ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2020 ILIAS open source, Extended GPL, see docs/LICENSE */
3
8class ilAuthProviderSoap extends ilAuthProvider implements ilAuthProviderInterface
9{
11 protected $server_host = '';
13 protected $server_port = '';
15 protected $server_uri = '';
17 protected $server_https = '';
19 protected $server_nms = '';
21 protected $use_dot_net = false;
23 protected $uri = '';
25 protected $client;
27 protected $logger;
29 protected $settings;
31 protected $language;
33 protected $rbacAdmin;
34
38 public function __construct(ilAuthCredentials $credentials)
39 {
40 global $DIC;
41
42 $this->settings = $DIC->settings();
43 $this->logger = $DIC->logger()->auth();
44 $this->language = $DIC->language();
45 $this->rbacAdmin = $DIC->rbac()->admin();
46
47 parent::__construct($credentials);
48 }
49
53 private function initClient()
54 {
55 $this->server_host = (string) $this->settings->get('soap_auth_server', '');
56 $this->server_port = (string) $this->settings->get('soap_auth_port', '');
57 $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
58 $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
59 $this->server_https = (bool) $this->settings->get('soap_auth_use_https', false);
60 $this->use_dot_net = (bool) $this->settings->get('use_dotnet', false);
61
62 $this->uri = $this->server_https ? 'https://' : 'http://';
63 $this->uri .= $this->server_host;
64
65 if ($this->server_port > 0) {
66 $this->uri .= (':' . $this->server_port);
67 }
68 if ($this->server_uri) {
69 $this->uri .= ('/' . $this->server_uri);
70 }
71
72 require_once './webservice/soap/lib/nusoap.php';
73 $this->client = new nusoap_client($this->uri);
74 }
75
79 public function doAuthentication(ilAuthStatus $status)
80 {
81 try {
82 $this->initClient();
83 $this->handleSoapAuth($status);
84 } catch (Exception $e) {
85 $this->getLogger()->error($e->getMessage());
86 $status->setTranslatedReason($e->getMessage());
87 }
88
89 if ($status->getAuthenticatedUserId() > 0) {
90 $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
91 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
92 ilSession::set('used_external_auth', true);
93
94 return true;
95 }
96
97 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
98
99 return false;
100 }
101
106 private function handleSoapAuth(ilAuthStatus $status) : bool
107 {
108 $this->logger->debug(sprintf(
109 'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
110 $this->getCredentials()->getUsername(),
111 'soap'
112 ));
113 $this->logger->debug(sprintf(
114 'Trying to find ext_account "%s" for auth_mode "%s".',
115 $this->getCredentials()->getUsername(),
116 'soap'
117 ));
118
119 $internalLogin = ilObjUser::_checkExternalAuthAccount(
120 'soap',
121 $this->getCredentials()->getUsername()
122 );
123
124 $isNewUser = false;
125 if ('' === $internalLogin || false === $internalLogin) {
126 $isNewUser = true;
127 }
128
129 $soapAction = '';
130 $nspref = '';
131 if ($this->use_dot_net) {
132 $soapAction = $this->server_nms . '/isValidSession';
133 $nspref = 'ns1:';
134 }
135
136 $valid = $this->client->call(
137 'isValidSession',
138 [
139 $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
140 $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
141 $nspref . 'new_user' => $isNewUser
142 ],
143 $this->server_nms,
144 $soapAction
145 );
146
147 if ($valid['valid'] !== true) {
148 $valid['valid'] = false;
149 }
150
151 if (!$valid['valid']) {
152 $status->setReason('err_wrong_login');
153 return false;
154 }
155
156 if (!$isNewUser) {
157 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
158 return true;
159 } elseif (!$this->settings->get('soap_auth_create_users')) {
160 // Translate the reasons, otherwise the default failure is displayed
161 $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
162 return false;
163 }
164
165 $userObj = new ilObjUser();
166 $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
167
168 $usrData = [];
169 $usrData['firstname'] = $valid['firstname'];
170 $usrData['lastname'] = $valid['lastname'];
171 $usrData['email'] = $valid['email'];
172 $usrData['login'] = $internalLogin;
173 $usrData['passwd'] = '';
174 $usrData['passwd_type'] = IL_PASSWD_CRYPTED;
175
176 $password = '';
177 if ($this->settings->get('soap_auth_allow_local')) {
178 $passwords = ilUtil::generatePasswords(1);
179 $password = $passwords[0];
180 $usrData['passwd'] = $password;
181 $usrData['passwd_type'] = IL_PASSWD_PLAIN;
182 }
183
184 $usrData['auth_mode'] = 'soap';
185 $usrData['ext_account'] = $this->getCredentials()->getUsername();
186 $usrData['profile_incomplete'] = 1;
187
188 $userObj->assignData($usrData);
189 $userObj->setTitle($userObj->getFullname());
190 $userObj->setDescription($userObj->getEmail());
191 $userObj->setLanguage($this->language->getDefaultLanguage());
192
193 $userObj->setTimeLimitOwner(USER_FOLDER_ID);
194 $userObj->setTimeLimitUnlimited(1);
195 $userObj->setTimeLimitFrom(time());
196 $userObj->setTimeLimitUntil(time());
197 $userObj->setOwner(0);
198 $userObj->create();
199 $userObj->setActive(1);
200 $userObj->updateOwner();
201 $userObj->saveAsNew(false);
202 $userObj->writePrefs();
203
204 $this->rbacAdmin->assignUser(
205 $this->settings->get('soap_auth_user_default_role', 4),
206 $userObj->getId()
207 );
208
209 if ($this->settings->get('soap_auth_account_mail', false)) {
210 $registrationSettings = new ilRegistrationSettings();
211 $registrationSettings->setPasswordGenerationStatus(true);
212
213 $accountMail = new ilAccountRegistrationMail(
214 $registrationSettings,
215 $this->language,
216 $this->logger
217 );
218 $accountMail
219 ->withDirectRegistrationMode()
220 ->send($userObj, $password, false);
221 }
222
223 $status->setAuthenticatedUserId($userObj->getId());
224 return true;
225 }
226}
php
An exception for terminatinating execution or to throw for unit testing.
USER_FOLDER_ID
const USER_FOLDER_ID
Class ilObjUserFolder.
Definition: class.ilObjUserFolder.php:16
IL_PASSWD_PLAIN
const IL_PASSWD_PLAIN
Definition: class.ilObjUser.php:4
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:9
ilAuthProviderSoap
Class ilAuthProviderSoap.
Definition: class.ilAuthProviderSoap.php:9
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:106
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
@inheritDoc
Definition: class.ilAuthProviderSoap.php:79
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
@inheritDoc
Definition: class.ilAuthProviderSoap.php:38
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:12
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:12
ilAuthStatus\setTranslatedReason
setTranslatedReason($a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:90
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:438
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:46
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:430
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3661
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7072
$password
$password
Definition: cron.php:14
$valid
$valid
Definition: dummy_client.php:52
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:12
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:12
$DIC
global $DIC
Definition: saml.php:7
settings
settings()
Definition: settings.php:2