ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilCASAuth.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24
25include_once("Auth/Auth.php");
26
37class ilCASAuth extends Auth
38{
43 public function __construct($a_params)
44 {
45 if ($a_params["sessionName"] != "") {
46 parent::__construct("", array("sessionName" => $a_params["sessionName"]));
47 } else {
48 parent::__construct("");
49 }
50
51 include_once("./Services/CAS/lib/CAS.php");
52 $this->server_version = CAS_VERSION_2_0;
53 $this->server_hostname = $a_params["server_hostname"];
54 $this->server_port = (int) $a_params["server_port"];
55 $this->server_uri = $a_params["server_uri"];
56
57 //phpCAS::setDebug();
58 //echo "-".$_GET['ticket']."-"; exit;
59 phpCAS::client(
60 $this->server_version,
61 $this->server_hostname,
62 $this->server_port,
63 (string) $this->server_uri
64 );
65 }
66
73 public function checkCASAuth()
74 {
75 global $PHPCAS_CLIENT;
76
77 return $PHPCAS_CLIENT->isAuthenticated();
78 }
79
80 public function forceCASAuth()
81 {
82 phpCAS::forceAuthentication();
83 }
84
85 public function getCASUser()
86 {
87 return phpCAS::getUser();
88 }
89
95 /*
96 function getAuth()
97 {
98 $session = &$this->_importGlobalVariable('session');
99 if (!empty($session) &&
100 (isset($session[$this->_sessionName]['registered']) &&
101 $session[$this->_sessionName]['registered'] === true))
102 {
103 return true;
104 } else {
105 return false;
106 }
107 }
108 */
109
118 /*
119 function setIdle($time, $add = false)
120 {
121 $add ? $this->idle += $time : $this->idle = $time;
122 }
123 */
124
133 /*
134 function setExpire($time, $add = false)
135 {
136 $add ? $this->expire += $time : $this->expire = $time;
137 }
138 */
139
146 /*
147 function checkAuth()
148 {
149 $session = &$this->_importGlobalVariable('session');
150
151 if (isset($session[$this->_sessionName])) {
152 // Check if authentication session is expired
153 if ($this->expire > 0 &&
154 isset($session[$this->_sessionName]['timestamp']) &&
155 ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
156
157 $this->logout();
158 $this->expired = true;
159 $this->status = AUTH_EXPIRED;
160
161 return false;
162 }
163
164 // Check if maximum idle time is reached
165 if ($this->idle > 0 &&
166 isset($session[$this->_sessionName]['idle']) &&
167 ($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
168
169 $this->logout();
170 $this->idled = true;
171 $this->status = AUTH_IDLED;
172
173 return false;
174 }
175
176 if (isset($session[$this->_sessionName]['registered']) &&
177 isset($session[$this->_sessionName]['username']) &&
178 $session[$this->_sessionName]['registered'] == true &&
179 $session[$this->_sessionName]['username'] != '') {
180
181 Auth::updateIdle();
182
183 return true;
184 }
185 }
186
187 return false;
188 }
189 */
190
197 /*
198 function start()
199 {
200 @session_start();
201
202 if (!$this->checkAuth()) {
203 $this->login();
204 }
205 }
206 */
207
214 public function login()
215 {
216 global $ilias, $rbacadmin, $ilSetting;
217
218 if (phpCAS::getUser() != "") {
219 $username = phpCAS::getUser();
220
221 // Authorize this user
222 include_once('./Services/User/classes/class.ilObjUser.php');
223 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
224
225 if ($local_user != "") {
226 $this->setAuth($local_user);
227 } else {
228 if (!$ilSetting->get("cas_create_users")) {
229 $this->status = AUTH_CAS_NO_ILIAS_USER;
230 $this->logout();
231 return;
232 }
233
234 $userObj = new ilObjUser();
235
236 $local_user = ilAuthUtils::_generateLogin($username);
237
238 $newUser["firstname"] = $local_user;
239 $newUser["lastname"] = "";
240
241 $newUser["login"] = $local_user;
242
243 // set "plain md5" password (= no valid password)
244 $newUser["passwd"] = "";
245 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
246
247 //$newUser["gender"] = "m";
248 $newUser["auth_mode"] = "cas";
249 $newUser["ext_account"] = $username;
250 $newUser["profile_incomplete"] = 1;
251
252 // system data
253 $userObj->assignData($newUser);
254 $userObj->setTitle($userObj->getFullname());
255 $userObj->setDescription($userObj->getEmail());
256
257 // set user language to system language
258 $userObj->setLanguage($ilSetting->get("language"));
259
260 // Time limit
261 $userObj->setTimeLimitOwner(7);
262 $userObj->setTimeLimitUnlimited(1);
263 $userObj->setTimeLimitFrom(time());
264 $userObj->setTimeLimitUntil(time());
265
266 // Create user in DB
267 $userObj->setOwner(0);
268 $userObj->create();
269 $userObj->setActive(1);
270
271 $userObj->updateOwner();
272
273 //insert user data in table user_data
274 $userObj->saveAsNew();
275
276 // setup user preferences
277 $userObj->writePrefs();
278
279 // to do: test this
280 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
281
282 unset($userObj);
283
284 $this->setAuth($local_user);
285 }
286 } else {
287 // This should never occur unless CAS is not configured properly
288 $this->status = AUTH_WRONG_LOGIN;
289 }
290 }
291
300 /*
301 function setAuth($username)
302 {
303 $session = &Auth::_importGlobalVariable('session');
304
305 if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
306 session_register($this->_sessionName);
307 }
308
309 if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
310 $session[$this->_sessionName] = array();
311 }
312
313 if(!isset($session[$this->_sessionName]['data'])){
314 $session[$this->_sessionName]['data'] = array();
315 }
316 $session[$this->_sessionName]['registered'] = true;
317 $session[$this->_sessionName]['username'] = $username;
318 $session[$this->_sessionName]['timestamp'] = time();
319 $session[$this->_sessionName]['idle'] = time();
320 }
321 */
322
334 public function logout()
335 {
336 parent::logout();
337 //PHPCAS::logout(); // CAS logout should be provided separately
338 // maybe on ILISA login screen
339 }
340
347/*
348 function getUsername()
349 {
350 $session = &$this->_importGlobalVariable('session');
351 if (!isset($session[$this->_sessionName]['username'])) {
352 return '';
353 }
354 return $session[$this->_sessionName]['username'];
355 }
356*/
357
364/*
365 function getStatus()
366 {
367
368 return $status;
369 }
370*/
371
379/*
380 function &_importGlobalVariable($variable)
381 {
382 $var = null;
383
384 switch (strtolower($variable)) {
385
386 case 'server' :
387 if (isset($_SERVER)) {
388 $var = &$_SERVER;
389 } else {
390 $var = &$GLOBALS['HTTP_SERVER_VARS'];
391 }
392 break;
393
394 case 'session' :
395 if (isset($_SESSION)) {
396 $var = &$_SESSION;
397 } else {
398 $var = &$GLOBALS['HTTP_SESSION_VARS'];
399 }
400 break;
401
402 case 'post' :
403 if (isset($_POST)) {
404 $var = &$_POST;
405 } else {
406 $var = &$GLOBALS['HTTP_POST_VARS'];
407 }
408 break;
409
410 case 'cookie' :
411 if (isset($_COOKIE)) {
412 $var = &$_COOKIE;
413 } else {
414 $var = &$GLOBALS['HTTP_COOKIE_VARS'];
415 }
416 break;
417
418 case 'get' :
419 if (isset($_GET)) {
420 $var = &$_GET;
421 } else {
422 $var = &$GLOBALS['HTTP_GET_VARS'];
423 }
424 break;
425
426 default:
427 break;
428
429 }
430
431 return $var;
432 }
433*/
434} // END class.ilCASAuth
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:47
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:438
ilCASAuth
Class CASAuth.
Definition: class.ilCASAuth.php:38
ilCASAuth\__construct
__construct($a_params)
Constructor @access public.
Definition: class.ilCASAuth.php:43
ilCASAuth\checkCASAuth
checkCASAuth()
check cas autehntication
Definition: class.ilCASAuth.php:73
ilCASAuth\logout
logout()
Register variable in a session telling that the user has logged in successfully.
Definition: class.ilCASAuth.php:334
ilCASAuth\login
login()
Checks if the current user is authenticated yet @access public.
Definition: class.ilCASAuth.php:214
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909
phpCAS\getUser
static getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1199
phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1118
phpCAS\client
static client( $server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:345
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
$ilSetting
global $ilSetting
Definition: privfeed.php:17