ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilWebAccessChecker Class Reference

Class ilWebAccessChecker. More...

+ Collaboration diagram for ilWebAccessChecker:

Public Member Functions

 __construct (GlobalHttpState $httpState, CookieFactory $cookieFactory)
 ilWebAccessChecker constructor. More...
 
 check ()
 
 initILIAS ()
 
 isChecked ()
 
 setChecked ($checked)
 
 getPathObject ()
 
 setPathObject (ilWACPath $path_object)
 
 getDisposition ()
 
 setDisposition ($disposition)
 
 getOverrideMimetype ()
 
 setOverrideMimetype ($override_mimetype)
 
 isInitialized ()
 
 setInitialized ($initialized)
 
 isSendStatusCode ()
 
 setSendStatusCode ($send_status_code)
 
 isRevalidateFolderTokens ()
 
 setRevalidateFolderTokens ($revalidate_folder_tokens)
 
 getAppliedCheckingMethods ()
 
 setAppliedCheckingMethods (array $applied_checking_methods)
 

Static Public Member Functions

static isUseSeperateLogfile ()
 
static setUseSeperateLogfile ($use_seperate_logfile)
 

Data Fields

const DISPOSITION = 'disposition'
 
const STATUS_CODE = 'status_code'
 
const REVALIDATE = 'revalidate'
 
const CM_FILE_TOKEN = 1
 
const CM_FOLDER_TOKEN = 2
 
const CM_CHECKINGINSTANCE = 3
 
const CM_SECFOLDER = 4
 

Protected Member Functions

 sendHeader ($message)
 
 checkPublicSection ()
 
 checkUser ()
 
 addAppliedCheckingMethod ($method)
 

Protected Attributes

 $applied_checking_methods = []
 

Private Attributes

 $http
 
 $cookieFactory
 
 $ressource_not_found
 

Detailed Description

Class ilWebAccessChecker.

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch
Version
1.0.0

Definition at line 36 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct ( GlobalHttpState  $httpState,
CookieFactory  $cookieFactory 
)

ilWebAccessChecker constructor.

Parameters
GlobalHttpState$httpState
CookieFactory$cookieFactory

Definition at line 68 of file class.ilWebAccessChecker.php.

References $cookieFactory, Vendor\Package\$e, ILIAS\FileDelivery\http(), ilWACException\NOT_FOUND, ILIAS\HTTP\GlobalHttpState\request(), and setPathObject().

69  {
70  try {
71  $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
72  } catch (ilWACException $e) {
73  if ($e->getCode() !== ilWACException::NOT_FOUND) {
74  throw $e;
75  }
76  $this->ressource_not_found = $e;
77  }
78 
79  $this->http = $httpState;
80  $this->cookieFactory = $cookieFactory;
81  }
ilWebAccessChecker\setPathObject
setPathObject(ilWACPath $path_object)
Definition: class.ilWebAccessChecker.php:313
ILIAS\HTTP\GlobalHttpState\request
request()
Returns the current psr-7 server request.
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:26
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
+ Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod (   $method)
protected
Parameters
int$method
Returns
void

Definition at line 468 of file class.ilWebAccessChecker.php.

References $DIC, ANONYMOUS_USER_ID, ilContext\CONTEXT_WAC, ilContext\init(), and ilInitialisation\reinitILIAS().

Referenced by check().

469  {
470  assert(is_int($method));
471  $this->applied_checking_methods[] = $method;
472  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )
Returns
bool
Exceptions
ilWACException

Definition at line 88 of file class.ilWebAccessChecker.php.

References addAppliedCheckingMethod(), CLIENT_WEB_DIR, ilWACException\CODE_NO_PATH, getPathObject(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), isRevalidateFolderTokens(), ilWACException\NOT_FOUND, sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest(), ilWACCheckingInstanceTest\testBasic(), and ilWACCheckingInstanceTest\testNonCheckingInstanceNoSec().

89  {
90  if ($this->getPathObject() === null) {
91  if ($this->ressource_not_found !== null) {
92  throw new ilWACException(ilWACException::NOT_FOUND, '', $this->ressource_not_found);
93  }
94 
95  throw new ilWACException(ilWACException::CODE_NO_PATH);
96  }
97 
98  // Check if Path has been signed with a token
99  $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
100  if ($ilWACSignedPath->isSignedPath()) {
101  $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
102  if ($ilWACSignedPath->isSignedPathValid()) {
103  $this->setChecked(true);
104  $this->sendHeader('checked using token');
105 
106  return true;
107  }
108  }
109 
110  // Check if the whole secured folder has been signed
111  if ($ilWACSignedPath->isFolderSigned()) {
112  $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
113  if ($ilWACSignedPath->isFolderTokenValid()) {
114  if ($this->isRevalidateFolderTokens()) {
115  $ilWACSignedPath->revalidatingFolderToken();
116  }
117  $this->setChecked(true);
118  $this->sendHeader('checked using secure folder');
119 
120  return true;
121  }
122  }
123 
124  // Fallback, have to initiate ILIAS
125  $this->initILIAS();
126 
127  // Check if Path is within accepted paths
128  if ($this->getPathObject()->getModuleType() !== 'rs') {
129  $clean_path = $this->getPathObject()->getCleanURLdecodedPath();
130  $path = realpath($clean_path);
131  $data_dir = realpath(CLIENT_WEB_DIR);
132  if (strpos($path, (string) $data_dir) !== 0) {
133  return false;
134  }
135  if (dirname($path) === $data_dir && is_file($path)) {
136  return false;
137  }
138  }
139 
140  if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
141  // Maybe the path has been registered, lets check
142  $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
143  $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
144  $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
145  if ($canBeDelivered) {
146  $this->sendHeader('checked using fallback');
147  if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
148  $ilWACSignedPath->revalidatingFolderToken();
149  }
150 
151  $this->setChecked(true);
152 
153  return true;
154  } else {
155  $this->setChecked(true);
156 
157  return false;
158  }
159  }
160 
161  // none of the checking mechanisms could have been applied. no access
162  $this->setChecked(true);
163  if ($this->getPathObject()->isInSecFolder()) {
164  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
165 
166  return false;
167  } else {
168  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
169 
170  return true;
171  }
172  }
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:37
CLIENT_WEB_DIR
const CLIENT_WEB_DIR
Definition: constants.php:45
ilWACSecurePath\hasCheckingInstanceRegistered
static hasCheckingInstanceRegistered(ilWACPath $ilWACPath)
Searches a checking instance for the given wac path.
Definition: class.ilWACSecurePath.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )
protected
Returns
void
Exceptions
ilWACException

Definition at line 242 of file class.ilWebAccessChecker.php.

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, and ANONYMOUS_USER_ID.

Referenced by initILIAS().

243  {
244  global $DIC;
245  $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
246  $is_null_user = ($DIC->user()->getId() === 0);
247  $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
248  $isset = isset($DIC['ilSetting']);
249  $instanceof = $DIC['ilSetting'] instanceof ilSetting;
250 
251  if (!$isset || !$instanceof) {
252  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
253  }
254 
255  if ($pub_section_activated && ($is_null_user || $is_anonymous)) {
256  // Request is initiated from an enabled public area
257  return;
258  }
259 
260  if ($is_anonymous || $is_null_user) {
261  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
262  }
263  }
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:25
$DIC
global $DIC
Definition: goto.php:24
+ Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )
protected

Definition at line 266 of file class.ilWebAccessChecker.php.

References $DIC, and ilWACException\ACCESS_DENIED_NO_LOGIN.

Referenced by initILIAS().

267  {
268  global $DIC;
269 
270  $is_user = $DIC->user() instanceof ilObjUser;
271  $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
272  if (!$is_user || $user_id_is_zero) {
273  throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
274  }
275  }
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
$DIC
global $DIC
Definition: goto.php:24
+ Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )
Returns
int[]

Definition at line 446 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

447  {
448  return (array) $this->applied_checking_methods;
449  }

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )
Returns
string

Definition at line 322 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

323  {
324  return (string) $this->disposition;
325  }
+ Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )
Returns
string

Definition at line 343 of file class.ilWebAccessChecker.php.

344  {
345  return (string) $this->override_mimetype;
346  }

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )
Returns
ilWACPath

Definition at line 302 of file class.ilWebAccessChecker.php.

Referenced by check(), ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\handleAccessErrors(), and initILIAS().

303  {
304  return $this->path_object;
305  }
+ Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )
Returns
void

Definition at line 190 of file class.ilWebAccessChecker.php.

References $DIC, Vendor\Package\$e, $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, ANONYMOUS_USER_ID, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

191  {
192  global $DIC;
193 
194  if ($this->isInitialized()) {
195  return;
196  }
197 
198  $GLOBALS['COOKIE_PATH'] = '/';
199 
200  $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
201  ->withPath('/')
202  ->withExpires(0);
203 
204  $response = $this->http->cookieJar()
205  ->with($cookie)
206  ->renderIntoResponseHeader($this->http->response());
207 
208  $this->http->saveResponse($response);
209 
210  ilContext::init(ilContext::CONTEXT_WAC);
211  try {
212  ilInitialisation::initILIAS();
213  $this->checkUser();
214  $this->checkPublicSection();
215  } catch (Exception $e) {
216  if ($e instanceof ilWACException
217  && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
218  throw $e;
219  }
220  if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
221  || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
222  $this->initAnonymousSession();
223  $this->checkUser();
224  $this->checkPublicSection();
225  }
226  }
227  $this->setInitialized(true);
228 
229  // This workaround is needed because these issues:
230  // https://mantis.ilias.de/view.php?id=32284 and
231  // https://mantis.ilias.de/view.php?id=32063
232  if ($DIC->user()->getId() === 0) {
233  $DIC->user()->setId(ANONYMOUS_USER_ID);
234  }
235  }
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:32
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:25
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1158
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:45
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )
Returns
bool

Definition at line 281 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

282  {
283  return (bool) $this->checked;
284  }
+ Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )
Returns
bool

Definition at line 364 of file class.ilWebAccessChecker.php.

Referenced by initILIAS().

365  {
366  return (bool) $this->initialized;
367  }
+ Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )
Returns
bool

Definition at line 404 of file class.ilWebAccessChecker.php.

Referenced by check().

405  {
406  return (bool) $this->revalidate_folder_tokens;
407  }
+ Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )
Returns
bool

Definition at line 383 of file class.ilWebAccessChecker.php.

384  {
385  return (bool) $this->send_status_code;
386  }

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )
static
Returns
bool

Definition at line 425 of file class.ilWebAccessChecker.php.

426  {
427  return (bool) self::$use_seperate_logfile;
428  }

◆ sendHeader()

ilWebAccessChecker::sendHeader (   $message)
protected
Parameters
string$message
Returns
void

Definition at line 180 of file class.ilWebAccessChecker.php.

References $message, $response, and ILIAS\FileDelivery\http().

Referenced by check().

181  {
182  $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
183  $this->http->saveResponse($response);
184  }
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36
$message
$message
Definition: xapiexit.php:14
$response
$response
Definition: proxy_ylocal.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array  $applied_checking_methods)
Parameters
int[]$applied_checking_methods
Returns
void

Definition at line 457 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

458  {
459  $this->applied_checking_methods = $applied_checking_methods;
460  }

◆ setChecked()

ilWebAccessChecker::setChecked (   $checked)
Parameters
boolean$checked
Returns
void

Definition at line 292 of file class.ilWebAccessChecker.php.

Referenced by check().

293  {
294  assert(is_bool($checked));
295  $this->checked = $checked;
296  }
+ Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition (   $disposition)
Parameters
string$disposition
Returns
void

Definition at line 333 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

334  {
335  assert(is_string($disposition));
336  $this->disposition = $disposition;
337  }
+ Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized (   $initialized)
Parameters
bool$initialized

Definition at line 373 of file class.ilWebAccessChecker.php.

Referenced by initILIAS().

374  {
375  assert(is_bool($initialized));
376  $this->initialized = $initialized;
377  }
+ Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype (   $override_mimetype)
Parameters
string$override_mimetype
Returns
void

Definition at line 354 of file class.ilWebAccessChecker.php.

355  {
356  assert(is_string($override_mimetype));
357  $this->override_mimetype = $override_mimetype;
358  }

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath  $path_object)
Parameters
ilWACPath$path_object
Returns
void

Definition at line 313 of file class.ilWebAccessChecker.php.

Referenced by __construct().

314  {
315  $this->path_object = $path_object;
316  }
+ Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens (   $revalidate_folder_tokens)
Parameters
bool$revalidate_folder_tokens
Returns
void

Definition at line 415 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

416  {
417  assert(is_bool($revalidate_folder_tokens));
418  $this->revalidate_folder_tokens = $revalidate_folder_tokens;
419  }
+ Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode (   $send_status_code)
Parameters
bool$send_status_code
Returns
void

Definition at line 394 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

395  {
396  assert(is_bool($send_status_code));
397  $this->send_status_code = $send_status_code;
398  }
+ Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile (   $use_seperate_logfile)
static
Parameters
bool$use_seperate_logfile
Returns
void

Definition at line 436 of file class.ilWebAccessChecker.php.

437  {
438  assert(is_bool($use_seperate_logfile));
439  self::$use_seperate_logfile = $use_seperate_logfile;
440  }

Field Documentation

◆ $applied_checking_methods

ilWebAccessChecker::$applied_checking_methods = []
protected

Definition at line 48 of file class.ilWebAccessChecker.php.

Referenced by getAppliedCheckingMethods(), and setAppliedCheckingMethods().

◆ $cookieFactory

ilWebAccessChecker::$cookieFactory
private

Definition at line 56 of file class.ilWebAccessChecker.php.

Referenced by __construct().

◆ $http

ilWebAccessChecker::$http
private

Definition at line 52 of file class.ilWebAccessChecker.php.

◆ $ressource_not_found

ilWebAccessChecker::$ressource_not_found
private

Definition at line 60 of file class.ilWebAccessChecker.php.

◆ CM_CHECKINGINSTANCE

const ilWebAccessChecker::CM_CHECKINGINSTANCE = 3

Definition at line 43 of file class.ilWebAccessChecker.php.

◆ CM_FILE_TOKEN

const ilWebAccessChecker::CM_FILE_TOKEN = 1

Definition at line 41 of file class.ilWebAccessChecker.php.

◆ CM_FOLDER_TOKEN

const ilWebAccessChecker::CM_FOLDER_TOKEN = 2

Definition at line 42 of file class.ilWebAccessChecker.php.

◆ CM_SECFOLDER

const ilWebAccessChecker::CM_SECFOLDER = 4

Definition at line 44 of file class.ilWebAccessChecker.php.

◆ DISPOSITION

const ilWebAccessChecker::DISPOSITION = 'disposition'

Definition at line 38 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ REVALIDATE

const ilWebAccessChecker::REVALIDATE = 'revalidate'

Definition at line 40 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ STATUS_CODE

const ilWebAccessChecker::STATUS_CODE = 'status_code'

Definition at line 39 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

The documentation for this class was generated from the following file: