ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2020 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
8 class ilAuthProviderSoap extends ilAuthProvider implements ilAuthProviderInterface
9 {
11  protected $server_host = '';
13  protected $server_port = '';
15  protected $server_uri = '';
17  protected $server_https = '';
19  protected $server_nms = '';
21  protected $use_dot_net = false;
23  protected $uri = '';
25  protected $client;
27  protected $logger;
29  protected $settings;
31  protected $language;
33  protected $rbacAdmin;
34 
38  public function __construct(ilAuthCredentials $credentials)
39  {
40  global $DIC;
41 
42  $this->settings = $DIC->settings();
43  $this->logger = $DIC->logger()->auth();
44  $this->language = $DIC->language();
45  $this->rbacAdmin = $DIC->rbac()->admin();
46 
47  parent::__construct($credentials);
48  }
49 
53  private function initClient()
54  {
55  $this->server_host = (string) $this->settings->get('soap_auth_server', '');
56  $this->server_port = (string) $this->settings->get('soap_auth_port', '');
57  $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
58  $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
59  $this->server_https = (bool) $this->settings->get('soap_auth_use_https', false);
60  $this->use_dot_net = (bool) $this->settings->get('use_dotnet', false);
61 
62  $this->uri = $this->server_https ? 'https://' : 'http://';
63  $this->uri .= $this->server_host;
64 
65  if ($this->server_port > 0) {
66  $this->uri .= (':' . $this->server_port);
67  }
68  if ($this->server_uri) {
69  $this->uri .= ('/' . $this->server_uri);
70  }
71 
72  require_once './webservice/soap/lib/nusoap.php';
73  $this->client = new nusoap_client($this->uri);
74  }
75 
79  public function doAuthentication(ilAuthStatus $status)
80  {
81  try {
82  $this->initClient();
83  $this->handleSoapAuth($status);
84  } catch (Exception $e) {
85  $this->getLogger()->error($e->getMessage());
86  $status->setTranslatedReason($e->getMessage());
87  }
88 
89  if ($status->getAuthenticatedUserId() > 0) {
90  $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
91  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
92  ilSession::set('used_external_auth', true);
93 
94  return true;
95  }
96 
97  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
98 
99  return false;
100  }
101 
106  private function handleSoapAuth(ilAuthStatus $status) : bool
107  {
108  $this->logger->debug(sprintf(
109  'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
110  $this->getCredentials()->getUsername(),
111  'soap'
112  ));
113  $this->logger->debug(sprintf(
114  'Trying to find ext_account "%s" for auth_mode "%s".',
115  $this->getCredentials()->getUsername(),
116  'soap'
117  ));
118 
119  $internalLogin = ilObjUser::_checkExternalAuthAccount(
120  'soap',
121  $this->getCredentials()->getUsername()
122  );
123 
124  $isNewUser = false;
125  if ('' === $internalLogin || false === $internalLogin) {
126  $isNewUser = true;
127  }
128 
129  $soapAction = '';
130  $nspref = '';
131  if ($this->use_dot_net) {
132  $soapAction = $this->server_nms . '/isValidSession';
133  $nspref = 'ns1:';
134  }
135 
136  $valid = $this->client->call(
137  'isValidSession',
138  [
139  $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
140  $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
141  $nspref . 'new_user' => $isNewUser
142  ],
143  $this->server_nms,
144  $soapAction
145  );
146 
147  if ($valid['valid'] !== true) {
148  $valid['valid'] = false;
149  }
150 
151  if (!$valid['valid']) {
152  $status->setReason('err_wrong_login');
153  return false;
154  }
155 
156  if (!$isNewUser) {
157  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
158  return true;
159  } elseif (!$this->settings->get('soap_auth_create_users')) {
160  // Translate the reasons, otherwise the default failure is displayed
161  $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
162  return false;
163  }
164 
165  $userObj = new ilObjUser();
166  $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
167 
168  $usrData = [];
169  $usrData['firstname'] = $valid['firstname'];
170  $usrData['lastname'] = $valid['lastname'];
171  $usrData['email'] = $valid['email'];
172  $usrData['login'] = $internalLogin;
173  $usrData['passwd'] = '';
174  $usrData['passwd_type'] = IL_PASSWD_CRYPTED;
175 
176  $password = '';
177  if ($this->settings->get('soap_auth_allow_local')) {
178  $passwords = ilUtil::generatePasswords(1);
179  $password = $passwords[0];
180  $usrData['passwd'] = $password;
181  $usrData['passwd_type'] = IL_PASSWD_PLAIN;
182  }
183 
184  $usrData['auth_mode'] = 'soap';
185  $usrData['ext_account'] = $this->getCredentials()->getUsername();
186  $usrData['profile_incomplete'] = 1;
187 
188  $userObj->assignData($usrData);
189  $userObj->setTitle($userObj->getFullname());
190  $userObj->setDescription($userObj->getEmail());
191  $userObj->setLanguage($this->language->getDefaultLanguage());
192 
193  $userObj->setTimeLimitOwner(USER_FOLDER_ID);
194  $userObj->setTimeLimitUnlimited(1);
195  $userObj->setTimeLimitFrom(time());
196  $userObj->setTimeLimitUntil(time());
197  $userObj->setOwner(0);
198  $userObj->create();
199  $userObj->setActive(1);
200  $userObj->updateOwner();
201  $userObj->saveAsNew(false);
202  $userObj->writePrefs();
203 
204  $this->rbacAdmin->assignUser(
205  $this->settings->get('soap_auth_user_default_role', 4),
206  $userObj->getId()
207  );
208 
209  if ($this->settings->get('soap_auth_account_mail', false)) {
210  $registrationSettings = new ilRegistrationSettings();
211  $registrationSettings->setPasswordGenerationStatus(true);
212 
213  $accountMail = new ilAccountRegistrationMail(
214  $registrationSettings,
215  $this->language,
216  $this->logger
217  );
218  $accountMail
219  ->withDirectRegistrationMode()
220  ->send($userObj, $password, false);
221  }
222 
223  $status->setAuthenticatedUserId($userObj->getId());
224  return true;
225  }
226 }
IL_PASSWD_PLAIN
const IL_PASSWD_PLAIN
Definition: class.ilObjUser.php:4
settings
settings()
Definition: settings.php:2
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
$DIC
global $DIC
Definition: saml.php:7
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
$valid
$valid
Definition: dummy_client.php:52
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:106
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:438
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:430
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:38
ilUtil\generatePasswords
static generatePasswords($a_number)
Generate a number of passwords.
Definition: class.ilUtil.php:3661
ilAuthProviderSoap
Class ilAuthProviderSoap.
Definition: class.ilAuthProviderSoap.php:8
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:125
ilAuthStatus\setTranslatedReason
setTranslatedReason($a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:90
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:8
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7072
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:79
ilAuthStatus\setReason
setReason($a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$password
$password
Definition: cron.php:14
USER_FOLDER_ID
const USER_FOLDER_ID
Class ilObjUserFolder.
Definition: class.ilObjUserFolder.php:16
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11