ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
sspmod_core_Auth_UserPassBase Class Reference
+ Inheritance diagram for sspmod_core_Auth_UserPassBase:
+ Collaboration diagram for sspmod_core_Auth_UserPassBase:

Public Member Functions

 __construct ($info, &$config)
 Constructor for this authentication source. More...
 
 setForcedUsername ($forcedUsername)
 Set forced username. More...
 
 getLoginLinks ()
 Return login links from configuration. More...
 
 getRememberUsernameEnabled ()
 Getter for the authsource config option remember.username.enabled. More...
 
 getRememberUsernameChecked ()
 Getter for the authsource config option remember.username.checked. More...
 
 isRememberMeEnabled ()
 Check if the "remember me" feature is enabled. More...
 
 isRememberMeChecked ()
 Check if the "remember me" checkbox should be checked. More...
 
 authenticate (&$state)
 Initialize login. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Static Public Member Functions

static handleLogin ($authStateId, $username, $password)
 Handle login request. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 

Data Fields

const STAGEID = 'sspmod_core_Auth_UserPassBase.state'
 The string used to identify our states. More...
 
const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId'
 The key of the AuthId field in the state. More...
 

Protected Member Functions

 login ($username, $password)
 Attempt to log in using the given username and password. More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Protected Attributes

 $loginLinks
 Links to pages from login page. More...
 
 $rememberUsernameEnabled = FALSE
 
 $rememberUsernameChecked = FALSE
 
 $rememberMeEnabled = FALSE
 
 $rememberMeChecked = FALSE
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Private Attributes

 $forcedUsername
 Username we should force. More...
 

Additional Inherited Members

- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 

Detailed Description

Definition at line 12 of file UserPassBase.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_Auth_UserPassBase::__construct (   $info,
$config 
)

Constructor for this authentication source.

All subclasses who implement their own constructor must call this constructor before using $config for anything.

Parameters
array$infoInformation about this authentication source.
array&$configConfiguration for this authentication source.

Definition at line 84 of file UserPassBase.php.

References $config, $info, and SimpleSAML_Configuration\getInstance().

84  {
85  assert(is_array($info));
86  assert(is_array($config));
87 
88  if (isset($config['core:loginpage_links'])) {
89  $this->loginLinks = $config['core:loginpage_links'];
90  }
91 
92  // Call the parent constructor first, as required by the interface
93  parent::__construct($info, $config);
94 
95  // Get the remember username config options
96  if (isset($config['remember.username.enabled'])) {
97  $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
98  unset($config['remember.username.enabled']);
99  }
100  if (isset($config['remember.username.checked'])) {
101  $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
102  unset($config['remember.username.checked']);
103  }
104 
105  // get the "remember me" config options
106  $sspcnf = SimpleSAML_Configuration::getInstance();
107  $this->rememberMeEnabled = $sspcnf->getBoolean('session.rememberme.enable', FALSE);
108  $this->rememberMeChecked = $sspcnf->getBoolean('session.rememberme.checked', FALSE);
109  }
$config
$config
Definition: bootstrap.php:15
$info
$info
Definition: index.php:5
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

sspmod_core_Auth_UserPassBase::authenticate ( $state)

Initialize login.

This function saves the information about the login, and redirects to a login page.

Parameters
array&$stateInformation about the current authentication.

Definition at line 169 of file UserPassBase.php.

References $attributes, SimpleSAML_Auth_Source\$authId, $forcedUsername, $id, PHPMailer\PHPMailer\$params, $password, $state, $url, SimpleSAML\Module\getModuleURL(), login(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

169  {
170  assert(is_array($state));
171 
172  /*
173  * Save the identifier of this authentication source, so that we can
174  * retrieve it later. This allows us to call the login()-function on
175  * the current object.
176  */
177  $state[self::AUTHID] = $this->authId;
178 
179  // What username we should force, if any
180  if ($this->forcedUsername !== NULL) {
181  /*
182  * This is accessed by the login form, to determine if the user
183  * is allowed to change the username.
184  */
185  $state['forcedUsername'] = $this->forcedUsername;
186  }
187 
188  // ECP requests supply authentication credentials with the AUthnRequest
189  // so we validate them now rather than redirecting
190  if (isset($state['core:auth:username']) && isset($state['core:auth:password'])) {
191  $username = $state['core:auth:username'];
192  $password = $state['core:auth:password'];
193 
194  if (isset($state['forcedUsername'])) {
195  $username = $state['forcedUsername'];
196  }
197 
198  $attributes = $this->login($username, $password);
199  assert(is_array($attributes));
200  $state['Attributes'] = $attributes;
201 
202  return;
203  }
204 
205  /* Save the $state-array, so that we can restore it after a redirect. */
206  $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
207 
208  /*
209  * Redirect to the login form. We include the identifier of the saved
210  * state array as a parameter to the login form.
211  */
212  $url = SimpleSAML\Module::getModuleURL('core/loginuserpass.php');
213  $params = array('AuthState' => $id);
214  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
215 
216  /* The previous function never returns, so this code is never executed. */
217  assert(false);
218  }
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
sspmod_core_Auth_UserPassBase\login
login($username, $password)
Attempt to log in using the given username and password.
sspmod_core_Auth_UserPassBase\$forcedUsername
$forcedUsername
Username we should force.
Definition: UserPassBase.php:33
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$password
$password
Definition: cron.php:14
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ getLoginLinks()

sspmod_core_Auth_UserPassBase::getLoginLinks ( )

Return login links from configuration.

Definition at line 125 of file UserPassBase.php.

References $loginLinks.

125  {
126  return $this->loginLinks;
127  }
sspmod_core_Auth_UserPassBase\$loginLinks
$loginLinks
Links to pages from login page.
Definition: UserPassBase.php:39

◆ getRememberUsernameChecked()

sspmod_core_Auth_UserPassBase::getRememberUsernameChecked ( )

Getter for the authsource config option remember.username.checked.

Returns
bool

Definition at line 141 of file UserPassBase.php.

References $rememberUsernameChecked.

141  {
142  return $this->rememberUsernameChecked;
143  }
sspmod_core_Auth_UserPassBase\$rememberUsernameChecked
$rememberUsernameChecked
Definition: UserPassBase.php:55

◆ getRememberUsernameEnabled()

sspmod_core_Auth_UserPassBase::getRememberUsernameEnabled ( )

Getter for the authsource config option remember.username.enabled.

Returns
bool

Definition at line 133 of file UserPassBase.php.

References $rememberUsernameEnabled.

133  {
134  return $this->rememberUsernameEnabled;
135  }
sspmod_core_Auth_UserPassBase\$rememberUsernameEnabled
$rememberUsernameEnabled
Definition: UserPassBase.php:47

◆ handleLogin()

static sspmod_core_Auth_UserPassBase::handleLogin (   $authStateId,
  $username,
  $password 
)
static

Handle login request.

This function is used by the login form (core/www/loginuserpass.php) when the user enters a username and password. On success, it will not return. On wrong username/password failure, and other errors, it will throw an exception.

Parameters
string$authStateIdThe identifier of the authentication state.
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.

Definition at line 248 of file UserPassBase.php.

References $_SERVER, $attributes, $authStateId, $password, $source, $state, SimpleSAML_Auth_Source\getById(), SimpleSAML_Auth_State\loadState(), and SimpleSAML\Logger\stats().

248  {
249  assert(is_string($authStateId));
250  assert(is_string($username));
251  assert(is_string($password));
252 
253  /* Here we retrieve the state array we saved in the authenticate-function. */
254  $state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
255 
256  /* Retrieve the authentication source we are executing. */
257  assert(array_key_exists(self::AUTHID, $state));
258  $source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
259  if ($source === NULL) {
260  throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
261  }
262 
263  /*
264  * $source now contains the authentication source on which authenticate()
265  * was called. We should call login() on the same authentication source.
266  */
267 
268  /* Attempt to log in. */
269  try {
270  $attributes = $source->login($username, $password);
271  } catch (Exception $e) {
272  SimpleSAML\Logger::stats('Unsuccessful login attempt from '.$_SERVER['REMOTE_ADDR'].'.');
273  throw $e;
274  }
275 
276  SimpleSAML\Logger::stats('User \''.$username.'\' successfully authenticated from '.$_SERVER['REMOTE_ADDR']);
277 
278  /* Save the attributes we received from the login-function in the $state-array. */
279  assert(is_array($attributes));
280  $state['Attributes'] = $attributes;
281 
282  /* Return control to SimpleSAMLphp after successful authentication. */
283  SimpleSAML_Auth_Source::completeAuth($state);
284  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\stats
static stats($string)
Definition: Logger.php:222
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$password
$password
Definition: cron.php:14
$source
$source
Definition: linkback.php:22
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
$authStateId
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId
Definition: yubikeylogin.php:15
+ Here is the call graph for this function:

◆ isRememberMeChecked()

sspmod_core_Auth_UserPassBase::isRememberMeChecked ( )

Check if the "remember me" checkbox should be checked.

Returns
bool TRUE if enabled, FALSE otherwise.

Definition at line 157 of file UserPassBase.php.

References $rememberMeChecked.

157  {
158  return $this->rememberMeChecked;
159  }
sspmod_core_Auth_UserPassBase\$rememberMeChecked
$rememberMeChecked
Definition: UserPassBase.php:73

◆ isRememberMeEnabled()

sspmod_core_Auth_UserPassBase::isRememberMeEnabled ( )

Check if the "remember me" feature is enabled.

Returns
bool TRUE if enabled, FALSE otherwise.

Definition at line 149 of file UserPassBase.php.

References $rememberMeEnabled.

149  {
150  return $this->rememberMeEnabled;
151  }
sspmod_core_Auth_UserPassBase\$rememberMeEnabled
$rememberMeEnabled
Definition: UserPassBase.php:65

◆ login()

sspmod_core_Auth_UserPassBase::login (   $username,
  $password 
)
abstractprotected

Attempt to log in using the given username and password.

On a successful login, this function should return the users attributes. On failure, it should throw an exception/error. If the error was caused by the user entering the wrong username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.

Note that both the username and the password are UTF-8 encoded.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
Returns
array Associative array with the user's attributes.

Referenced by authenticate().

+ Here is the caller graph for this function:

◆ setForcedUsername()

sspmod_core_Auth_UserPassBase::setForcedUsername (   $forcedUsername)

Set forced username.

Parameters
string | NULL$forcedUsernameThe forced username.

Definition at line 117 of file UserPassBase.php.

References $forcedUsername.

Referenced by sspmod_core_Auth_Source_AdminPassword\__construct().

117  {
118  assert(is_string($forcedUsername) || $forcedUsername === null);
119  $this->forcedUsername = $forcedUsername;
120  }
sspmod_core_Auth_UserPassBase\$forcedUsername
$forcedUsername
Username we should force.
Definition: UserPassBase.php:33
+ Here is the caller graph for this function:

Field Documentation

◆ $forcedUsername

sspmod_core_Auth_UserPassBase::$forcedUsername
private

Username we should force.

A forced username cannot be changed by the user. If this is NULL, we won't force any username.

Definition at line 33 of file UserPassBase.php.

Referenced by authenticate(), and setForcedUsername().

◆ $loginLinks

sspmod_core_Auth_UserPassBase::$loginLinks
protected

Links to pages from login page.

From configuration

Definition at line 39 of file UserPassBase.php.

Referenced by getLoginLinks().

◆ $rememberMeChecked

sspmod_core_Auth_UserPassBase::$rememberMeChecked = FALSE
protected

Definition at line 73 of file UserPassBase.php.

Referenced by isRememberMeChecked().

◆ $rememberMeEnabled

sspmod_core_Auth_UserPassBase::$rememberMeEnabled = FALSE
protected

Definition at line 65 of file UserPassBase.php.

Referenced by isRememberMeEnabled().

◆ $rememberUsernameChecked

sspmod_core_Auth_UserPassBase::$rememberUsernameChecked = FALSE
protected

Definition at line 55 of file UserPassBase.php.

Referenced by getRememberUsernameChecked().

◆ $rememberUsernameEnabled

sspmod_core_Auth_UserPassBase::$rememberUsernameEnabled = FALSE
protected

Definition at line 47 of file UserPassBase.php.

Referenced by getRememberUsernameEnabled().

◆ AUTHID

const sspmod_core_Auth_UserPassBase::AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId'

The key of the AuthId field in the state.

Definition at line 24 of file UserPassBase.php.

◆ STAGEID

const sspmod_core_Auth_UserPassBase::STAGEID = 'sspmod_core_Auth_UserPassBase.state'

The string used to identify our states.

Definition at line 18 of file UserPassBase.php.

The documentation for this class was generated from the following file: