ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
Static Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderLTI Class Reference

OAuth based lti authentication. More...

+ Inheritance diagram for ilAuthProviderLTI:
+ Collaboration diagram for ilAuthProviderLTI:

Static Public Member Functions

static getAuthModeByKey ($a_auth_key)
 Get auth mode by key. More...
 
static getKeyByAuthMode ($a_auth_mode)
 Get auth id by auth mode. More...
 
static getActiveAuthModes ()
 get all active authmode server ids More...
 
static getAuthModes ()
 
static lookupConsumer ($a_sid)
 Lookup consumer title. More...
 
static getServerIdByAuthMode ($a_auth_mode)
 Get auth id by auth mode. More...
 
static isAuthModeLTI ($a_auth_mode)
 Check if user auth mode is LTI. More...
 

Data Fields

const AUTH_MODE_PREFIX = 'lti'
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Protected Member Functions

 findAuthKeyId ($a_oauth_consumer_key)
 find consumer key id type $ilDB More...
 
 findAuthPrefix ($a_lti_id)
 find lti id More...
 
 findGlobalRole ($a_lti_id)
 find global role of consumer More...
 
 findUserId ($a_oauth_user, $a_oauth_id, $a_user_prefix)
 Find user by auth mode and lti id. More...
 
 createUser (ilLTIToolConsumer $consumer)
 create new user More...
 
 updateUser ($a_local_user_id, ilLTIToolConsumer $consumer)
 update existing user More...
 
 handleLocalRoleAssignments ($user_id, ilLTIToolConsumer $consumer)
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $dataConnector = null
 
 $lti_context_id = ""
 

Additional Inherited Members

- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Detailed Description

OAuth based lti authentication.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de
Stefan Schneider

Definition at line 19 of file class.ilAuthProviderLTI.php.

Member Function Documentation

◆ createUser()

ilAuthProviderLTI::createUser ( ilLTIToolConsumer  $consumer)
protected

create new user

protected

Definition at line 218 of file class.ilAuthProviderLTI.php.

References $_POST, $GLOBALS, $ilSetting, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIToolConsumer\getExtConsumerId(), ilLTIToolConsumer\getLanguage(), ilAuthProvider\getLogger(), ilLTIToolConsumer\getPrefix(), ilLTIToolConsumer\getRole(), and IL_PASSWD_CRYPTED.

219  {
220  global $ilClientIniFile, $ilSetting;
221 
222  $userObj = new ilObjUser();
223 
224  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
225  $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
226 
227  $newUser["login"] = $local_user;
228  $newUser["firstname"] = $_POST['lis_person_name_given'];
229  $newUser["lastname"] = $_POST['lis_person_name_family'];
230  $newUser['email'] = $_POST['lis_person_contact_email_primary'];
231 
232 
233  // set "plain md5" password (= no valid password)
234  $newUser["passwd"] = "";
235  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
236 
237  $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
238  $newUser['ext_account'] = $this->getCredentials()->getUsername();
239  $newUser["profile_incomplete"] = 0;
240 
241  // system data
242  $userObj->assignData($newUser);
243  $userObj->setTitle($userObj->getFullname());
244  $userObj->setDescription($userObj->getEmail());
245 
246  // set user language
247  $userObj->setLanguage($consumer->getLanguage());
248 
249  // Time limit
250  $userObj->setTimeLimitOwner(7);
251  $userObj->setTimeLimitUnlimited(0);
252  $userObj->setTimeLimitFrom(time() - 5);
253  $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
254 
255 
256  // Create user in DB
257  $userObj->setOwner(6);
258  $userObj->create();
259  $userObj->setActive(1);
260  $userObj->updateOwner();
261  $userObj->saveAsNew();
262  $userObj->writePrefs();
263 
264  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
265 
266  $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
267  return $userObj->getId();
268  }
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:7
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:376
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId (   $a_oauth_consumer_key)
protected

find consumer key id type $ilDB

Parameters
type$a_oauth_consumer_key
Returns
type

Definition at line 136 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

137  {
138  global $ilDB;
139 
140  $query = 'SELECT consumer_pk from lti2_consumer where consumer_key256 = ' . $ilDB->quote($a_oauth_consumer_key, 'text');
141  // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
142  $this->getLogger()->debug($query);
143  $res = $ilDB->query($query);
144 
145  $lti_id = 0;
146  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
147  $lti_id = $row->consumer_pk;
148  // $lti_id = $row->id;
149  }
150  $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
151  return $lti_id;
152  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix (   $a_lti_id)
protected

find lti id

Parameters
type$a_lti_id

Definition at line 158 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

159  {
160  global $ilDB;
161 
162  $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
163  $this->getLogger()->debug($query);
164  $res = $ilDB->query($query);
165 
166  // $prefix = 'lti'.$a_lti_id.'_';
167  $prefix = '';
168  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
169  $prefix = $row->prefix;
170  }
171  $this->getLogger()->debug('LTI prefix: ' . $prefix);
172  return $prefix;
173  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findGlobalRole()

ilAuthProviderLTI::findGlobalRole (   $a_lti_id)
protected

find global role of consumer

Definition at line 178 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

179  {
180  global $ilDB;
181 
182  $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
183  $this->getLogger()->debug($query);
184  $res = $ilDB->query($query);
185 
186  $role = '';
187  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
188  $role = $row->role;
189  }
190  $this->getLogger()->debug('LTI role: ' . $role);
191  return $role;
192  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ findUserId()

ilAuthProviderLTI::findUserId (   $a_oauth_user,
  $a_oauth_id,
  $a_user_prefix 
)
protected

Find user by auth mode and lti id.

Parameters
type$a_oauth_user
type$a_oauth_id

Definition at line 199 of file class.ilAuthProviderLTI.php.

References ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

200  {
201  $user_name = ilObjUser::_checkExternalAuthAccount(
202  self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
203  $a_oauth_user
204  );
205  $user_id = 0;
206  if ($user_name) {
207  $user_id = ilObjUser::_lookupId($user_name);
208  }
209  $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
210  return $user_id;
211  }
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:831
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3600
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
+ Here is the call graph for this function:

◆ getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )
static

get all active authmode server ids

Definition at line 390 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

391  {
392  global $ilDB;
393 
394  // move to connector
395  $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
396  $res = $ilDB->query($query);
397 
398  $sids = array();
399  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
400  $sids[] = $row->consumer_pk;
401  }
402  return $sids;
403  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey (   $a_auth_key)
static

Get auth mode by key.

Parameters
string$a_auth_mode
Returns
int auth_mode

Definition at line 363 of file class.ilAuthProviderLTI.php.

Referenced by ilAuthUtils\_getAuthModeName().

364  {
365  $auth_arr = explode('_', $a_auth_key);
366  if (count((array) $auth_arr) > 1) {
367  return 'lti_' . $auth_arr[1];
368  }
369  return 'lti';
370  }
+ Here is the caller graph for this function:

◆ getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )
static

Definition at line 405 of file class.ilAuthProviderLTI.php.

References $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

406  {
407  global $ilDB;
408 
409  // move to connector
410  $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
411  $res = $ilDB->query($query);
412 
413  $sids = array();
414  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
415  $sids[] = $row->consumer_pk;
416  }
417  return $sids;
418  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode (   $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int auth_mode

Definition at line 377 of file class.ilAuthProviderLTI.php.

References AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

378  {
379  $auth_arr = explode('_', $a_auth_mode);
380  if (count((array) $auth_arr) > 1) {
381  return AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
382  }
383  return AUTH_PROVIDER_LTI;
384  }
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:30
+ Here is the caller graph for this function:

◆ getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode (   $a_auth_mode)
static

Get auth id by auth mode.

Parameters
type$a_auth_mode
Returns
null

Definition at line 439 of file class.ilAuthProviderLTI.php.

Referenced by ilAuthUtils\getAuthModeTranslation().

440  {
441  if (self::isAuthModeLTI($a_auth_mode)) {
442  $auth_arr = explode('_', $a_auth_mode);
443  return $auth_arr[1];
444  }
445  return null;
446  }
+ Here is the caller graph for this function:

◆ handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments (   $user_id,
ilLTIToolConsumer  $consumer 
)
protected

Definition at line 301 of file class.ilAuthProviderLTI.php.

References $_POST, $GLOBALS, ilAuthProvider\$user_id, ilLTIToolConsumer\getExtConsumerId(), and ilAuthProvider\getLogger().

302  {
303  //$target_ref_id = $_SESSION['lti_current_context_id'];
304  $target_ref_id = $this->ref_id;
305  $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
306  if (!$target_ref_id) {
307  $this->getLogger()->warning('No target id given');
308  return false;
309  }
310 
311  $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
312 
313  // @todo read from lti data
314  $roles = $_POST['roles'];
315  if (!strlen($roles)) {
316  $this->getLogger()->warning('No role information given');
317  return false;
318  }
319  $role_arr = explode(',', $roles);
320  foreach ($role_arr as $role_name) {
321  $role_name = trim($role_name);
322  switch ($role_name) {
323  case 'Administrator':
324  $this->getLogger()->info('Administrator role handling');
325  if ($obj_settings->getAdminRole()) {
326  $GLOBALS['DIC']->rbac()->admin()->assignUser(
327  $obj_settings->getAdminRole(),
328  $user_id
329  );
330  }
331  break;
332 
333  case 'Instructor':
334  $this->getLogger()->info('Instructor role handling');
335  $this->getLogger()->info('Tutor role for request: ' . $obj_settings->getTutorRole());
336  if ($obj_settings->getTutorRole()) {
337  $GLOBALS['DIC']->rbac()->admin()->assignUser(
338  $obj_settings->getTutorRole(),
339  $user_id
340  );
341  }
342  break;
343 
344  case 'Member':
345  case 'Learner':
346  $this->getLogger()->info('Member role handling');
347  if ($obj_settings->getMemberRole()) {
348  $GLOBALS['DIC']->rbac()->admin()->assignUser(
349  $obj_settings->getMemberRole(),
350  $user_id
351  );
352  }
353  break;
354  }
355  }
356  }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI (   $a_auth_mode)
static

Check if user auth mode is LTI.

Parameters
type$a_auth_mode

Definition at line 452 of file class.ilAuthProviderLTI.php.

References AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

453  {
454  if (!$a_auth_mode) {
455  ilLoggerFactory::getLogger('lti')->warning('No auth mode given.');
456  return false;
457  }
458  $auth_arr = explode('_', $a_auth_mode);
459  return ($auth_arr[0] == AUTH_PROVIDER_LTI) and $auth_arr[1];
460  }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:30
+ Here is the call graph for this function:

◆ lookupConsumer()

static ilAuthProviderLTI::lookupConsumer (   $a_sid)
static

Lookup consumer title.

Parameters
type$a_sid
Returns
type

Definition at line 425 of file class.ilAuthProviderLTI.php.

References ilLTIToolConsumer\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

426  {
427  include_once './Services/LTI/classes/class.ilLTIDataConnector.php';
428  $connector = new ilLTIDataConnector();
429  include_once './Services/LTI/classes/InternalProvider/class.ilLTIToolConsumer.php';
430  $consumer = ilLTIToolConsumer::fromRecordId($a_sid, $connector);
431  return $consumer->getTitle();
432  }
ilLTIToolConsumer\fromRecordId
static fromRecordId($id, $dataConnector)
Load the tool consumer from the database by its record ID.
Definition: class.ilLTIToolConsumer.php:223
ilLTIDataConnector
Class to represent an LTI Data Connector for ILIAS.
Definition: class.ilLTIDataConnector.php:26
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderLTI::updateUser (   $a_local_user_id,
ilLTIToolConsumer  $consumer 
)
protected

update existing user

protected

Definition at line 275 of file class.ilAuthProviderLTI.php.

References $_POST, $GLOBALS, $ilLog, ilAuthProvider\getLogger(), and ilLTIToolConsumer\getRole().

276  {
277  global $ilClientIniFile,$ilLog,$rbacadmin;
278 
279  $user_obj = new ilObjUser($a_local_user_id);
280  $user_obj->setFirstname($_POST['lis_person_name_given']);
281  $user_obj->setLastname($_POST['lis_person_name_family']);
282  $user_obj->setEmail($_POST['lis_person_contact_email_primary']);
283  $user_obj->setActive(true);
284 
285  $until = $user_obj->getTimeLimitUntil();
286 
287  if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
288  $user_obj->setTimeLimitFrom(time() - 60);
289  $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
290  }
291  $user_obj->update();
292  $user_obj->refreshLogin();
293 
294  $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
295  $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
296 
297  $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
298  return $user_obj->getId();
299  }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

Field Documentation

◆ $dataConnector

ilAuthProviderLTI::$dataConnector = null
private

Definition at line 22 of file class.ilAuthProviderLTI.php.

◆ $lti_context_id

ilAuthProviderLTI::$lti_context_id = ""
private

Definition at line 23 of file class.ilAuthProviderLTI.php.

◆ AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 21 of file class.ilAuthProviderLTI.php.

The documentation for this class was generated from the following file: