ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilOpenIdConnectUserSync Class Reference

Class ilOpenIdConnectSettingsGUI. More...

+ Collaboration diagram for ilOpenIdConnectUserSync:

Public Member Functions

 __construct (\ilOpenIdConnectSettings $settings, $user_info)
 ilOpenIdConnectUserSync constructor. More...
 
 setExternalAccount (string $ext_account)
 
 setInternalAccount (string $int_account)
 
 getUserId ()
 
 needsCreation ()
 
 updateUser ()
 

Data Fields

const AUTH_MODE = 'oidc'
 

Protected Member Functions

 transformToXml ()
 transform user data to xml More...
 
 parseRoleAssignments ()
 Parse role assignments. More...
 
 valueFrom (string $connect_name)
 

Protected Attributes

 $settings
 
 $logger
 

Private Attributes

 $writer
 
 $user_info = []
 
 $ext_account = ''
 
 $int_account = ''
 
 $usr_id = 0
 

Detailed Description

Class ilOpenIdConnectSettingsGUI.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 10 of file class.ilOpenIdConnectUserSync.php.

Constructor & Destructor Documentation

◆ __construct()

ilOpenIdConnectUserSync::__construct ( \ilOpenIdConnectSettings  $settings,
  $user_info 
)

ilOpenIdConnectUserSync constructor.

Parameters
ilOpenIdConnectSettings$settings

Definition at line 54 of file class.ilOpenIdConnectUserSync.php.

References $DIC, $settings, $user_info, and settings().

55  {
56  global $DIC;
57 
58  $this->settings = $settings;
59  $this->logger = $DIC->logger()->auth();
60 
61  $this->writer = new ilXmlWriter();
62 
63  $this->user_info = $user_info;
64  }
settings
settings()
Definition: settings.php:2
$DIC
global $DIC
Definition: saml.php:7
ilXmlWriter
XML writer class.
Definition: class.ilXmlWriter.php:17
+ Here is the call graph for this function:

Member Function Documentation

◆ getUserId()

ilOpenIdConnectUserSync::getUserId ( )
Returns
int

Definition at line 86 of file class.ilOpenIdConnectUserSync.php.

References $usr_id.

Referenced by transformToXml().

86  : int
87  {
88  return $this->usr_id;
89  }
+ Here is the caller graph for this function:

◆ needsCreation()

ilOpenIdConnectUserSync::needsCreation ( )
Returns
bool

Definition at line 94 of file class.ilOpenIdConnectUserSync.php.

References ilLogLevel\DEBUG.

Referenced by parseRoleAssignments(), transformToXml(), and updateUser().

94  : bool
95  {
96  $this->logger->dump($this->int_account, \ilLogLevel::DEBUG);
97  return strlen($this->int_account) == 0;
98  }
+ Here is the caller graph for this function:

◆ parseRoleAssignments()

ilOpenIdConnectUserSync::parseRoleAssignments ( )
protected

Parse role assignments.

Returns
array array of role assignments

Definition at line 211 of file class.ilOpenIdConnectUserSync.php.

References ilLogLevel\DEBUG, needsCreation(), and settings().

Referenced by transformToXml(), and updateUser().

211  : array
212  {
213  $this->logger->debug('Parsing role assignments');
214 
215  $found_role = false;
216 
217  $roles_assignable[$this->settings->getRole()] = $this->settings->getRole();
218 
219 
220  $this->logger->dump($this->settings->getRoleMappings(), \ilLogLevel::DEBUG);
221 
222  foreach ($this->settings->getRoleMappings() as $role_id => $role_info) {
223  $this->logger->dump($role_id);
224  $this->logger->dump($role_info);
225 
226  list($role_attribute, $role_value) = explode('::', $role_info['value']);
227 
228  if (
229  !$role_attribute ||
230  !$role_value
231  ) {
232  $this->logger->debug('No valid role mapping configuration for: ' . $role_id);
233  continue;
234  }
235 
236  if (!isset($this->user_info->$role_attribute)) {
237  $this->logger->debug('No user info passed');
238  continue;
239  }
240 
241  if (
242  !$this->needsCreation() &&
243  !$role_info['update']
244  ) {
245  $this->logger->debug('No user role update for role: ' . $role_id);
246  continue;
247  }
248 
249  if (is_array($this->user_info->$role_attribute)) {
250  if (!in_array($role_value, $this->user_info->$role_attribute)) {
251  $this->logger->debug('User account has no ' . $role_value);
252  continue;
253  }
254  } elseif (strcmp($this->user_info->$role_attribute, $role_value) !== 0) {
255  $this->logger->debug('User account has no ' . $role_value);
256  continue;
257  }
258  $this->logger->debug('Matching role mapping for role_id: ' . $role_id);
259 
260  $found_role = true;
261  $roles_assignable[$role_id] = $role_id;
262  $long_role_id = ('il_' . IL_INST_ID . '_role_' . $role_id);
263 
264  $this->writer->xmlElement(
265  'Role',
266  [
267  'Id' => $long_role_id,
268  'Type' => 'Global',
269  'Action' => 'Assign'
270  ],
271  null
272  );
273  }
274 
275  if ($this->needsCreation() && !$found_role) {
276  $long_role_id = ('il_' . IL_INST_ID . '_role_' . $this->settings->getRole());
277 
278  // add default role
279  $this->writer->xmlElement(
280  'Role',
281  [
282  'Id' => $long_role_id,
283  'Type' => 'Global',
284  'Action' => 'Assign'
285  ],
286  null
287  );
288  }
289  return $roles_assignable;
290  }
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setExternalAccount()

ilOpenIdConnectUserSync::setExternalAccount ( string  $ext_account)
Parameters
string$ext_account

Definition at line 69 of file class.ilOpenIdConnectUserSync.php.

References $ext_account.

70  {
71  $this->ext_account = $ext_account;
72  }

◆ setInternalAccount()

ilOpenIdConnectUserSync::setInternalAccount ( string  $int_account)
Parameters
string$int_account

Definition at line 77 of file class.ilOpenIdConnectUserSync.php.

References $int_account, and ilObjUser\_lookupId().

Referenced by updateUser().

78  {
79  $this->int_account = $int_account;
80  $this->usr_id = ilObjUser::_lookupId($this->int_account);
81  }
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ transformToXml()

ilOpenIdConnectUserSync::transformToXml ( )
protected

transform user data to xml

Definition at line 135 of file class.ilOpenIdConnectUserSync.php.

References ilAuthUtils\_generateLogin(), getUserId(), needsCreation(), parseRoleAssignments(), settings(), and valueFrom().

Referenced by updateUser().

136  {
137  $this->writer->xmlStartTag('Users');
138 
139  if ($this->needsCreation()) {
140  $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
141  $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($this->ext_account));
142  } else {
143  $this->writer->xmlStartTag(
144  'User',
145  [
146  'Id' => $this->getUserId(),
147  'Action' => 'Update'
148  ]
149  );
150  $this->writer->xmlElement('Login', [], $this->int_account);
151  }
152 
153  $this->writer->xmlElement('ExternalAccount', array(), $this->ext_account);
154  $this->writer->xmlElement('AuthMode', array('type' => self::AUTH_MODE), null);
155 
156  $this->parseRoleAssignments();
157 
158  if ($this->needsCreation()) {
159  $this->writer->xmlElement('Active', array(), "true");
160  $this->writer->xmlElement('TimeLimitOwner', array(), 7);
161  $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
162  $this->writer->xmlElement('TimeLimitFrom', array(), time());
163  $this->writer->xmlElement('TimeLimitUntil', array(), time());
164  }
165 
166  foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
167  $connect_name = $this->settings->getProfileMappingFieldValue($field);
168  if (!$connect_name) {
169  $this->logger->debug('Ignoring unconfigured field: ' . $field);
170  continue;
171  }
172  if (!$this->needsCreation() && !$this->settings->getProfileMappingFieldUpdate($field)) {
173  $this->logger->debug('Ignoring ' . $field . ' for update.');
174  continue;
175  }
176 
177  $value = $this->valueFrom($connect_name);
178  if (!strlen($value)) {
179  $this->logger->debug('Cannot find user data in ' . $connect_name);
180  continue;
181  }
182 
183  switch ($field) {
184  case 'firstname':
185  $this->writer->xmlElement('Firstname', [], $value);
186  break;
187 
188  case 'lastname':
189  $this->writer->xmlElement('Lastname', [], $value);
190  break;
191 
192  case 'email':
193  $this->writer->xmlElement('Email', [], $value);
194  break;
195 
196  case 'birthday':
197  $this->writer->xmlElement('Birthday', [], $value);
198  break;
199  }
200  }
201  $this->writer->xmlEndTag('User');
202  $this->writer->xmlEndTag('Users');
203 
204  $this->logger->debug($this->writer->xmlDumpMem());
205  }
settings
settings()
Definition: settings.php:2
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:438
ilOpenIdConnectUserSync\parseRoleAssignments
parseRoleAssignments()
Parse role assignments.
Definition: class.ilOpenIdConnectUserSync.php:211
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateUser()

ilOpenIdConnectUserSync::updateUser ( )
Returns
bool
Exceptions
ilOpenIdConnectSyncForbiddenException

Definition at line 104 of file class.ilOpenIdConnectUserSync.php.

References Sabre\VObject\$debug, $int_account, ilObjUser\_checkExternalAuthAccount(), needsCreation(), parseRoleAssignments(), setInternalAccount(), settings(), transformToXml(), and USER_FOLDER_ID.

105  {
106  if ($this->needsCreation() && !$this->settings->isSyncAllowed()) {
107  throw new ilOpenIdConnectSyncForbiddenException('No internal account given.');
108  }
109 
110  $this->transformToXml();
111 
112  $importParser = new ilUserImportParser();
113  $importParser->setXMLContent($this->writer->xmlDumpMem(false));
114 
115  $roles = $this->parseRoleAssignments();
116  $importParser->setRoleAssignment($roles);
117 
118  $importParser->setFolderId(USER_FOLDER_ID);
119  $importParser->startParsing();
120  $debug = $importParser->getProtocol();
121 
122 
123  // lookup internal account
124  $int_account = ilObjUser::_checkExternalAuthAccount(
125  self::AUTH_MODE,
126  $this->ext_account
127  );
128  $this->setInternalAccount($int_account);
129  return true;
130  }
settings
settings()
Definition: settings.php:2
ilOpenIdConnectUserSync\parseRoleAssignments
parseRoleAssignments()
Parse role assignments.
Definition: class.ilOpenIdConnectUserSync.php:211
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909
ilOpenIdConnectUserSync\transformToXml
transformToXml()
transform user data to xml
Definition: class.ilOpenIdConnectUserSync.php:135
USER_FOLDER_ID
const USER_FOLDER_ID
Class ilObjUserFolder.
Definition: class.ilObjUserFolder.php:16
+ Here is the call graph for this function:

◆ valueFrom()

ilOpenIdConnectUserSync::valueFrom ( string  $connect_name)
protected
Parameters
string$connect_name

Definition at line 296 of file class.ilOpenIdConnectUserSync.php.

Referenced by transformToXml().

296  : string
297  {
298  if (!$connect_name) {
299  return '';
300  }
301  if (!property_exists($this->user_info, $connect_name)) {
302  $this->logger->debug('Cannot find property ' . $connect_name . ' in user info ');
303  return '';
304  }
305  $val = $this->user_info->$connect_name;
306  return $val;
307  }
+ Here is the caller graph for this function:

Field Documentation

◆ $ext_account

ilOpenIdConnectUserSync::$ext_account = ''
private

Definition at line 36 of file class.ilOpenIdConnectUserSync.php.

Referenced by setExternalAccount().

◆ $int_account

ilOpenIdConnectUserSync::$int_account = ''
private

Definition at line 42 of file class.ilOpenIdConnectUserSync.php.

Referenced by setInternalAccount(), and updateUser().

◆ $logger

ilOpenIdConnectUserSync::$logger
protected

Definition at line 22 of file class.ilOpenIdConnectUserSync.php.

◆ $settings

ilOpenIdConnectUserSync::$settings
protected

Definition at line 17 of file class.ilOpenIdConnectUserSync.php.

Referenced by __construct().

◆ $user_info

ilOpenIdConnectUserSync::$user_info = []
private

Definition at line 31 of file class.ilOpenIdConnectUserSync.php.

Referenced by __construct().

◆ $usr_id

ilOpenIdConnectUserSync::$usr_id = 0
private

Definition at line 47 of file class.ilOpenIdConnectUserSync.php.

Referenced by getUserId().

◆ $writer

ilOpenIdConnectUserSync::$writer
private

Definition at line 27 of file class.ilOpenIdConnectUserSync.php.

◆ AUTH_MODE

const ilOpenIdConnectUserSync::AUTH_MODE = 'oidc'

Definition at line 12 of file class.ilOpenIdConnectUserSync.php.

Referenced by ilAuthProviderOpenIdConnect\handleUpdate().

The documentation for this class was generated from the following file: