ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
UserPassBase.php
Go to the documentation of this file.
1 <?php
2 
12 abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
13 
14 
18  const STAGEID = 'sspmod_core_Auth_UserPassBase.state';
19 
20 
24  const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId';
25 
26 
33  private $forcedUsername;
34 
39  protected $loginLinks;
40 
47  protected $rememberUsernameEnabled = FALSE;
48 
55  protected $rememberUsernameChecked = FALSE;
56 
65  protected $rememberMeEnabled = FALSE;
66 
73  protected $rememberMeChecked = FALSE;
74 
84  public function __construct($info, &$config) {
85  assert(is_array($info));
86  assert(is_array($config));
87 
88  if (isset($config['core:loginpage_links'])) {
89  $this->loginLinks = $config['core:loginpage_links'];
90  }
91 
92  // Call the parent constructor first, as required by the interface
93  parent::__construct($info, $config);
94 
95  // Get the remember username config options
96  if (isset($config['remember.username.enabled'])) {
97  $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
98  unset($config['remember.username.enabled']);
99  }
100  if (isset($config['remember.username.checked'])) {
101  $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
102  unset($config['remember.username.checked']);
103  }
104 
105  // get the "remember me" config options
106  $sspcnf = SimpleSAML_Configuration::getInstance();
107  $this->rememberMeEnabled = $sspcnf->getBoolean('session.rememberme.enable', FALSE);
108  $this->rememberMeChecked = $sspcnf->getBoolean('session.rememberme.checked', FALSE);
109  }
110 
111 
117  public function setForcedUsername($forcedUsername) {
118  assert(is_string($forcedUsername) || $forcedUsername === null);
119  $this->forcedUsername = $forcedUsername;
120  }
121 
125  public function getLoginLinks() {
126  return $this->loginLinks;
127  }
128 
133  public function getRememberUsernameEnabled() {
134  return $this->rememberUsernameEnabled;
135  }
136 
141  public function getRememberUsernameChecked() {
142  return $this->rememberUsernameChecked;
143  }
144 
149  public function isRememberMeEnabled() {
150  return $this->rememberMeEnabled;
151  }
152 
157  public function isRememberMeChecked() {
158  return $this->rememberMeChecked;
159  }
160 
169  public function authenticate(&$state) {
170  assert(is_array($state));
171 
172  /*
173  * Save the identifier of this authentication source, so that we can
174  * retrieve it later. This allows us to call the login()-function on
175  * the current object.
176  */
177  $state[self::AUTHID] = $this->authId;
178 
179  // What username we should force, if any
180  if ($this->forcedUsername !== NULL) {
181  /*
182  * This is accessed by the login form, to determine if the user
183  * is allowed to change the username.
184  */
185  $state['forcedUsername'] = $this->forcedUsername;
186  }
187 
188  // ECP requests supply authentication credentials with the AUthnRequest
189  // so we validate them now rather than redirecting
190  if (isset($state['core:auth:username']) && isset($state['core:auth:password'])) {
191  $username = $state['core:auth:username'];
192  $password = $state['core:auth:password'];
193 
194  if (isset($state['forcedUsername'])) {
195  $username = $state['forcedUsername'];
196  }
197 
198  $attributes = $this->login($username, $password);
199  assert(is_array($attributes));
200  $state['Attributes'] = $attributes;
201 
202  return;
203  }
204 
205  /* Save the $state-array, so that we can restore it after a redirect. */
206  $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
207 
208  /*
209  * Redirect to the login form. We include the identifier of the saved
210  * state array as a parameter to the login form.
211  */
212  $url = SimpleSAML\Module::getModuleURL('core/loginuserpass.php');
213  $params = array('AuthState' => $id);
214  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
215 
216  /* The previous function never returns, so this code is never executed. */
217  assert(false);
218  }
219 
220 
234  abstract protected function login($username, $password);
235 
236 
248  public static function handleLogin($authStateId, $username, $password) {
249  assert(is_string($authStateId));
250  assert(is_string($username));
251  assert(is_string($password));
252 
253  /* Here we retrieve the state array we saved in the authenticate-function. */
254  $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
255 
256  /* Retrieve the authentication source we are executing. */
257  assert(array_key_exists(self::AUTHID, $state));
258  $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
259  if ($source === NULL) {
260  throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
261  }
262 
263  /*
264  * $source now contains the authentication source on which authenticate()
265  * was called. We should call login() on the same authentication source.
266  */
267 
268  /* Attempt to log in. */
269  try {
270  $attributes = $source->login($username, $password);
271  } catch (Exception $e) {
272  SimpleSAML\Logger::stats('Unsuccessful login attempt from '.$_SERVER['REMOTE_ADDR'].'.');
273  throw $e;
274  }
275 
276  SimpleSAML\Logger::stats('User \''.$username.'\' successfully authenticated from '.$_SERVER['REMOTE_ADDR']);
277 
278  /* Save the attributes we received from the login-function in the $state-array. */
279  assert(is_array($attributes));
280  $state['Attributes'] = $attributes;
281 
282  /* Return control to SimpleSAMLphp after successful authentication. */
283  SimpleSAML_Auth_Source::completeAuth($state);
284  }
285 
286 }
sspmod_core_Auth_UserPassBase\handleLogin
static handleLogin($authStateId, $username, $password)
Handle login request.
Definition: UserPassBase.php:248
sspmod_core_Auth_UserPassBase\setForcedUsername
setForcedUsername($forcedUsername)
Set forced username.
Definition: UserPassBase.php:117
sspmod_core_Auth_UserPassBase\getLoginLinks
getLoginLinks()
Return login links from configuration.
Definition: UserPassBase.php:125
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$config
$config
Definition: bootstrap.php:15
SimpleSAML_Auth_Source
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
sspmod_core_Auth_UserPassBase
Definition: UserPassBase.php:12
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
sspmod_core_Auth_UserPassBase\$rememberMeEnabled
$rememberMeEnabled
Definition: UserPassBase.php:65
sspmod_core_Auth_UserPassBase\getRememberUsernameChecked
getRememberUsernameChecked()
Getter for the authsource config option remember.username.checked.
Definition: UserPassBase.php:141
sspmod_core_Auth_UserPassBase\$rememberUsernameEnabled
$rememberUsernameEnabled
Definition: UserPassBase.php:47
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
sspmod_core_Auth_UserPassBase\isRememberMeChecked
isRememberMeChecked()
Check if the "remember me" checkbox should be checked.
Definition: UserPassBase.php:157
sspmod_core_Auth_UserPassBase\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: UserPassBase.php:24
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\stats
static stats($string)
Definition: Logger.php:222
sspmod_core_Auth_UserPassBase\$loginLinks
$loginLinks
Links to pages from login page.
Definition: UserPassBase.php:39
sspmod_core_Auth_UserPassBase\login
login($username, $password)
Attempt to log in using the given username and password.
sspmod_core_Auth_UserPassBase\STAGEID
const STAGEID
The string used to identify our states.
Definition: UserPassBase.php:18
sspmod_core_Auth_UserPassBase\$forcedUsername
$forcedUsername
Username we should force.
Definition: UserPassBase.php:33
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
sspmod_core_Auth_UserPassBase\authenticate
authenticate(&$state)
Initialize login.
Definition: UserPassBase.php:169
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
sspmod_core_Auth_UserPassBase\$rememberUsernameChecked
$rememberUsernameChecked
Definition: UserPassBase.php:55
sspmod_core_Auth_UserPassBase\__construct
__construct($info, &$config)
Constructor for this authentication source.
Definition: UserPassBase.php:84
sspmod_core_Auth_UserPassBase\$rememberMeChecked
$rememberMeChecked
Definition: UserPassBase.php:73
$password
$password
Definition: cron.php:14
sspmod_core_Auth_UserPassBase\isRememberMeEnabled
isRememberMeEnabled()
Check if the "remember me" feature is enabled.
Definition: UserPassBase.php:149
$url
$url
Definition: proxy_ylocal.php:28
sspmod_core_Auth_UserPassBase\getRememberUsernameEnabled
getRememberUsernameEnabled()
Getter for the authsource config option remember.username.enabled.
Definition: UserPassBase.php:133
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
$info
$info
Definition: index.php:5
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325