ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilAuthProviderApache.php
Go to the documentation of this file.
1 <?php declare(strict_types=1);
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
8 class ilAuthProviderApache extends ilAuthProvider implements ilAuthProviderInterface, ilAuthProviderAccountMigrationInterface
9 {
10  const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1;
11  const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2;
12  const APACHE_AUTH_TYPE_BY_FUNCTION = 3;
13 
14  private $settings = null;
15 
16  private $migration_account = '';
17  private $force_new_account = false;
18 
23  public function __construct(ilAuthCredentials $credentials)
24  {
25  parent::__construct($credentials);
26  $this->settings = new ilSetting('apache_auth');
27  }
28 
33  protected function getSettings() : ilSetting
34  {
35  return $this->settings;
36  }
37 
41  public function doAuthentication(ilAuthStatus $status)
42  {
43  if (!$this->getSettings()->get('apache_enable_auth')) {
44  $this->getLogger()->info('Apache auth disabled.');
45  $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
46  return false;
47  }
48 
49  if (
50  !$this->getSettings()->get('apache_auth_indicator_name') ||
51  !$this->getSettings()->get('apache_auth_indicator_value')
52  ) {
53  $this->getLogger()->warning('Apache auth indicator match failure.');
54  $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
55  return false;
56  }
57 
58  $validIndicatorValues = array_filter(array_map(
59  'trim',
60  str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))
61  ));
62  if (!in_array($_SERVER[$this->getSettings()->get('apache_auth_indicator_name')], $validIndicatorValues)) {
63  $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
64  $this->handleAuthenticationFail($status, 'err_wrong_login');
65  return false;
66  }
67 
68  if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
69  $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
70  $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
71  return false;
72  }
73 
74  if (!strlen($this->getCredentials()->getUsername())) {
75  $this->getLogger()->info('No username given');
76  $this->handleAuthenticationFail($status, 'err_wrong_login');
77  return false;
78  }
79 
80  // Apache with ldap as data source
81  if ($this->getSettings()->get('apache_enable_ldap')) {
82  return $this->handleLDAPDataSource($status);
83  }
84 
85  $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
86  $usr_id = ilObjUser::_lookupId($login);
87  if (!$usr_id) {
88  $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
89  $this->handleAuthenticationFail($status, 'err_wrong_login');
90  return false;
91  }
92 
93  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
94  $status->setAuthenticatedUserId($usr_id);
95  return true;
96  }
97 
101  public function migrateAccount(ilAuthStatus $status)
102  {
103  $this->force_new_account = true;
104  if ($this->getSettings()->get('apache_enable_ldap')) {
105  return $this->handleLDAPDataSource($status);
106  }
107  }
108 
112  public function createNewAccount(ilAuthStatus $status)
113  {
114  $this->force_new_account = true;
115  if ($this->getSettings()->get('apache_enable_ldap')) {
116  return $this->handleLDAPDataSource($status);
117  }
118  }
119 
123  public function getExternalAccountName()
124  {
125  return $this->migration_account;
126  }
127 
131  public function setExternalAccountName(string $name) : void
132  {
133  $this->migration_account = $name;
134  }
135 
139  public function getTriggerAuthMode()
140  {
141  return AUTH_APACHE;
142  }
143 
147  public function getUserAuthModeName()
148  {
149  if ($this->getSettings()->get('apache_ldap_sid')) {
150  return 'ldap_' . (string) $this->getSettings()->get('apache_ldap_sid');
151  }
152 
153  return 'apache';
154  }
155 
159  protected function handleLDAPDataSource(ilAuthStatus $status) : bool
160  {
161  $server = ilLDAPServer::getInstanceByServerId(
162  $this->getSettings()->get('apache_ldap_sid')
163  );
164 
165  $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
166 
167  $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
168  $sync->setExternalAccount($this->getCredentials()->getUsername());
169  $sync->setUserData(array());
170  $sync->forceCreation($this->force_new_account);
171  $sync->forceReadLdapData(true);
172 
173  try {
174  $internal_account = $sync->sync();
175  $this->getLogger()->debug('Internal account: ' . $internal_account);
176  } catch (UnexpectedValueException $e) {
177  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
178  $this->handleAuthenticationFail($status, 'err_wrong_login');
179  return false;
180  } catch (ilLDAPSynchronisationFailedException $e) {
181  $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
182  return false;
183  }
184  catch (ilLDAPSynchronisationForbiddenException $e) {
185  // No syncronisation allowed => create Error
186  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
187  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
188  return false;
189  } catch (ilLDAPAccountMigrationRequiredException $e) {
190  // Account migration required
191  $this->setExternalAccountName($this->getCredentials()->getUsername());
192  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
193  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
194  return false;
195  }
196 
197  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
198  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
199  return true;
200  }
201 }
$login
$login
Definition: cron.php:13
ilAuthProviderApache\migrateAccount
migrateAccount(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:101
settings
settings()
Definition: settings.php:2
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
ilAuthProviderApache\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:41
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:10
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:159
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:831
ilAuthProviderApache\createNewAccount
createNewAccount(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:112
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:66
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
$name
if($format !==null) $name
Definition: metadata.php:230
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilAuthProviderApache\__construct
__construct(ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderApache.php:23
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3600
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$server
$server
Definition: dummy_client.php:12
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1305
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:30
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20