ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilOpenIdConnectSettingsGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
12{
13 const STAB_SETTINGS = 'settings';
14 const STAB_PROFILE = 'profile';
15 const STAB_ROLES = 'roles';
16
17 const DEFAULT_CMD = 'settings';
18
22 private $ref_id = 0;
23
24
28 private $settings = null;
29
33 protected $lng = null;
34
38 protected $ctrl = null;
39
43 protected $logger = null;
44
48 protected $access = null;
49
53 protected $review;
54
58 protected $error = null;
59
63 protected $mainTemplate = null;
64
68 protected $tabs = null;
69
73 public function __construct($a_ref_id)
74 {
75 global $DIC;
76
77 $this->ref_id = $a_ref_id;
78
79 $this->lng = $DIC->language();
80 $this->lng->loadLanguageModule('auth');
81
82 $this->mainTemplate = $DIC->ui()->mainTemplate();
83 $this->tabs = $DIC->tabs();
84 $this->ctrl = $DIC->ctrl();
85 $this->logger = $DIC->logger()->auth();
86
87 $this->access = $DIC->access();
88 $this->review = $DIC->rbac()->review();
89 $this->error = $DIC['ilErr'];
90
91
93 }
94
98 protected function checkAccess($a_permission)
99 {
100 if (!$this->checkAccessBool($a_permission)) {
101 $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
102 }
103 }
104
109 protected function checkAccessBool($a_permission)
110 {
111 return $this->access->checkAccess($a_permission, '', $this->ref_id);
112 }
113
114
118 public function executeCommand()
119 {
120 $this->checkAccess('read');
121
122 switch ($this->ctrl->getNextClass()) {
123 default:
124 $cmd = $this->ctrl->getCmd(self::DEFAULT_CMD);
125 $this->$cmd();
126 break;
127 }
128 }
129
133 protected function settings(ilPropertyFormGUI $form = null)
134 {
135 $this->checkAccess('read');
136 $this->setSubTabs(self::STAB_SETTINGS);
137
138
139 if (!$form instanceof ilPropertyFormGUI) {
140 $form = $this->initSettingsForm();
141 }
142
143 $this->mainTemplate->setContent($form->getHTML());
144 }
145
149 protected function initSettingsForm()
150 {
151 $form = new ilPropertyFormGUI();
152 $form->setTitle($this->lng->txt('auth_oidc_settings_title'));
153 $form->setFormAction($this->ctrl->getFormAction($this));
154
155 // activation
156 $activation = new ilCheckboxInputGUI(
157 $this->lng->txt('auth_oidc_settings_activation'),
158 'activation'
159 );
160 $activation->setChecked($this->settings->getActive());
161 $form->addItem($activation);
162
163 // provider
164 $provider = new ilTextInputGUI(
165 $this->lng->txt('auth_oidc_settings_provider'),
166 'provider'
167 );
168 $provider->setRequired(true);
169 $provider->setValue($this->settings->getProvider());
170 $form->addItem($provider);
171
173 $this->lng->txt('auth_oidc_settings_client_id'),
174 'client_id'
175 );
176 $client_id->setRequired(true);
177 $client_id->setValue($this->settings->getClientId());
178 $form->addItem($client_id);
179
180 // secret
181 $secret = new ilPasswordInputGUI(
182 $this->lng->txt('auth_oidc_settings_secret'),
183 'secret'
184 );
185 $secret->setSkipSyntaxCheck(true);
186 $secret->setRetype(false);
187 $secret->setRequired(false);
188 if (strlen($this->settings->getSecret())) {
189 $secret->setValue('******');
190 }
191 $form->addItem($secret);
192
193 $default_scope = new ilTextInputGUI(
194 $this->lng->txt('auth_oidc_settings_additional_scopes'),
195 "default_scope"
196 );
197 $default_scope->setValue(ilOpenIdConnectSettings::DEFAULT_SCOPE);
198 $default_scope->setDisabled(true);
199 $form->addItem($default_scope);
200
201 $scopes = new ilTextInputGUI(
202 "",
203 "scopes"
204 );
205 $scopes->setMulti(true);
206 $scopeValues = $this->settings->getAdditionalScopes();
207 $scopes->setValue($scopeValues[0]);
208 $scopes->setMultiValues($scopeValues);
209 $form->addItem($scopes);
210
211 // validation options
212 $validation_options = new ilRadioGroupInputGUI(
213 $this->lng->txt('auth_oidc_settings_validate_scopes'),
214 'validate_scopes'
215 );
216 $validation_options->setValue((string) $this->settings->getValidateScopes());
217 $form->addItem($validation_options);
218
219 $base_valid_url_option = new ilRadioOption(
220 $this->lng->txt('auth_oidc_settings_validate_scope_default'),
222 );
223
224 $validation_options->addOption($base_valid_url_option);
225
226 $custom_validation_url = new ilTextInputGUI(
227 '',
228 'custom_discovery_url'
229 );
230
231 $custom_valid_url_option = new ilRadioOption(
232 $this->lng->txt('auth_oidc_settings_validate_scope_custom'),
234 );
235 $validation_options->addOption($custom_valid_url_option);
236 $custom_validation_url->setValue($this->settings->getCustomDiscoveryUrl() ?? '');
237 $custom_validation_url->setMaxLength(120);
238 $custom_validation_url->setInfo($this->lng->txt('auth_oidc_settings_discovery_url'));
239 $custom_valid_url_option->addSubItem($custom_validation_url);
240 $no_validation_option = new ilRadioOption(
241 $this->lng->txt('auth_oidc_settings_validate_scope_none'),
243 );
244 $validation_options->addOption($no_validation_option);
245
246 // login element
247 $login_element = new ilRadioGroupInputGUI(
248 $this->lng->txt('auth_oidc_settings_le'),
249 'le'
250 );
251 $login_element->setRequired(true);
252 $login_element->setValue($this->settings->getLoginElementType());
253 $form->addItem($login_element);
254
255 // le -> type text
256 $text_option = new ilRadioOption(
257 $this->lng->txt('auth_oidc_settings_txt'),
259 );
260 $login_element->addOption($text_option);
261
262 // le -> type text -> text
263 $text = new ilTextInputGUI(
264 '',
265 'le_text'
266 );
267 $text->setValue($this->settings->getLoginElemenText());
268 $text->setMaxLength(120);
269 $text->setInfo($this->lng->txt('auth_oidc_settings_txt_val_info'));
270 $text_option->addSubItem($text);
271
272 // le -> type img
273 $img_option = new ilRadioOption(
274 $this->lng->txt('auth_oidc_settings_img'),
276 );
277 $login_element->addOption($img_option);
278
279 $image = new ilImageFileInputGUI(
280 '',
281 'le_img'
282 );
283 $image->setALlowDeletion(false);
284
285 if ($this->settings->hasImageFile()) {
286 $image->setImage($this->settings->getImageFilePath());
287 }
288 $image->setInfo($this->lng->txt('auth_oidc_settings_img_file_info'));
289 $img_option->addSubItem($image);
290
291 // login options
292 $login_options = new ilRadioGroupInputGUI(
293 $this->lng->txt('auth_oidc_settings_login_options'),
294 'login_prompt'
295 );
296 $login_options->setValue($this->settings->getLoginPromptType());
297
298 // enforce login
299 $enforce = new ilRadioOption(
300 $this->lng->txt('auth_oidc_settings_login_option_enforce'),
302 );
303 $enforce->setInfo($this->lng->txt('auth_oidc_settings_login_option_enforce_info'));
304 $login_options->addOption($enforce);
305
306 // default login
307 $default = new ilRadioOption(
308 $this->lng->txt('auth_oidc_settings_login_option_default'),
310 );
311 $default->setInfo($this->lng->txt('auth_oidc_settings_login_option_default_info'));
312 $login_options->addOption($default);
313
314 $form->addItem($login_options);
315
316 // logout scope
317 $logout_scope = new ilRadioGroupInputGUI(
318 $this->lng->txt('auth_oidc_settings_logout_scope'),
319 'logout_scope'
320 );
321 $logout_scope->setValue($this->settings->getLogoutScope());
322
323 // scope global
324 $global_scope = new ilRadioOption(
325 $this->lng->txt('auth_oidc_settings_logout_scope_global'),
327 );
328 $global_scope->setInfo($this->lng->txt('auth_oidc_settings_logout_scope_global_info'));
329 $logout_scope->addOption($global_scope);
330
331 // ilias scope
332 $ilias_scope = new ilRadioOption(
333 $this->lng->txt('auth_oidc_settings_logout_scope_local'),
335 );
336 $logout_scope->addOption($ilias_scope);
337
338 $form->addItem($logout_scope);
339
340 $use_custom_session = new ilCheckboxInputGUI(
341 $this->lng->txt('auth_oidc_settings_custom_session_duration_type'),
342 'custom_session'
343 );
344 $use_custom_session->setOptionTitle(
345 $this->lng->txt('auth_oidc_settings_custom_session_duration_option')
346 );
347 $use_custom_session->setChecked($this->settings->isCustomSession());
348 $form->addItem($use_custom_session);
349
350 // session duration
352 $this->lng->txt('auth_oidc_settings_session_duration'),
353 'session_duration'
354 );
355 $session->setValue($this->settings->getSessionDuration());
356 $session->setSuffix($this->lng->txt('minutes'));
357 $session->setMinValue(5);
358 $session->setMaxValue(1440);
359 $session->setRequired(true);
360 $use_custom_session->addSubItem($session);
361
362 if ($this->checkAccessBool('write')) {
363 // save button
364 $form->addCommandButton('saveSettings', $this->lng->txt('save'));
365 }
366
367
368 // User sync settings --------------------------------------------------------------
369 $user_sync = new ilFormSectionHeaderGUI();
370 $user_sync->setTitle($this->lng->txt('auth_oidc_settings_section_user_sync'));
371 $form->addItem($user_sync);
372
373 $sync = new ilCheckboxInputGUI(
374 $this->lng->txt('auth_oidc_settings_user_sync'),
375 'sync'
376 );
377 $sync->setChecked($this->settings->isSyncAllowed());
378 $sync->setInfo($this->lng->txt('auth_oidc_settings_user_sync_info'));
379 $sync->setValue(1);
380 $form->addItem($sync);
381
382 $roles = new ilSelectInputGUI(
383 $this->lng->txt('auth_oidc_settings_default_role'),
384 'role'
385 );
386 $roles->setValue($this->settings->getRole());
387 $roles->setInfo($this->lng->txt('auth_oidc_settings_default_role_info'));
388 $roles->setOptions($this->prepareRoleSelection());
389 $roles->setRequired(true);
390 $sync->addSubItem($roles);
391
392 $user_attr = new ilTextInputGUI(
393 $this->lng->txt('auth_oidc_settings_user_attr'),
394 'username'
395 );
396 $user_attr->setValue($this->settings->getUidField());
397 $user_attr->setRequired(true);
398 $form->addItem($user_attr);
399
400 return $form;
401 }
402
406 protected function saveSettings()
407 {
408 $this->checkAccess('write');
409
410 $form = $this->initSettingsForm();
411 if (!$form->checkInput()) {
413 $this->lng->txt('err_check_input')
414 );
415 $form->setValuesByPost();
416 $this->settings($form);
417 return;
418 }
419
420 if (!empty($form->getInput('scopes'))) {
421 $scopes = $form->getInput('scopes');
422 foreach ($scopes as $key => $value) {
423 if (empty($value)) {
424 array_splice($scopes, $key, 1);
425 }
426 }
427 }
428
429 switch ((int) $form->getInput('validate_scopes')) {
431 $discoveryURL = $form->getInput('provider') . '/.well-known/openid-configuration';
432 break;
434 $discoveryURL = $form->getInput('custom_discovery_url');
435 break;
436 default:
437 $discoveryURL = null;
438 break;
439 }
440 $validation_result = !is_null($discoveryURL) ? $this->settings->validateScopes($discoveryURL, (array) $scopes) : [];
441 if (!empty($validation_result)) {
442 if (ilOpenIdConnectSettings::VALIDATION_ISSUE_INVALID_SCOPE === $validation_result[0]) {
443 $this->mainTemplate->setOnScreenMessage(
444 'failure',
445 sprintf($this->lng->txt('auth_oidc_settings_invalid_scopes'), implode(",", $validation_result[1]))
446 );
447 } else {
448 $this->mainTemplate->setOnScreenMessage(
449 'failure',
450 sprintf($this->lng->txt('auth_oidc_settings_discovery_error'), $validation_result[1])
451 );
452 }
453 $form->setValuesByPost();
454 $this->settings($form);
455 return;
456 }
457
458 $this->settings->setActive((bool) $form->getInput('activation'));
459 $this->settings->setProvider((string) $form->getInput('provider'));
460 $this->settings->setClientId((string) $form->getInput('client_id'));
461 if (strlen($form->getInput('secret')) && strcmp($form->getInput('secret'), '******') !== 0) {
462 $this->settings->setSecret((string) $form->getInput('secret'));
463 }
464 $this->settings->setAdditionalScopes((array) $scopes);
465 $this->settings->setLoginElementType((int) $form->getInput('le'));
466 $this->settings->setLoginElementText((string) $form->getInput('le_text'));
467 $this->settings->setLoginPromptType((int) $form->getInput('login_prompt'));
468 $this->settings->setLogoutScope((int) $form->getInput('logout_scope'));
469 $this->settings->useCustomSession((bool) $form->getInput('custom_session'));
470 $this->settings->setSessionDuration((int) $form->getInput('session_duration'));
471 $this->settings->allowSync((bool) $form->getInput('sync'));
472 $this->settings->setRole((int) $form->getInput('role'));
473 $this->settings->setUidField((string) $form->getInput('username'));
474
475 $fileData = (array) $form->getInput('le_img');
476
477 if (strlen($fileData['tmp_name'])) {
479 }
480 $this->settings->setValidateScopes((int) $form->getInput('validate_scopes'));
481 if (ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM === $this->settings->getValidateScopes()) {
482 $this->settings->setCustomDiscoveryUrl($form->getInput('custom_discovery_url'));
483 }
484
485 $this->settings->save();
486
487 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
488 $this->ctrl->redirect($this, 'settings');
489 }
490
494 protected function saveImageFromHttpRequest()
495 {
496 global $DIC;
497
498 try {
499 $upload = $DIC->upload();
500 if (!$upload->hasBeenProcessed()) {
501 $upload->process();
502 }
503 foreach ($upload->getResults() as $single_file_upload) {
504 if ($single_file_upload->getStatus() == \ILIAS\FileUpload\DTO\ProcessingStatus::OK) {
505 $this->settings->deleteImageFile();
506 $upload->moveFilesTo(
508 \ILIAS\FileUpload\Location::WEB
509 );
510 $this->settings->setLoginElementImage($single_file_upload->getName());
511 }
512 }
513 } catch (\ILIAS\Filesystem\Exception\IllegalStateException $e) {
514 $this->logger->warning('Upload failed with message: ' . $e->getMessage());
515 }
516 }
517
522 protected function prepareRoleSelection($a_with_select_option = true) : array
523 {
524 $global_roles = ilUtil::_sortIds(
525 $this->review->getGlobalRoles(),
526 'object_data',
527 'title',
528 'obj_id'
529 );
530
531 $select = [];
532 if ($a_with_select_option) {
533 $select[0] = $this->lng->txt('links_select_one');
534 }
535 foreach ($global_roles as $role_id) {
536 if ($role_id == ANONYMOUS_ROLE_ID) {
537 continue;
538 }
539 $select[$role_id] = ilObject::_lookupTitle($role_id);
540 }
541 return $select;
542 }
543
544
548 protected function profile(ilPropertyFormGUI $form = null)
549 {
550 $this->checkAccess('read');
551 $this->setSubTabs(self::STAB_PROFILE);
552
553 if (!$form instanceof ilPropertyFormGUI) {
554 $form = $this->initProfileForm();
555 }
556 $this->mainTemplate->setContent($form->getHTML());
557 }
558
562 protected function initProfileForm() : \ilPropertyFormGUI
563 {
564 $form = new ilPropertyFormGUI();
565 $form->setTitle($this->lng->txt('auth_oidc_mapping_table'));
566 $form->setFormAction($this->ctrl->getFormAction($this, 'saveProfile'));
567
568 foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
569 $text_form = new ilTextInputGUI($this->lng->txt($lng_key));
570 $text_form->setPostVar($field . "_value");
571 $text_form->setValue($this->settings->getProfileMappingFieldValue($field));
572 $form->addItem($text_form);
573
574 $checkbox_form = new ilCheckboxInputGUI('');
575 $checkbox_form->setValue(1);
576 $checkbox_form->setPostVar($field . "_update");
577 $checkbox_form->setChecked($this->settings->getProfileMappingFieldUpdate($field));
578 $checkbox_form->setOptionTitle($this->lng->txt('auth_oidc_update_field_info'));
579 $form->addItem($checkbox_form);
580 }
581
582 if ($this->checkAccessBool('write')) {
583 $form->addCommandButton('saveProfile', $this->lng->txt('save'));
584 }
585 return $form;
586 }
587
591 protected function saveProfile()
592 {
593 $this->checkAccessBool('write');
594
595 $form = $this->initProfileForm();
596 if (!$form->checkInput()) {
597 ilUtil::sendFailure($this->lng->txt('err_check_input'));
598 $form->setValuesByPost();
599 $this->profile($form);
600 return false;
601 }
602
603 foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
604 $this->settings->setProfileMappingFieldValue(
605 $field,
606 $form->getInput($field . '_value')
607 );
608 $this->settings->setProfileMappingFieldUpdate(
609 $field,
610 $form->getInput($field . '_update')
611 );
612 }
613 $this->settings->save();
614 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
615 $this->ctrl->redirect($this, self::STAB_PROFILE);
616 }
617
621 protected function roles(\ilPropertyFormGUI $form = null)
622 {
623 $this->checkAccess('read');
624 $this->setSubTabs(self::STAB_ROLES);
625
626 if (!$form instanceof ilPropertyFormGUI) {
627 $form = $this->initRolesForm();
628 }
629 $this->mainTemplate->setContent($form->getHTML());
630 }
631
635 protected function initRolesForm()
636 {
637 $form = new ilPropertyFormGUI();
638 $form->setTitle($this->lng->txt('auth_oidc_role_mapping_table'));
639 $form->setFormAction($this->ctrl->getFormAction($this, self::STAB_ROLES));
640
641 foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
642 $role_map = new ilTextInputGUI(
643 $role_title,
644 'role_map_' . $role_id
645 );
646 $role_map->setInfo($this->lng->txt('auth_oidc_role_info'));
647 $role_map->setValue($this->settings->getRoleMappingValueForId($role_id));
648 $form->addItem($role_map);
649
650 $update = new ilCheckboxInputGUI(
651 '',
652 'role_map_update_' . $role_id
653 );
654 $update->setOptionTitle($this->lng->txt('auth_oidc_update_role_info'));
655 $update->setValue(1);
656 $update->setChecked(!$this->settings->getRoleMappingUpdateForId($role_id));
657 $form->addItem($update);
658 }
659
660 if ($this->checkAccessBool('write')) {
661 $form->addCommandButton('saveRoles', $this->lng->txt('save'));
662 }
663 return $form;
664 }
665
669 protected function saveRoles()
670 {
671 $this->checkAccess('write');
672 $form = $this->initRolesForm();
673 if ($form->checkInput()) {
674 $this->logger->dump($_POST, \ilLogLevel::DEBUG);
675
676
677 $role_settings = [];
678 $role_valid = true;
679 foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
680 if (!strlen(trim($form->getInput('role_map_' . $role_id)))) {
681 continue;
682 }
683
684 $role_params = explode('::', $form->getInput('role_map_' . $role_id));
685 $this->logger->dump($role_params, \ilLogLevel::DEBUG);
686
687 if (count($role_params) !== 2) {
688 $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
689 $role_valid = false;
690 continue;
691 }
692 $role_settings[$role_id]['update'] = (bool) !$form->getInput('role_map_update_' . $role_id);
693 $role_settings[$role_id]['value'] = (string) $form->getInput('role_map_' . $role_id);
694 }
695
696 if (!$role_valid) {
697 $form->setValuesByPost();
698 \ilUtil::sendFailure($this->lng->txt('err_check_input'));
699 $this->roles($form);
700 return;
701 }
702
703 $this->settings->setRoleMappings($role_settings);
704 $this->settings->save();
705 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
706 $this->ctrl->redirect($this, 'roles');
707 }
708
709 $form->setValuesByPost();
710 \ilUtil::sendFailure($this->lng->txt('err_check_input'));
711 $this->roles($form);
712 }
713
717 protected function setSubTabs(string $active_tab)
718 {
719 $this->tabs->addSubTab(
720 self::STAB_SETTINGS,
721 $this->lng->txt('auth_oidc_' . self::STAB_SETTINGS),
722 $this->ctrl->getLinkTarget($this, self::STAB_SETTINGS)
723 );
724 $this->tabs->addSubTab(
725 self::STAB_PROFILE,
726 $this->lng->txt('auth_oidc_' . self::STAB_PROFILE),
727 $this->ctrl->getLinkTarget($this, self::STAB_PROFILE)
728 );
729 $this->tabs->addSubTab(
730 self::STAB_ROLES,
731 $this->lng->txt('auth_oidc_' . self::STAB_ROLES),
732 $this->ctrl->getLinkTarget($this, self::STAB_ROLES)
733 );
734
735 $this->tabs->activateSubTab($active_tab);
736 }
737}
$_POST["username"]
An exception for terminatinating execution or to throw for unit testing.
error($a_errmsg)
set error message @access public
This class represents a checkbox property in a property form.
This class represents a section header in a property form.
This class represents an image file property in a property form.
This class represents a number property in a property form.
static _lookupTitle($a_id)
lookup object title
Class ilOpenIdConnectSettingsGUI.
prepareRoleSelection($a_with_select_option=true)
initSettingsForm()
Init general settings form.
settings(ilPropertyFormGUI $form=null)
setSubTabs(string $active_tab)
Set sub tabs.
saveImageFromHttpRequest()
Save image from http request.
roles(\ilPropertyFormGUI $form=null)
__construct($a_ref_id)
ilOpenIdConnectSettingsGUI constructor.
static getInstance()
Get singleton instance.
This class represents a password property in a property form.
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
This class represents a selection list property in a property form.
This class represents a text property in a property form.
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
const ANONYMOUS_ROLE_ID
Definition: constants.php:26
global $DIC
Definition: goto.php:24
Class FlySystemFileAccessTest \Provider\FlySystem @runTestsInSeparateProcesses @preserveGlobalState d...
Class ChatMainBarProvider \MainMenu\Provider.
$session
$client_id
Definition: webdav.php:17