIdConnectSettingsGUI
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectSettingsGUI.php:11
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:17
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$DIC
global $DIC
Definition: saml.php:7
ilOpenIdConnectSettingsGUI\prepareRoleSelection
prepareRoleSelection($a_with_select_option=true)
Definition: class.ilOpenIdConnectSettingsGUI.php:426
ilFormSectionHeaderGUI
This class represents a section header in a property form.
Definition: class.ilFormSectionHeaderGUI.php:31
ILIAS
Class BaseForm.
$session
$session
Definition: proxy_ylocal.php:32
ilFormPropertyGUI\setPostVar
setPostVar($a_postvar)
Set Post Variable.
Definition: class.ilFormPropertyGUI.php:112
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilRadioOption\setInfo
setInfo($a_info)
Set Info.
Definition: class.ilRadioOption.php:71
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:146
ilCheckboxInputGUI\setChecked
setChecked($a_checked)
Set Checked.
Definition: class.ilCheckboxInputGUI.php:85
ilOpenIdConnectSettingsGUI\initSettingsForm
initSettingsForm()
Init general settings form.
Definition: class.ilOpenIdConnectSettingsGUI.php:149
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4405
ilSelectInputGUI\setValue
setValue($a_value)
Set Value.
Definition: class.ilSelectInputGUI.php:63
ilOpenIdConnectSettingsGUI\__construct
__construct($a_ref_id)
ilOpenIdConnectSettingsGUI constructor.
Definition: class.ilOpenIdConnectSettingsGUI.php:73
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:14
ilPasswordInputGUI\setSkipSyntaxCheck
setSkipSyntaxCheck($a_val)
Set skip syntax check.
Definition: class.ilPasswordInputGUI.php:197
$text
$text
Definition: errorreport.php:18
ilOpenIdConnectSettingsGUI\roles
roles(\ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:525
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:16
ilPasswordInputGUI
This class represents a password property in a property form.
Definition: class.ilPasswordInputGUI.php:11
$sync
$sync
Definition: memcacheSync.php:62
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497
$default
$default
Definition: build.php:20
ilImageFileInputGUI
This class represents an image file property in a property form.
Definition: class.ilImageFileInputGUI.php:11
$client_id
$client_id
Definition: inc.client_tabs.php:19
ilCheckboxInputGUI\setOptionTitle
setOptionTitle($a_optiontitle)
Set Option Title (optional).
Definition: class.ilCheckboxInputGUI.php:105
ilTextInputGUI\setValue
setValue($a_value)
Set Value.
Definition: class.ilTextInputGUI.php:59
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ilFormPropertyGUI\setRequired
setRequired($a_required)
Set Required.
Definition: class.ilFormPropertyGUI.php:185
Filesystem
Class FlySystemFileAccessTest.