ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilOpenIdConnectSettingsGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
11class ilOpenIdConnectSettingsGUI
12{
13 const STAB_SETTINGS = 'settings';
14 const STAB_PROFILE = 'profile';
15 const STAB_ROLES = 'roles';
16
17 const DEFAULT_CMD = 'settings';
18
22 private $ref_id = 0;
23
24
28 private $settings = null;
29
33 protected $lng = null;
34
38 protected $ctrl = null;
39
43 protected $logger = null;
44
48 protected $access = null;
49
53 protected $review;
54
58 protected $error = null;
59
63 protected $mainTemplate = null;
64
68 protected $tabs = null;
69
73 public function __construct($a_ref_id)
74 {
75 global $DIC;
76
77 $this->ref_id = $a_ref_id;
78
79 $this->lng = $DIC->language();
80 $this->lng->loadLanguageModule('auth');
81
82 $this->mainTemplate = $DIC->ui()->mainTemplate();
83 $this->tabs = $DIC->tabs();
84 $this->ctrl = $DIC->ctrl();
85 $this->logger = $DIC->logger()->auth();
86
87 $this->access = $DIC->access();
88 $this->review = $DIC->rbac()->review();
89 $this->error = $DIC['ilErr'];
90
91
92 $this->settings = ilOpenIdConnectSettings::getInstance();
93 }
94
98 protected function checkAccess($a_permission)
99 {
100 if (!$this->checkAccessBool($a_permission)) {
101 $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
102 }
103 }
104
109 protected function checkAccessBool($a_permission)
110 {
111 return $this->access->checkAccess($a_permission, '', $this->ref_id);
112 }
113
114
118 public function executeCommand()
119 {
120 $this->checkAccess('read');
121
122 switch ($this->ctrl->getNextClass()) {
123 default:
124 $cmd = $this->ctrl->getCmd(self::DEFAULT_CMD);
125 $this->$cmd();
126 break;
127 }
128 }
129
133 protected function settings(ilPropertyFormGUI $form = null)
134 {
135 $this->checkAccess('read');
136 $this->setSubTabs(self::STAB_SETTINGS);
137
138
139 if (!$form instanceof ilPropertyFormGUI) {
140 $form = $this->initSettingsForm();
141 }
142
143 $this->mainTemplate->setContent($form->getHTML());
144 }
145
149 protected function initSettingsForm()
150 {
151 $form = new ilPropertyFormGUI();
152 $form->setTitle($this->lng->txt('auth_oidc_settings_title'));
153 $form->setFormAction($this->ctrl->getFormAction($this));
154
155 // activation
156 $activation = new ilCheckboxInputGUI(
157 $this->lng->txt('auth_oidc_settings_activation'),
158 'activation'
159 );
160 $activation->setChecked($this->settings->getActive());
161 $form->addItem($activation);
162
163 // provider
164 $provider = new ilTextInputGUI(
165 $this->lng->txt('auth_oidc_settings_provider'),
166 'provider'
167 );
168 $provider->setRequired(true);
169 $provider->setValue($this->settings->getProvider());
170 $form->addItem($provider);
171
172 $client_id = new ilTextInputGUI(
173 $this->lng->txt('auth_oidc_settings_client_id'),
174 'client_id'
175 );
176 $client_id->setRequired(true);
177 $client_id->setValue($this->settings->getClientId());
178 $form->addItem($client_id);
179
180 // secret
181 $secret = new ilPasswordInputGUI(
182 $this->lng->txt('auth_oidc_settings_secret'),
183 'secret'
184 );
185 $secret->setSkipSyntaxCheck(true);
186 $secret->setRetype(false);
187 $secret->setRequired(false);
188 if (strlen($this->settings->getSecret())) {
189 $secret->setValue('******');
190 }
191 $form->addItem($secret);
192
193 // login element
194 $login_element = new ilRadioGroupInputGUI(
195 $this->lng->txt('auth_oidc_settings_le'),
196 'le'
197 );
198 $login_element->setRequired(true);
199 $login_element->setValue($this->settings->getLoginElementType());
200 $form->addItem($login_element);
201
202 // le -> type text
203 $text_option = new ilRadioOption(
204 $this->lng->txt('auth_oidc_settings_txt'),
205 ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT
206 );
207 $login_element->addOption($text_option);
208
209 // le -> type text -> text
210 $text = new ilTextInputGUI(
211 '',
212 'le_text'
213 );
214 $text->setValue($this->settings->getLoginElemenText());
215 $text->setMaxLength(120);
216 $text->setInfo($this->lng->txt('auth_oidc_settings_txt_val_info'));
217 $text_option->addSubItem($text);
218
219 // le -> type img
220 $img_option = new ilRadioOption(
221 $this->lng->txt('auth_oidc_settings_img'),
222 ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG
223 );
224 $login_element->addOption($img_option);
225
226 $image = new ilImageFileInputGUI(
227 '',
228 'le_img'
229 );
230 $image->setALlowDeletion(false);
231
232 if ($this->settings->hasImageFile()) {
233 $image->setImage($this->settings->getImageFilePath());
234 }
235 $image->setInfo($this->lng->txt('auth_oidc_settings_img_file_info'));
236 $img_option->addSubItem($image);
237
238 // login options
239 $login_options = new ilRadioGroupInputGUI(
240 $this->lng->txt('auth_oidc_settings_login_options'),
241 'login_prompt'
242 );
243 $login_options->setValue($this->settings->getLoginPromptType());
244
245 // enforce login
246 $enforce = new ilRadioOption(
247 $this->lng->txt('auth_oidc_settings_login_option_enforce'),
248 ilOpenIdConnectSettings::LOGIN_ENFORCE
249 );
250 $enforce->setInfo($this->lng->txt('auth_oidc_settings_login_option_enforce_info'));
251 $login_options->addOption($enforce);
252
253 // default login
254 $default = new ilRadioOption(
255 $this->lng->txt('auth_oidc_settings_login_option_default'),
256 ilOpenIdConnectSettings::LOGIN_STANDARD
257 );
258 $default->setInfo($this->lng->txt('auth_oidc_settings_login_option_default_info'));
259 $login_options->addOption($default);
260
261 $form->addItem($login_options);
262
263 // logout scope
264 $logout_scope = new ilRadioGroupInputGUI(
265 $this->lng->txt('auth_oidc_settings_logout_scope'),
266 'logout_scope'
267 );
268 $logout_scope->setValue($this->settings->getLogoutScope());
269
270 // scope global
271 $global_scope = new ilRadioOption(
272 $this->lng->txt('auth_oidc_settings_logout_scope_global'),
273 ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL
274 );
275 $global_scope->setInfo($this->lng->txt('auth_oidc_settings_logout_scope_global_info'));
276 $logout_scope->addOption($global_scope);
277
278 // ilias scope
279 $ilias_scope = new ilRadioOption(
280 $this->lng->txt('auth_oidc_settings_logout_scope_local'),
281 ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL
282 );
283 $logout_scope->addOption($ilias_scope);
284
285 $form->addItem($logout_scope);
286
287 $use_custom_session = new ilCheckboxInputGUI(
288 $this->lng->txt('auth_oidc_settings_custom_session_duration_type'),
289 'custom_session'
290 );
291 $use_custom_session->setOptionTitle(
292 $this->lng->txt('auth_oidc_settings_custom_session_duration_option')
293 );
294 $use_custom_session->setChecked($this->settings->isCustomSession());
295 $form->addItem($use_custom_session);
296
297 // session duration
298 $session = new ilNumberInputGUI(
299 $this->lng->txt('auth_oidc_settings_session_duration'),
300 'session_duration'
301 );
302 $session->setValue($this->settings->getSessionDuration());
303 $session->setSuffix($this->lng->txt('minutes'));
304 $session->setMinValue(5);
305 $session->setMaxValue(1440);
306 $session->setRequired(true);
307 $use_custom_session->addSubItem($session);
308
309 if ($this->checkAccessBool('write')) {
310 // save button
311 $form->addCommandButton('saveSettings', $this->lng->txt('save'));
312 }
313
314
315 // User sync settings --------------------------------------------------------------
316 $user_sync = new ilFormSectionHeaderGUI();
317 $user_sync->setTitle($this->lng->txt('auth_oidc_settings_section_user_sync'));
318 $form->addItem($user_sync);
319
320 $sync = new ilCheckboxInputGUI(
321 $this->lng->txt('auth_oidc_settings_user_sync'),
322 'sync'
323 );
324 $sync->setChecked($this->settings->isSyncAllowed());
325 $sync->setInfo($this->lng->txt('auth_oidc_settings_user_sync_info'));
326 $sync->setValue(1);
327 $form->addItem($sync);
328
329 $roles = new ilSelectInputGUI(
330 $this->lng->txt('auth_oidc_settings_default_role'),
331 'role'
332 );
333 $roles->setValue($this->settings->getRole());
334 $roles->setInfo($this->lng->txt('auth_oidc_settings_default_role_info'));
335 $roles->setOptions($this->prepareRoleSelection());
336 $roles->setRequired(true);
337 $sync->addSubItem($roles);
338
339 $user_attr = new ilTextInputGUI(
340 $this->lng->txt('auth_oidc_settings_user_attr'),
341 'username'
342 );
343 $user_attr->setValue($this->settings->getUidField());
344 $user_attr->setRequired(true);
345 $form->addItem($user_attr);
346
347 return $form;
348 }
349
353 protected function saveSettings()
354 {
355 $this->checkAccess('write');
356
357 $form = $this->initSettingsForm();
358 if (!$form->checkInput()) {
359 ilUtil::sendFailure(
360 $this->lng->txt('err_check_input')
361 );
362 $form->setValuesByPost();
363 $this->settings($form);
364 return;
365 }
366
367 $this->settings->setActive((bool) $form->getInput('activation'));
368 $this->settings->setProvider((string) $form->getInput('provider'));
369 $this->settings->setClientId((string) $form->getInput('client_id'));
370 if (strlen($form->getInput('secret')) && strcmp($form->getInput('secret'), '******') !== 0) {
371 $this->settings->setSecret((string) $form->getInput('secret'));
372 }
373 $this->settings->setLoginElementType((int) $form->getInput('le'));
374 $this->settings->setLoginElementText((string) $form->getInput('le_text'));
375 $this->settings->setLoginPromptType((int) $form->getInput('login_prompt'));
376 $this->settings->setLogoutScope((int) $form->getInput('logout_scope'));
377 $this->settings->useCustomSession((bool) $form->getInput('custom_session'));
378 $this->settings->setSessionDuration((int) $form->getInput('session_duration'));
379 $this->settings->allowSync((bool) $form->getInput('sync'));
380 $this->settings->setRole((int) $form->getInput('role'));
381 $this->settings->setUidField((string) $form->getInput('username'));
382
383 $fileData = (array) $form->getInput('le_img');
384
385 if (strlen($fileData['tmp_name'])) {
386 $this->saveImageFromHttpRequest();
387 }
388
389 $this->settings->save();
390
391 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
392 $this->ctrl->redirect($this, 'settings');
393 }
394
398 protected function saveImageFromHttpRequest()
399 {
400 global $DIC;
401
402 try {
403 $upload = $DIC->upload();
404 if (!$upload->hasBeenProcessed()) {
405 $upload->process();
406 }
407 foreach ($upload->getResults() as $single_file_upload) {
408 if ($single_file_upload->getStatus() == \ILIAS\FileUpload\DTO\ProcessingStatus::OK) {
409 $this->settings->deleteImageFile();
410 $upload->moveFilesTo(
411 ilOpenIdConnectSettings::FILE_STORAGE,
412 \ILIAS\FileUpload\Location::WEB
413 );
414 $this->settings->setLoginElementImage($single_file_upload->getName());
415 }
416 }
417 } catch (\ILIAS\Filesystem\Exception\IllegalStateException $e) {
418 $this->logger->warning('Upload failed with message: ' . $e->getMessage());
419 }
420 }
421
426 protected function prepareRoleSelection($a_with_select_option = true) : array
427 {
428 $global_roles = ilUtil::_sortIds(
429 $this->review->getGlobalRoles(),
430 'object_data',
431 'title',
432 'obj_id'
433 );
434
435 $select = [];
436 if ($a_with_select_option) {
437 $select[0] = $this->lng->txt('links_select_one');
438 }
439 foreach ($global_roles as $role_id) {
440 if ($role_id == ANONYMOUS_ROLE_ID) {
441 continue;
442 }
443 $select[$role_id] = ilObject::_lookupTitle($role_id);
444 }
445 return $select;
446 }
447
448
452 protected function profile(ilPropertyFormGUI $form = null)
453 {
454 $this->checkAccess('read');
455 $this->setSubTabs(self::STAB_PROFILE);
456
457 if (!$form instanceof ilPropertyFormGUI) {
458 $form = $this->initProfileForm();
459 }
460 $this->mainTemplate->setContent($form->getHTML());
461 }
462
466 protected function initProfileForm() : \ilPropertyFormGUI
467 {
468 $form = new ilPropertyFormGUI();
469 $form->setTitle($this->lng->txt('auth_oidc_mapping_table'));
470 $form->setFormAction($this->ctrl->getFormAction($this, 'saveProfile'));
471
472 foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
473 $text_form = new ilTextInputGUI($this->lng->txt($lng_key));
474 $text_form->setPostVar($field . "_value");
475 $text_form->setValue($this->settings->getProfileMappingFieldValue($field));
476 $form->addItem($text_form);
477
478 $checkbox_form = new ilCheckboxInputGUI('');
479 $checkbox_form->setValue(1);
480 $checkbox_form->setPostVar($field . "_update");
481 $checkbox_form->setChecked($this->settings->getProfileMappingFieldUpdate($field));
482 $checkbox_form->setOptionTitle($this->lng->txt('auth_oidc_update_field_info'));
483 $form->addItem($checkbox_form);
484 }
485
486 if ($this->checkAccessBool('write')) {
487 $form->addCommandButton('saveProfile', $this->lng->txt('save'));
488 }
489 return $form;
490 }
491
495 protected function saveProfile()
496 {
497 $this->checkAccessBool('write');
498
499 $form = $this->initProfileForm();
500 if (!$form->checkInput()) {
501 ilUtil::sendFailure($this->lng->txt('err_check_input'));
502 $form->setValuesByPost();
503 $this->profile($form);
504 return false;
505 }
506
507 foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
508 $this->settings->setProfileMappingFieldValue(
509 $field,
510 $form->getInput($field . '_value')
511 );
512 $this->settings->setProfileMappingFieldUpdate(
513 $field,
514 $form->getInput($field . '_update')
515 );
516 }
517 $this->settings->save();
518 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
519 $this->ctrl->redirect($this, self::STAB_PROFILE);
520 }
521
525 protected function roles(\ilPropertyFormGUI $form = null)
526 {
527 $this->checkAccess('read');
528 $this->setSubTabs(self::STAB_ROLES);
529
530 if (!$form instanceof ilPropertyFormGUI) {
531 $form = $this->initRolesForm();
532 }
533 $this->mainTemplate->setContent($form->getHTML());
534 }
535
539 protected function initRolesForm()
540 {
541 $form = new ilPropertyFormGUI();
542 $form->setTitle($this->lng->txt('auth_oidc_role_mapping_table'));
543 $form->setFormAction($this->ctrl->getFormAction($this, self::STAB_ROLES));
544
545 foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
546 $role_map = new ilTextInputGUI(
547 $role_title,
548 'role_map_' . $role_id
549 );
550 $role_map->setInfo($this->lng->txt('auth_oidc_role_info'));
551 $role_map->setValue($this->settings->getRoleMappingValueForId($role_id));
552 $form->addItem($role_map);
553
554 $update = new ilCheckboxInputGUI(
555 '',
556 'role_map_update_' . $role_id
557 );
558 $update->setOptionTitle($this->lng->txt('auth_oidc_update_role_info'));
559 $update->setValue(1);
560 $update->setChecked(!$this->settings->getRoleMappingUpdateForId($role_id));
561 $form->addItem($update);
562 }
563
564 if ($this->checkAccessBool('write')) {
565 $form->addCommandButton('saveRoles', $this->lng->txt('save'));
566 }
567 return $form;
568 }
569
573 protected function saveRoles()
574 {
575 $this->checkAccess('write');
576 $form = $this->initRolesForm();
577 if ($form->checkInput()) {
578 $this->logger->dump($_POST, \ilLogLevel::DEBUG);
579
580
581 $role_settings = [];
582 $role_valid = true;
583 foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
584 if (!strlen(trim($form->getInput('role_map_' . $role_id)))) {
585 continue;
586 }
587
588 $role_params = explode('::', $form->getInput('role_map_' . $role_id));
589 $this->logger->dump($role_params, \ilLogLevel::DEBUG);
590
591 if (count($role_params) !== 2) {
592 $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
593 $role_valid = false;
594 continue;
595 }
596 $role_settings[$role_id]['update'] = (bool) !$form->getInput('role_map_update_' . $role_id);
597 $role_settings[$role_id]['value'] = (string) $form->getInput('role_map_' . $role_id);
598 }
599
600 if (!$role_valid) {
601 $form->setValuesByPost();
602 \ilUtil::sendFailure($this->lng->txt('err_check_input'));
603 $this->roles($form);
604 return;
605 }
606
607 $this->settings->setRoleMappings($role_settings);
608 $this->settings->save();
609 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
610 $this->ctrl->redirect($this, 'roles');
611 }
612
613 $form->setValuesByPost();
614 \ilUtil::sendFailure($this->lng->txt('err_check_input'));
615 $this->roles($form);
616 }
617
621 protected function setSubTabs(string $active_tab)
622 {
623 $this->tabs->addSubTab(
624 self::STAB_SETTINGS,
625 $this->lng->txt('auth_oidc_' . self::STAB_SETTINGS),
626 $this->ctrl->getLinkTarget($this, self::STAB_SETTINGS)
627 );
628 $this->tabs->addSubTab(
629 self::STAB_PROFILE,
630 $this->lng->txt('auth_oidc_' . self::STAB_PROFILE),
631 $this->ctrl->getLinkTarget($this, self::STAB_PROFILE)
632 );
633 $this->tabs->addSubTab(
634 self::STAB_ROLES,
635 $this->lng->txt('auth_oidc_' . self::STAB_ROLES),
636 $this->ctrl->getLinkTarget($this, self::STAB_ROLES)
637 );
638
639 $this->tabs->activateSubTab($active_tab);
640 }
641}
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
php
An exception for terminatinating execution or to throw for unit testing.
error
error($a_errmsg)
set error message @access public
Definition: class.ilIniFile.php:395
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilFormSectionHeaderGUI
This class represents a section header in a property form.
Definition: class.ilFormSectionHeaderGUI.php:32
ilImageFileInputGUI
This class represents an image file property in a property form.
Definition: class.ilImageFileInputGUI.php:12
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:15
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilOpenIdConnectSettingsGUI
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectSettingsGUI.php:12
ilOpenIdConnectSettingsGUI\prepareRoleSelection
prepareRoleSelection($a_with_select_option=true)
Definition: class.ilOpenIdConnectSettingsGUI.php:426
ilOpenIdConnectSettingsGUI\initSettingsForm
initSettingsForm()
Init general settings form.
Definition: class.ilOpenIdConnectSettingsGUI.php:149
ilOpenIdConnectSettingsGUI\settings
settings(ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:133
ilOpenIdConnectSettingsGUI\setSubTabs
setSubTabs(string $active_tab)
Set sub tabs.
Definition: class.ilOpenIdConnectSettingsGUI.php:621
ilOpenIdConnectSettingsGUI\saveImageFromHttpRequest
saveImageFromHttpRequest()
Save image from http request.
Definition: class.ilOpenIdConnectSettingsGUI.php:398
ilOpenIdConnectSettingsGUI\roles
roles(\ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:525
ilOpenIdConnectSettingsGUI\__construct
__construct($a_ref_id)
ilOpenIdConnectSettingsGUI constructor.
Definition: class.ilOpenIdConnectSettingsGUI.php:73
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:146
ilPasswordInputGUI
This class represents a password property in a property form.
Definition: class.ilPasswordInputGUI.php:12
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:18
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4407
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4519
$client_id
$client_id
Definition: inc.client_tabs.php:19
Filesystem
Class FlySystemFileAccessTest.
ILIAS
Class ChatMainBarProvider \MainMenu\Provider.
$session
$session
Definition: proxy_ylocal.php:32
$DIC
$DIC
Definition: xapitoken.php:46