ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthProviderECS.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6 include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7 
14 class ilAuthProviderECS extends ilAuthProvider implements ilAuthProviderInterface
15 {
16  protected $mid = null;
17  protected $abreviation = null;
18 
19  protected $currentServer = null;
20  protected $servers = null;
21 
22 
27  public function __construct(\ilAuthCredentials $credentials)
28  {
29  parent::__construct($credentials);
30 
31  $this->initECSServices();
32  }
33 
41  public function getAbreviation()
42  {
43  return $this->abreviation;
44  }
45 
51  public function getMID()
52  {
53  return $this->mid;
54  }
55 
56  public function setMID($a_mid)
57  {
58  $this->mid = $a_mid;
59  }
60 
65  public function setCurrentServer(ilECSSetting $server = null)
66  {
67  $this->currentServer = $server;
68  }
69 
74  public function getCurrentServer()
75  {
76  return $this->currentServer;
77  }
78 
83  public function getServerSettings()
84  {
85  return $this->servers;
86  }
87 
88 
94  public function doAuthentication(\ilAuthStatus $status)
95  {
96  $this->getLogger()->debug('Starting ECS authentication');
97  if (!$this->getServerSettings()->activeServerExists()) {
98  $this->getLogger()->warning('No active ecs server found. Aborting');
99  $this->handleAuthenticationFail($status, 'err_wrong_login');
100  return false;
101  }
102 
103  // Iterate through all active ecs instances
104  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
105  foreach ($this->getServerSettings()->getServers() as $server) {
106  $this->setCurrentServer($server);
107  if ($this->validateHash()) {
108  // handle successful authentication
109  $new_usr_id = $this->handleLogin();
110  $this->getLogger()->info('ECS authentication successful.');
111  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
112  $status->setAuthenticatedUserId($new_usr_id);
113  return true;
114  }
115  }
116 
117  $this->getLogger()->warning('Could not validate ecs hash for any active server.');
118  $this->handleAuthenticationFail($status, 'err_wrong_login');
119  return false;
120  }
121 
122 
128  public function handleLogin()
129  {
130  include_once('./Services/WebServices/ECS/classes/class.ilECSUser.php');
131 
132  $user = new ilECSUser($_GET);
133 
134  if (!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId())) {
135  $username = $this->createUser($user);
136  } else {
137  $username = $this->updateUser($user, $usr_id);
138  }
139 
140  // set user imported
141  include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
142  $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
143  $import->save();
144 
145  // Store remote user data
146  include_once './Services/WebServices/ECS/classes/class.ilECSRemoteUser.php';
147  $remote = new ilECSRemoteUser();
148  $remote->setServerId($this->getCurrentServer()->getServerId());
149  $remote->setMid($this->getMID());
150  $remote->setRemoteUserId($user->getImportId());
151  $remote->setUserId(ilObjUser::_lookupId($username));
152 
153  $this->getLogger()->info('Current user is: ' . $username);
154 
155  if (!$remote->exists()) {
156  $remote->create();
157  }
158  return ilObjUser::_lookupId($username);
159  }
160 
161 
170  public function validateHash()
171  {
172  global $DIC;
173 
174  $ilLog = $DIC['ilLog'];
175 
176  // fetch hash
177  if (isset($_GET['ecs_hash']) and strlen($_GET['ecs_hash'])) {
178  $hash = $_GET['ecs_hash'];
179  }
180  if (isset($_GET['ecs_hash_url'])) {
181  $hashurl = urldecode($_GET['ecs_hash_url']);
182  $hash = basename(parse_url($hashurl, PHP_URL_PATH));
183  //$hash = urldecode($_GET['ecs_hash_url']);
184  }
185 
186  $this->getLogger()->info('Using ecs hash: ' . $hash);
187  // Check if hash is valid ...
188  try {
189  include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
190  $connector = new ilECSConnector($this->getCurrentServer());
191  $res = $connector->getAuth($hash);
192  $auths = $res->getResult();
193 
194  $this->getLogger()->dump($auths, ilLogLevel::DEBUG);
195 
196  if ($auths->pid) {
197  try {
198  include_once './Services/WebServices/ECS/classes/class.ilECSCommunityReader.php';
199  $reader = ilECSCommunityReader::getInstanceByServerId($this->getCurrentServer()->getServerId());
200  foreach ($reader->getParticipantsByPid($auths->pid) as $participant) {
201  if ($participant->getOrganisation() instanceof \ilECSOrganisation) {
202  $this->abreviation = $participant->getOrganisation()->getAbbreviation();
203  break;
204  }
205  }
206  if (!$this->abreviation) {
207  $this->abreviation = $auths->abbr;
208  }
209  } catch (Exception $e) {
210  $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
211  return false;
212  }
213  } else {
214  $this->abreviation = $auths->abbr;
215  }
216 
217  $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
218  } catch (ilECSConnectorException $e) {
219  $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
220  return false;
221  }
222 
223  // read current mid
224  try {
225  include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
226  $connector = new ilECSConnector($this->getCurrentServer());
227  $details = $connector->getAuth($hash, true);
228 
229  $this->getLogger()->dump($details, ilLogLevel::DEBUG);
230  $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
231 
232  $this->setMID($details->getFirstSender());
233  } catch (ilECSConnectorException $e) {
234  $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
235  return false;
236  }
237  return true;
238  }
239 
240 
247  private function initECSServices()
248  {
249  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
250  $this->servers = ilECSServerSettings::getInstance();
251  }
252 
258  protected function createUser(ilECSUser $user)
259  {
260  global $DIC;
261 
262  $ilClientIniFile = $DIC['ilClientIniFile'];
263  $ilSetting = $DIC['ilSetting'];
264  $rbacadmin = $DIC['rbacadmin'];
265  $ilLog = $DIC['ilLog'];
266 
267  $userObj = new ilObjUser();
268  $userObj->setOwner(SYSTEM_USER_ID);
269 
270  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
271  $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
272 
273  $newUser["login"] = $local_user;
274  $newUser["firstname"] = $user->getFirstname();
275  $newUser["lastname"] = $user->getLastname();
276  $newUser['email'] = $user->getEmail();
277  $newUser['institution'] = $user->getInstitution();
278 
279  // set "plain md5" password (= no valid password)
280  $newUser["passwd"] = "";
281  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
282 
283  $newUser["auth_mode"] = "ecs";
284  $newUser["profile_incomplete"] = 0;
285 
286  // system data
287  $userObj->assignData($newUser);
288  $userObj->setTitle($userObj->getFullname());
289  $userObj->setDescription($userObj->getEmail());
290 
291  // set user language to system language
292  $userObj->setLanguage($ilSetting->get("language"));
293 
294  // Time limit
295  $userObj->setTimeLimitOwner(7);
296  $userObj->setTimeLimitUnlimited(0);
297  $userObj->setTimeLimitFrom(time() - 5);
298  $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
299 
300  #$now = new ilDateTime(time(), IL_CAL_UNIX);
301  #$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
302 
303  // Create user in DB
304  $userObj->setOwner(6);
305  $userObj->create();
306  $userObj->setActive(1);
307  $userObj->updateOwner();
308  $userObj->saveAsNew();
309  $userObj->writePrefs();
310 
311  if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
312  $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
313  }
314  ilObject::_writeImportId($userObj->getId(), $user->getImportId());
315 
316  $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
317 
318  // Send Mail
319  #$this->sendNotification($userObj);
320  $this->resetMailOptions($userObj->getId());
321 
322  return $userObj->getLogin();
323  }
324 
330  protected function updateUser(ilECSUser $user, $a_local_user_id)
331  {
332  global $DIC;
333 
334  $ilClientIniFile = $DIC['ilClientIniFile'];
335  $ilLog = $DIC['ilLog'];
336  $rbacadmin = $DIC['rbacadmin'];
337 
338  $user_obj = new ilObjUser($a_local_user_id);
339  $user_obj->setFirstname($user->getFirstname());
340  $user_obj->setLastname($user->getLastname());
341  $user_obj->setEmail($user->getEmail());
342  $user_obj->setInstitution($user->getInstitution());
343  $user_obj->setActive(true);
344 
345  $until = $user_obj->getTimeLimitUntil();
346 
347  if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
348  $user_obj->setTimeLimitFrom(time() - 60);
349  $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
350  }
351  $user_obj->update();
352  $user_obj->refreshLogin();
353 
354  if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
355  $rbacadmin->assignUser(
356  $this->getCurrentServer()->getGlobalRole(),
357  $user_obj->getId(),
358  true
359  );
360  }
361 
362  $this->resetMailOptions($a_local_user_id);
363 
364  $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
365  return $user_obj->getLogin();
366  }
367 
372  protected function resetMailOptions($a_usr_id)
373  {
374  include_once './Services/Mail/classes/class.ilMailOptions.php';
375  $options = new ilMailOptions($a_usr_id);
376  $options->setIncomingType(ilMailOptions::INCOMING_LOCAL);
377  $options->updateOptions();
378  }
379 }
ilAuthProviderECS\resetMailOptions
resetMailOptions($a_usr_id)
Reset mail options to "local only".
Definition: class.ilAuthProviderECS.php:372
ilAuthProviderECS\handleLogin
handleLogin()
Called from base class after successful login.
Definition: class.ilAuthProviderECS.php:128
ilMailOptions
Class ilMailOptions this class handles user mails.
Definition: class.ilMailOptions.php:10
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
ilECSUser\getFirstname
getFirstname()
get firstname
Definition: class.ilECSUser.php:81
ilAuthProviderECS\getServerSettings
getServerSettings()
Get server settings.
Definition: class.ilAuthProviderECS.php:83
$DIC
global $DIC
Definition: saml.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthProviderECS\getCurrentServer
getCurrentServer()
Get current server.
Definition: class.ilAuthProviderECS.php:74
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:438
ilECSRemoteUser
Storage of ecs remote user.
Definition: class.ilECSRemoteUser.php:8
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
$server
$server
Definition: sabredav.php:48
ilAuthProviderECS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Tra ecs authentication.
Definition: class.ilAuthProviderECS.php:94
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthProviderECS\createUser
createUser(ilECSUser $user)
create new user
Definition: class.ilAuthProviderECS.php:258
ilECSCommunityReader\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilECSCommunityReader.php:97
ilAuthProviderECS\getAbreviation
getAbreviation()
get abbreviation
Definition: class.ilAuthProviderECS.php:41
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilAuthProviderECS
Auth prvider for ecs auth.
Definition: class.ilAuthProviderECS.php:14
ilAuthProviderECS\__construct
__construct(\ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderECS.php:27
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilECSUser\getLastname
getLastname()
getLastname
Definition: class.ilECSUser.php:91
ilECSImport
Storage of ECS imported objects.
Definition: class.ilECSImport.php:14
ilAuthProviderECS\initECSServices
initECSServices()
Init ECS Services private.
Definition: class.ilAuthProviderECS.php:247
ilAuthProviderECS\setCurrentServer
setCurrentServer(ilECSSetting $server=null)
Set current server.
Definition: class.ilAuthProviderECS.php:65
$user
$user
Definition: migrateto20.php:57
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProviderECS\updateUser
updateUser(ilECSUser $user, $a_local_user_id)
update existing user
Definition: class.ilAuthProviderECS.php:330
ilECSUser\getEmail
getEmail()
get email
Definition: class.ilECSUser.php:101
ilECSUser\getLogin
getLogin()
get login
Definition: class.ilECSUser.php:70
ilECSUser\getImportId
getImportId()
get Email
Definition: class.ilECSUser.php:122
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilObject\_writeImportId
static _writeImportId($a_obj_id, $a_import_id)
write import id to db (static)
Definition: class.ilObject.php:1255
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilECSUser\getInstitution
getInstitution()
get institution
Definition: class.ilECSUser.php:111
ilAuthProviderECS\validateHash
validateHash()
Validate ECS hash.
Definition: class.ilAuthProviderECS.php:170
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11
ilECSUser
Stores relevant user data.
Definition: class.ilECSUser.php:35
ilObject\_lookupObjIdByImportId
static _lookupObjIdByImportId($a_import_id)
Definition: class.ilObject.php:486