OAuth based lti authentication. More...

Inheritance diagram for ilAuthProviderLTI:

Collaboration diagram for ilAuthProviderLTI:

Static Public Member Functions
static	getAuthModeByKey ($a_auth_key)
	Get auth mode by key. More...

static	getKeyByAuthMode ($a_auth_mode)
	Get auth id by auth mode. More...

static	getActiveAuthModes ()
	get all active authmode server ids More...

static	getAuthModes ()

static	lookupConsumer ($a_sid)
	Lookup consumer title. More...

static	getServerIdByAuthMode ($a_auth_mode)
	Get auth id by auth mode. More...

static	isAuthModeLTI ($a_auth_mode)
	Check if user auth mode is LDAP. More...

Data Fields
const	AUTH_MODE_PREFIX = 'lti'

Data Fields inherited from ilAuthProvider
const	STATUS_UNDEFINED = 0

const	STATUS_AUTHENTICATION_SUCCESS = 1

const	STATUS_AUTHENTICATION_FAILED = 2

const	STATUS_MIGRATION = 3

Protected Member Functions
	findAuthKeyId ($a_oauth_consumer_key)
	find consumer key id @global type $ilDB More...

	findAuthPrefix ($a_lti_id)
	find lti id More...

	findGlobalRole ($a_lti_id)
	find global role of consumer More...

	findUserId ($a_oauth_user, $a_oauth_id, $a_user_prefix)
	Find user by auth mode and lti id. More...

	createUser (ilLTIToolConsumer $consumer)
	create new user More...

	updateUser ($a_local_user_id, ilLTIToolConsumer $consumer)
	update existing user More...

	handleLocalRoleAssignments ($user_id, ilLTIToolConsumer $consumer)

Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, $a_reason)
	Handle failed authentication. More...

Private Attributes
	$dataConnector = null

Additional Inherited Members
Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...

	getLogger ()
	Get logger. More...

	getCredentials ()

Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

Detailed Description

OAuth based lti authentication.

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e; Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de; Stefan Schneider

Definition at line 19 of file class.ilAuthProviderLTI.php.

Member Function Documentation

◆ createUser()

ilAuthProviderLTI::createUser ( ilLTIToolConsumer $consumer )

protected

create new user

@access protected

Definition at line 222 of file class.ilAuthProviderLTI.php.

    {
        global $ilClientIniFile, $ilSetting;
 
        $userObj = new ilObjUser();
 
        include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
        $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
 
        $newUser["login"] = $local_user;
        $newUser["firstname"] = $_POST['lis_person_name_given'];
        $newUser["lastname"] = $_POST['lis_person_name_family'];
        $newUser['email'] = $_POST['lis_person_contact_email_primary'];
        
 
        // set "plain md5" password (= no valid password)
        $newUser["passwd"] = "";
        $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
 
        $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
        $newUser['ext_account'] = $this->getCredentials()->getUsername();
        $newUser["profile_incomplete"] = 0;
 
        // system data
        $userObj->assignData($newUser);
        $userObj->setTitle($userObj->getFullname());
        $userObj->setDescription($userObj->getEmail());
 
        // set user language to system language
        $userObj->setLanguage($ilSetting->get("language"));
 
        // Time limit
        $userObj->setTimeLimitOwner(7);
        $userObj->setTimeLimitUnlimited(0);
        $userObj->setTimeLimitFrom(time() - 5);
        $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
 
 
        // Create user in DB
        $userObj->setOwner(6);
        $userObj->create();
        $userObj->setActive(1);
        $userObj->updateOwner();
        $userObj->saveAsNew();
        $userObj->writePrefs();
 
        $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
        
        $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
        return $userObj->getId();
    }

References $_POST, $GLOBALS, $ilSetting, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIToolConsumer\getExtConsumerId(), ilAuthProvider\getLogger(), ilLTIToolConsumer\getPrefix(), ilLTIToolConsumer\getRole(), and IL_PASSWD_CRYPTED.

Here is the call graph for this function:

◆ findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId ( $a_oauth_consumer_key )

protected

find consumer key id @global type $ilDB

Parameters

type $a_oauth_consumer_key

Returns: type

Definition at line 140 of file class.ilAuthProviderLTI.php.

    {
        global $ilDB;
        
        $query = 'SELECT consumer_pk from lti2_consumer where consumer_key256 = ' . $ilDB->quote($a_oauth_consumer_key, 'text');
        // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
        
        $lti_id = 0;
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $lti_id = $row->consumer_pk;
            // $lti_id = $row->id;
        }
        $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
        return $lti_id;
    }

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

Here is the call graph for this function:

◆ findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix ( $a_lti_id )

protected

find lti id

Parameters

type $a_lti_id

Definition at line 162 of file class.ilAuthProviderLTI.php.

    {
        global $ilDB;
        
        $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
        
        // $prefix = 'lti'.$a_lti_id.'_';
        $prefix = '';
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $prefix = $row->prefix;
        }
        $this->getLogger()->debug('LTI prefix: ' . $prefix);
        return $prefix;
    }

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

Here is the call graph for this function:

◆ findGlobalRole()

ilAuthProviderLTI::findGlobalRole ( $a_lti_id )

protected

find global role of consumer

Definition at line 182 of file class.ilAuthProviderLTI.php.

    {
        global $ilDB;
        
        $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
        
        $role = '';
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $role = $row->role;
        }
        $this->getLogger()->debug('LTI role: ' . $role);
        return $role;
    }

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

Here is the call graph for this function:

◆ findUserId()

ilAuthProviderLTI::findUserId	(	$a_oauth_user,
		$a_oauth_id,
		$a_user_prefix
	)

protected

Find user by auth mode and lti id.

Parameters

type	$a_oauth_user
type	$a_oauth_id

Definition at line 203 of file class.ilAuthProviderLTI.php.

    {
        $user_name = ilObjUser::_checkExternalAuthAccount(
            self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
            $a_oauth_user
        );
        $user_id = 0;
        if ($user_name) {
            $user_id = ilObjUser::_lookupId($user_name);
        }
        $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
        return $user_id;
    }

References ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

Here is the call graph for this function:

◆ getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )

static

get all active authmode server ids

Definition at line 393 of file class.ilAuthProviderLTI.php.

    {
        global $ilDB;
        
        // move to connector
        $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
        $res = $ilDB->query($query);
        
        $sids = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $sids[] = $row->consumer_pk;
        }
        return $sids;
    }

References $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

Here is the caller graph for this function:

◆ getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey ( $a_auth_key )

static

Get auth mode by key.

Parameters

string $a_auth_mode

Returns: int auth_mode

Definition at line 366 of file class.ilAuthProviderLTI.php.

    {
        $auth_arr = explode('_', $a_auth_key);
        if (count((array) $auth_arr) > 1) {
            return 'lti_' . $auth_arr[1];
        }
        return 'lti';
    }

Referenced by ilAuthUtils\_getAuthModeName().

Here is the caller graph for this function:

◆ getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )

static

Definition at line 408 of file class.ilAuthProviderLTI.php.

    {
        global $ilDB;
        
        // move to connector
        $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
        $res = $ilDB->query($query);
        
        $sids = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $sids[] = $row->consumer_pk;
        }
        return $sids;
    }

References $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

Here is the caller graph for this function:

◆ getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode ( $a_auth_mode )

static

Get auth id by auth mode.

Parameters

string $a_auth_mode

Returns: int auth_mode

Definition at line 380 of file class.ilAuthProviderLTI.php.

    {
        $auth_arr = explode('_', $a_auth_mode);
        if (count((array) $auth_arr) > 1) {
            return AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
        }
        return AUTH_PROVIDER_LTI;
    }

References AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

Here is the caller graph for this function:

◆ getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode ( $a_auth_mode )

static

Get auth id by auth mode.

Parameters

type $a_auth_mode

Returns: null

Definition at line 442 of file class.ilAuthProviderLTI.php.

    {
        if (self::isAuthModeLTI($a_auth_mode)) {
            $auth_arr = explode('_', $a_auth_mode);
            return $auth_arr[1];
        }
        return null;
    }

Referenced by ilAuthUtils\getAuthModeTranslation().

Here is the caller graph for this function:

◆ handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments	(		$user_id,
		ilLTIToolConsumer	$consumer
	)

protected

Definition at line 305 of file class.ilAuthProviderLTI.php.

    {
        $target_ref_id = $_SESSION['lti_context_id'];
        if (!$target_ref_id) {
            $this->getLogger()->debug('No target id given');
            return false;
        }
        $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
        
        // @todo read from lti data
        $roles = $_POST['roles'];
        if (!strlen($roles)) {
            $this->getLogger()->debug('No role information given');
            return false;
        }
        $role_arr = explode(',', $roles);
        
        foreach ($role_arr as $role_name) {
            $role_name = trim($role_name);
            switch ($role_name) {
                case 'Administrator':
                    
                    $this->getLogger()->debug('Administrator role handling');
                    if ($obj_settings->getAdminRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getAdminRole(),
                            $user_id
                        );
                    }
                    break;
 
                case 'Instructor':
                    $this->getLogger()->debug('Instructor role handling');
                    $this->getLogger()->debug('Tutor role for request: ' . $obj_settings->getTutorRole());
                    if ($obj_settings->getTutorRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getTutorRole(),
                            $user_id
                        );
                    }
                    break;
 
                case 'Member':
                case 'Learner':
                    $this->getLogger()->debug('Member role handling');
                    if ($obj_settings->getMemberRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getMemberRole(),
                            $user_id
                        );
                    }
                    break;
            }
        }
    }

References $_POST, $_SESSION, $GLOBALS, ilAuthProvider\$user_id, ilLTIToolConsumer\getExtConsumerId(), and ilAuthProvider\getLogger().

Here is the call graph for this function:

◆ isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI ( $a_auth_mode )

static

Check if user auth mode is LDAP.

Parameters

type $a_auth_mode

Definition at line 455 of file class.ilAuthProviderLTI.php.

    {
        if (!$a_auth_mode) {
            ilLoggerFactory::getLogger('lti')->warning('No auth mode given.');
            return false;
        }
        $auth_arr = explode('_', $a_auth_mode);
        return ($auth_arr[0] == AUTH_PROVIDER_LTI) and $auth_arr[1];
    }

References AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

Here is the call graph for this function:

◆ lookupConsumer()

static ilAuthProviderLTI::lookupConsumer ( $a_sid )

static

Lookup consumer title.

Parameters

type $a_sid

Returns: type

Definition at line 428 of file class.ilAuthProviderLTI.php.

    {
        include_once './Services/LTI/classes/class.ilLTIDataConnector.php';
        $connector = new ilLTIDataConnector();
        include_once './Services/LTI/classes/InternalProvider/class.ilLTIToolConsumer.php';
        $consumer = ilLTIToolConsumer::fromRecordId($a_sid, $connector);
        return $consumer->getTitle();
    }

References ilLTIToolConsumer\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderLTI::updateUser	(		$a_local_user_id,
		ilLTIToolConsumer	$consumer
	)

protected

update existing user

@access protected

Definition at line 279 of file class.ilAuthProviderLTI.php.

    {
        global $ilClientIniFile,$ilLog,$rbacadmin;
        
        $user_obj = new ilObjUser($a_local_user_id);
        $user_obj->setFirstname($_POST['lis_person_name_given']);
        $user_obj->setLastname($_POST['lis_person_name_family']);
        $user_obj->setEmail($_POST['lis_person_contact_email_primary']);
        $user_obj->setActive(true);
        
        $until = $user_obj->getTimeLimitUntil();
 
        if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
            $user_obj->setTimeLimitFrom(time() - 60);
            $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
        }
        $user_obj->update();
        $user_obj->refreshLogin();
        
        $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
        $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
        
        $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
        return $user_obj->getId();
    }

References $_POST, $GLOBALS, $ilLog, ilAuthProvider\getLogger(), and ilLTIToolConsumer\getRole().

Here is the call graph for this function:

Field Documentation

◆ $dataConnector

ilAuthProviderLTI::$dataConnector = null

private

Definition at line 22 of file class.ilAuthProviderLTI.php.

◆ AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 21 of file class.ilAuthProviderLTI.php.

The documentation for this class was generated from the following file:

Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php

Static Public Member Functions

Data Fields

Protected Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ createUser()

◆ findAuthKeyId()

◆ findAuthPrefix()

◆ findGlobalRole()

◆ findUserId()

◆ getActiveAuthModes()

◆ getAuthModeByKey()

◆ getAuthModes()

◆ getKeyByAuthMode()

◆ getServerIdByAuthMode()

◆ handleLocalRoleAssignments()

◆ isAuthModeLTI()

◆ lookupConsumer()

◆ updateUser()

Field Documentation

◆ $dataConnector

◆ AUTH_MODE_PREFIX