ILIAS  release_7 Revision v7.30-3-g800a261c036
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilWebAccessChecker Class Reference

Class ilWebAccessChecker. More...

+ Collaboration diagram for ilWebAccessChecker:

Public Member Functions

 __construct (GlobalHttpState $httpState, CookieFactory $cookieFactory)
 ilWebAccessChecker constructor. More...
 
 check ()
 
 initILIAS ()
 
 isChecked ()
 
 setChecked ($checked)
 
 getPathObject ()
 
 setPathObject (ilWACPath $path_object)
 
 getDisposition ()
 
 setDisposition ($disposition)
 
 getOverrideMimetype ()
 
 setOverrideMimetype ($override_mimetype)
 
 isInitialized ()
 
 setInitialized ($initialized)
 
 isSendStatusCode ()
 
 setSendStatusCode ($send_status_code)
 
 isRevalidateFolderTokens ()
 
 setRevalidateFolderTokens ($revalidate_folder_tokens)
 
 getAppliedCheckingMethods ()
 
 setAppliedCheckingMethods (array $applied_checking_methods)
 

Static Public Member Functions

static isUseSeperateLogfile ()
 
static setUseSeperateLogfile ($use_seperate_logfile)
 

Data Fields

const DISPOSITION = 'disposition'
 
const STATUS_CODE = 'status_code'
 
const REVALIDATE = 'revalidate'
 
const CM_FILE_TOKEN = 1
 
const CM_FOLDER_TOKEN = 2
 
const CM_CHECKINGINSTANCE = 3
 
const CM_SECFOLDER = 4
 

Protected Member Functions

 sendHeader ($message)
 
 checkPublicSection ()
 
 checkUser ()
 
 addAppliedCheckingMethod ($method)
 

Protected Attributes

 $applied_checking_methods = []
 

Private Attributes

 $http
 
 $cookieFactory
 
 $ressource_not_found
 

Detailed Description

Class ilWebAccessChecker.

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch
Version
1.0.0

Definition at line 36 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct ( GlobalHttpState  $httpState,
CookieFactory  $cookieFactory 
)

ilWebAccessChecker constructor.

Parameters
GlobalHttpState$httpState
CookieFactory$cookieFactory

Definition at line 68 of file class.ilWebAccessChecker.php.

69 {
70 try {
71 $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
72 } catch (ilWACException $e) {
73 if ($e->getCode() !== ilWACException::NOT_FOUND) {
74 throw $e;
75 }
76 $this->ressource_not_found = $e;
77 }
78
79 $this->http = $httpState;
80 $this->cookieFactory = $cookieFactory;
81 }
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:27
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:27
ilWebAccessChecker\setPathObject
setPathObject(ilWACPath $path_object)
Definition: class.ilWebAccessChecker.php:313
ILIAS\HTTP\GlobalHttpState\request
request()
Returns the current psr-7 server request.
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:36

References $cookieFactory, Vendor\Package\$e, ILIAS\FileDelivery\http(), ilWACException\NOT_FOUND, ILIAS\HTTP\GlobalHttpState\request(), and setPathObject().

+ Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod (   $method)
protected
Parameters
int$method
Returns
void

Definition at line 468 of file class.ilWebAccessChecker.php.

469 {
470 assert(is_int($method));
471 $this->applied_checking_methods[] = $method;
472 }

Referenced by check().

+ Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )
Returns
bool
Exceptions
ilWACException

Definition at line 88 of file class.ilWebAccessChecker.php.

89 {
90 if ($this->getPathObject() === null) {
91 if ($this->ressource_not_found !== null) {
92 throw new ilWACException(ilWACException::NOT_FOUND, '', $this->ressource_not_found);
93 }
94
95 throw new ilWACException(ilWACException::CODE_NO_PATH);
96 }
97
98 // Check if Path has been signed with a token
99 $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
100 if ($ilWACSignedPath->isSignedPath()) {
101 $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
102 if ($ilWACSignedPath->isSignedPathValid()) {
103 $this->setChecked(true);
104 $this->sendHeader('checked using token');
105
106 return true;
107 }
108 }
109
110 // Check if the whole secured folder has been signed
111 if ($ilWACSignedPath->isFolderSigned()) {
112 $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
113 if ($ilWACSignedPath->isFolderTokenValid()) {
114 if ($this->isRevalidateFolderTokens()) {
115 $ilWACSignedPath->revalidatingFolderToken();
116 }
117 $this->setChecked(true);
118 $this->sendHeader('checked using secure folder');
119
120 return true;
121 }
122 }
123
124 // Fallback, have to initiate ILIAS
125 $this->initILIAS();
126
127 // Check if Path is within accepted paths
128 if ($this->getPathObject()->getModuleType() !== 'rs') {
129 $clean_path = $this->getPathObject()->getCleanURLdecodedPath();
130 $path = realpath($clean_path);
131 $data_dir = realpath(CLIENT_WEB_DIR);
132 if (strpos($path, (string) $data_dir) !== 0) {
133 return false;
134 }
135 if (dirname($path) === $data_dir && is_file($path)) {
136 return false;
137 }
138 }
139
140 if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
141 // Maybe the path has been registered, lets check
142 $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
143 $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
144 $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
145 if ($canBeDelivered) {
146 $this->sendHeader('checked using fallback');
147 if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
148 $ilWACSignedPath->revalidatingFolderToken();
149 }
150
151 $this->setChecked(true);
152
153 return true;
154 } else {
155 $this->setChecked(true);
156
157 return false;
158 }
159 }
160
161 // none of the checking mechanisms could have been applied. no access
162 $this->setChecked(true);
163 if ($this->getPathObject()->isInSecFolder()) {
164 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
165
166 return false;
167 } else {
168 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
169
170 return true;
171 }
172 }
ilWACSecurePath\hasCheckingInstanceRegistered
static hasCheckingInstanceRegistered(ilWACPath $ilWACPath)
Searches a checking instance for the given wac path.
Definition: class.ilWACSecurePath.php:67
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:38
CLIENT_WEB_DIR
const CLIENT_WEB_DIR
Definition: constants.php:45

References addAppliedCheckingMethod(), CLIENT_WEB_DIR, ilWACException\CODE_NO_PATH, getPathObject(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), isRevalidateFolderTokens(), ilWACException\NOT_FOUND, sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )
protected
Returns
void
Exceptions
ilWACException

Definition at line 242 of file class.ilWebAccessChecker.php.

243 {
244 global $DIC;
245 $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
246 $is_null_user = ($DIC->user()->getId() === 0);
247 $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
248 $isset = isset($DIC['ilSetting']);
249 $instanceof = $DIC['ilSetting'] instanceof ilSetting;
250
251 if (!$isset || !$instanceof) {
252 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
253 }
254
255 if ($pub_section_activated && ($is_null_user || $is_anonymous)) {
256 // Request is initiated from an enabled public area
257 return;
258 }
259
260 if ($is_anonymous || $is_null_user) {
261 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
262 }
263 }
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:25
$DIC
global $DIC
Definition: goto.php:24

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, and ANONYMOUS_USER_ID.

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )
protected

Definition at line 266 of file class.ilWebAccessChecker.php.

267 {
268 global $DIC;
269
270 $is_user = $DIC->user() instanceof ilObjUser;
271 $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
272 if (!$is_user || $user_id_is_zero) {
273 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
274 }
275 }

References $DIC, and ilWACException\ACCESS_DENIED_NO_LOGIN.

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )
Returns
int[]

Definition at line 446 of file class.ilWebAccessChecker.php.

447 {
448 return (array) $this->applied_checking_methods;
449 }

References $applied_checking_methods.

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )
Returns
string

Definition at line 322 of file class.ilWebAccessChecker.php.

323 {
324 return (string) $this->disposition;
325 }

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

+ Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )
Returns
string

Definition at line 343 of file class.ilWebAccessChecker.php.

344 {
345 return (string) $this->override_mimetype;
346 }

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )
Returns
ilWACPath

Definition at line 302 of file class.ilWebAccessChecker.php.

303 {
304 return $this->path_object;
305 }

Referenced by check(), ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\handleAccessErrors(), and initILIAS().

+ Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )
Returns
void

Definition at line 190 of file class.ilWebAccessChecker.php.

191 {
192 global $DIC;
193
194 if ($this->isInitialized()) {
195 return;
196 }
197
198 $GLOBALS['COOKIE_PATH'] = '/';
199
200 $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
201 ->withPath('/')
202 ->withExpires(0);
203
204 $response = $this->http->cookieJar()
205 ->with($cookie)
206 ->renderIntoResponseHeader($this->http->response());
207
208 $this->http->saveResponse($response);
209
210 ilContext::init(ilContext::CONTEXT_WAC);
211 try {
212 ilInitialisation::initILIAS();
213 $this->checkUser();
214 $this->checkPublicSection();
215 } catch (Exception $e) {
216 if ($e instanceof ilWACException
217 && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
218 throw $e;
219 }
220 if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
221 || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
222 $this->initAnonymousSession();
223 $this->checkUser();
224 $this->checkPublicSection();
225 }
226 }
227 $this->setInitialized(true);
228
229 // This workaround is needed because these issues:
230 // https://mantis.ilias.de/view.php?id=32284 and
231 // https://mantis.ilias.de/view.php?id=32063
232 if ($DIC->user()->getId() === 0) {
233 $DIC->user()->setId(ANONYMOUS_USER_ID);
234 }
235 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:45
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:32
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1158
$response
$response
Definition: proxy_ylocal.php:39

References $DIC, Vendor\Package\$e, $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, ANONYMOUS_USER_ID, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )
Returns
bool

Definition at line 281 of file class.ilWebAccessChecker.php.

282 {
283 return (bool) $this->checked;
284 }

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

+ Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )
Returns
bool

Definition at line 364 of file class.ilWebAccessChecker.php.

365 {
366 return (bool) $this->initialized;
367 }

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )
Returns
bool

Definition at line 404 of file class.ilWebAccessChecker.php.

405 {
406 return (bool) $this->revalidate_folder_tokens;
407 }

Referenced by check().

+ Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )
Returns
bool

Definition at line 383 of file class.ilWebAccessChecker.php.

384 {
385 return (bool) $this->send_status_code;
386 }

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )
static
Returns
bool

Definition at line 425 of file class.ilWebAccessChecker.php.

426 {
427 return (bool) self::$use_seperate_logfile;
428 }

◆ sendHeader()

ilWebAccessChecker::sendHeader (   $message)
protected
Parameters
string$message
Returns
void

Definition at line 180 of file class.ilWebAccessChecker.php.

181 {
182 $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
183 $this->http->saveResponse($response);
184 }
$message
$message
Definition: xapiexit.php:14

References $message, $response, and ILIAS\FileDelivery\http().

Referenced by check().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array  $applied_checking_methods)
Parameters
int[]$applied_checking_methods
Returns
void

Definition at line 457 of file class.ilWebAccessChecker.php.

458 {
459 $this->applied_checking_methods = $applied_checking_methods;
460 }

References $applied_checking_methods.

◆ setChecked()

ilWebAccessChecker::setChecked (   $checked)
Parameters
boolean$checked
Returns
void

Definition at line 292 of file class.ilWebAccessChecker.php.

293 {
294 assert(is_bool($checked));
295 $this->checked = $checked;
296 }

Referenced by check().

+ Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition (   $disposition)
Parameters
string$disposition
Returns
void

Definition at line 333 of file class.ilWebAccessChecker.php.

334 {
335 assert(is_string($disposition));
336 $this->disposition = $disposition;
337 }

Referenced by ilWebAccessCheckerDelivery\handleRequest().

+ Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized (   $initialized)
Parameters
bool$initialized

Definition at line 373 of file class.ilWebAccessChecker.php.

374 {
375 assert(is_bool($initialized));
376 $this->initialized = $initialized;
377 }

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype (   $override_mimetype)
Parameters
string$override_mimetype
Returns
void

Definition at line 354 of file class.ilWebAccessChecker.php.

355 {
356 assert(is_string($override_mimetype));
357 $this->override_mimetype = $override_mimetype;
358 }

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath  $path_object)
Parameters
ilWACPath$path_object
Returns
void

Definition at line 313 of file class.ilWebAccessChecker.php.

314 {
315 $this->path_object = $path_object;
316 }

Referenced by __construct().

+ Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens (   $revalidate_folder_tokens)
Parameters
bool$revalidate_folder_tokens
Returns
void

Definition at line 415 of file class.ilWebAccessChecker.php.

416 {
417 assert(is_bool($revalidate_folder_tokens));
418 $this->revalidate_folder_tokens = $revalidate_folder_tokens;
419 }

Referenced by ilWebAccessCheckerDelivery\handleRequest().

+ Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode (   $send_status_code)
Parameters
bool$send_status_code
Returns
void

Definition at line 394 of file class.ilWebAccessChecker.php.

395 {
396 assert(is_bool($send_status_code));
397 $this->send_status_code = $send_status_code;
398 }

Referenced by ilWebAccessCheckerDelivery\handleRequest().

+ Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile (   $use_seperate_logfile)
static
Parameters
bool$use_seperate_logfile
Returns
void

Definition at line 436 of file class.ilWebAccessChecker.php.

437 {
438 assert(is_bool($use_seperate_logfile));
439 self::$use_seperate_logfile = $use_seperate_logfile;
440 }

Field Documentation

◆ $applied_checking_methods

ilWebAccessChecker::$applied_checking_methods = []
protected

Definition at line 48 of file class.ilWebAccessChecker.php.

Referenced by getAppliedCheckingMethods(), and setAppliedCheckingMethods().

◆ $cookieFactory

ilWebAccessChecker::$cookieFactory
private

Definition at line 56 of file class.ilWebAccessChecker.php.

Referenced by __construct().

◆ $http

ilWebAccessChecker::$http
private

Definition at line 52 of file class.ilWebAccessChecker.php.

◆ $ressource_not_found

ilWebAccessChecker::$ressource_not_found
private

Definition at line 60 of file class.ilWebAccessChecker.php.

◆ CM_CHECKINGINSTANCE

const ilWebAccessChecker::CM_CHECKINGINSTANCE = 3

Definition at line 43 of file class.ilWebAccessChecker.php.

◆ CM_FILE_TOKEN

const ilWebAccessChecker::CM_FILE_TOKEN = 1

Definition at line 41 of file class.ilWebAccessChecker.php.

◆ CM_FOLDER_TOKEN

const ilWebAccessChecker::CM_FOLDER_TOKEN = 2

Definition at line 42 of file class.ilWebAccessChecker.php.

◆ CM_SECFOLDER

const ilWebAccessChecker::CM_SECFOLDER = 4

Definition at line 44 of file class.ilWebAccessChecker.php.

◆ DISPOSITION

const ilWebAccessChecker::DISPOSITION = 'disposition'

Definition at line 38 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ REVALIDATE

const ilWebAccessChecker::REVALIDATE = 'revalidate'

Definition at line 40 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ STATUS_CODE

const ilWebAccessChecker::STATUS_CODE = 'status_code'

Definition at line 39 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

The documentation for this class was generated from the following file: