ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilAuthProviderECS.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7
15{
16 protected $mid = null;
17 protected $abreviation = null;
18
19 protected $currentServer = null;
20 protected $servers = null;
21
22
28 {
30
31 $this->initECSServices();
32 }
33
41 public function getAbreviation()
42 {
43 return $this->abreviation;
44 }
45
51 public function getMID()
52 {
53 return $this->mid;
54 }
55
56 public function setMID($a_mid)
57 {
58 $this->mid = $a_mid;
59 }
60
65 public function setCurrentServer(ilECSSetting $server = null)
66 {
67 $this->currentServer = $server;
68 }
69
74 public function getCurrentServer()
75 {
77 }
78
83 public function getServerSettings()
84 {
85 return $this->servers;
86 }
87
88
95 {
96 $this->getLogger()->debug('Starting ECS authentication');
97 if (!$this->getServerSettings()->activeServerExists()) {
98 $this->getLogger()->warning('No active ecs server found. Aborting');
99 $this->handleAuthenticationFail($status, 'err_wrong_login');
100 return false;
101 }
102
103 // Iterate through all active ecs instances
104 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
105 foreach ($this->getServerSettings()->getServers() as $server) {
106 $this->setCurrentServer($server);
107 if ($this->validateHash()) {
108 // handle successful authentication
109 $new_usr_id = $this->handleLogin();
110 $this->getLogger()->info('ECS authentication successful.');
112 $status->setAuthenticatedUserId($new_usr_id);
113 return true;
114 }
115 }
116
117 $this->getLogger()->warning('Could not validate ecs hash for any active server.');
118 $this->handleAuthenticationFail($status, 'err_wrong_login');
119 return false;
120 }
121
122
128 public function handleLogin()
129 {
130 include_once('./Services/WebServices/ECS/classes/class.ilECSUser.php');
131
132 $user = new ilECSUser($_GET);
133
134 if (!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId())) {
135 $username = $this->createUser($user);
136 } else {
137 $username = $this->updateUser($user, $usr_id);
138 }
139
140 // set user imported
141 include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
142 $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
143 $import->save();
144
145 // Store remote user data
146 include_once './Services/WebServices/ECS/classes/class.ilECSRemoteUser.php';
147 $remote = new ilECSRemoteUser();
148 $remote->setServerId($this->getCurrentServer()->getServerId());
149 $remote->setMid($this->getMID());
150 $remote->setRemoteUserId($user->getImportId());
151 $remote->setUserId(ilObjUser::_lookupId($username));
152
153 $this->getLogger()->info('Current user is: ' . $username);
154
155 if (!$remote->exists()) {
156 $remote->create();
157 }
158 return ilObjUser::_lookupId($username);
159 }
160
161
170 public function validateHash()
171 {
172 global $DIC;
173
174 $ilLog = $DIC['ilLog'];
175
176 // fetch hash
177 if (isset($_GET['ecs_hash']) and strlen($_GET['ecs_hash'])) {
178 $hash = $_GET['ecs_hash'];
179 }
180 if (isset($_GET['ecs_hash_url'])) {
181 $hashurl = urldecode($_GET['ecs_hash_url']);
182 $hash = basename(parse_url($hashurl, PHP_URL_PATH));
183 //$hash = urldecode($_GET['ecs_hash_url']);
184 }
185
186 $this->getLogger()->info('Using ecs hash: ' . $hash);
187 // Check if hash is valid ...
188 try {
189 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
190 $connector = new ilECSConnector($this->getCurrentServer());
191 $res = $connector->getAuth($hash);
192 $auths = $res->getResult();
193
194 $this->getLogger()->dump($auths, ilLogLevel::DEBUG);
195
196 if ($auths->pid) {
197 try {
198 include_once './Services/WebServices/ECS/classes/class.ilECSCommunityReader.php';
199 $reader = ilECSCommunityReader::getInstanceByServerId($this->getCurrentServer()->getServerId());
200 foreach ($reader->getParticipantsByPid($auths->pid) as $participant) {
201 if ($participant->getOrganisation() instanceof \ilECSOrganisation) {
202 $this->abreviation = $participant->getOrganisation()->getAbbreviation();
203 break;
204 }
205 }
206 if (!$this->abreviation) {
207 $this->abreviation = $auths->abbr;
208 }
209 } catch (Exception $e) {
210 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
211 return false;
212 }
213 } else {
214 $this->abreviation = $auths->abbr;
215 }
216
217 $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
218 } catch (ilECSConnectorException $e) {
219 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
220 return false;
221 }
222
223 // read current mid
224 try {
225 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
226 $connector = new ilECSConnector($this->getCurrentServer());
227 $details = $connector->getAuth($hash, true);
228
229 $this->getLogger()->dump($details, ilLogLevel::DEBUG);
230 $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
231
232 $this->setMID($details->getFirstSender());
233 } catch (ilECSConnectorException $e) {
234 $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
235 return false;
236 }
237 return true;
238 }
239
240
247 private function initECSServices()
248 {
249 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
250 $this->servers = ilECSServerSettings::getInstance();
251 }
252
258 protected function createUser(ilECSUser $user)
259 {
260 global $DIC;
261
262 $ilClientIniFile = $DIC['ilClientIniFile'];
263 $ilSetting = $DIC['ilSetting'];
264 $rbacadmin = $DIC['rbacadmin'];
265 $ilLog = $DIC['ilLog'];
266
267 $userObj = new ilObjUser();
268 $userObj->setOwner(SYSTEM_USER_ID);
269
270 include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
271 $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
272
273 $newUser["login"] = $local_user;
274 $newUser["firstname"] = $user->getFirstname();
275 $newUser["lastname"] = $user->getLastname();
276 $newUser['email'] = $user->getEmail();
277 $newUser['institution'] = $user->getInstitution();
278
279 // set "plain md5" password (= no valid password)
280 $newUser["passwd"] = "";
281 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
282
283 $newUser["auth_mode"] = "ecs";
284 $newUser["profile_incomplete"] = 0;
285
286 // system data
287 $userObj->assignData($newUser);
288 $userObj->setTitle($userObj->getFullname());
289 $userObj->setDescription($userObj->getEmail());
290
291 // set user language to system language
292 $userObj->setLanguage($ilSetting->get("language"));
293
294 // Time limit
295 $userObj->setTimeLimitOwner(7);
296 $userObj->setTimeLimitUnlimited(0);
297 $userObj->setTimeLimitFrom(time() - 5);
298 $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
299
300 #$now = new ilDateTime(time(), IL_CAL_UNIX);
301 #$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
302
303 // Create user in DB
304 $userObj->setOwner(6);
305 $userObj->create();
306 $userObj->setActive(1);
307 $userObj->updateOwner();
308 $userObj->saveAsNew();
309 $userObj->writePrefs();
310
311 if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
312 $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
313 }
314 ilObject::_writeImportId($userObj->getId(), $user->getImportId());
315
316 $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
317
318 // Send Mail
319 #$this->sendNotification($userObj);
320 $this->resetMailOptions($userObj->getId());
321
322 return $userObj->getLogin();
323 }
324
330 protected function updateUser(ilECSUser $user, $a_local_user_id)
331 {
332 global $DIC;
333
334 $ilClientIniFile = $DIC['ilClientIniFile'];
335 $ilLog = $DIC['ilLog'];
336 $rbacadmin = $DIC['rbacadmin'];
337
338 $user_obj = new ilObjUser($a_local_user_id);
339 $user_obj->setFirstname($user->getFirstname());
340 $user_obj->setLastname($user->getLastname());
341 $user_obj->setEmail($user->getEmail());
342 $user_obj->setInstitution($user->getInstitution());
343 $user_obj->setActive(true);
344
345 $until = $user_obj->getTimeLimitUntil();
346
347 if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
348 $user_obj->setTimeLimitFrom(time() - 60);
349 $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
350 }
351 $user_obj->update();
352 $user_obj->refreshLogin();
353
354 if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
355 $rbacadmin->assignUser(
356 $this->getCurrentServer()->getGlobalRole(),
357 $user_obj->getId(),
358 true
359 );
360 }
361
362 $this->resetMailOptions($a_local_user_id);
363
364 $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
365 return $user_obj->getLogin();
366 }
367
372 protected function resetMailOptions($a_usr_id)
373 {
374 include_once './Services/Mail/classes/class.ilMailOptions.php';
375 $options = new ilMailOptions($a_usr_id);
376 $options->setIncomingType(ilMailOptions::INCOMING_LOCAL);
377 $options->updateOptions();
378 }
379}
$_GET["client_id"]
An exception for terminatinating execution or to throw for unit testing.
const IL_PASSWD_CRYPTED
Auth prvider for ecs auth.
doAuthentication(\ilAuthStatus $status)
Tra ecs authentication.
__construct(\ilAuthCredentials $credentials)
Constructor.
getServerSettings()
Get server settings.
getAbreviation()
get abbreviation
createUser(ilECSUser $user)
create new user
initECSServices()
Init ECS Services @access private.
handleLogin()
Called from base class after successful login.
getCurrentServer()
Get current server.
updateUser(ilECSUser $user, $a_local_user_id)
update existing user
validateHash()
Validate ECS hash.
resetMailOptions($a_usr_id)
Reset mail options to "local only".
setCurrentServer(ilECSSetting $server=null)
Set current server.
Base class for authentication providers (radius, ldap, apache, ...)
getLogger()
Get logger.
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Auth status implementation.
setStatus($a_status)
Set auth status.
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
static getInstanceByServerId($a_server_id)
Get instance by server id.
Storage of ECS imported objects.
Storage of ecs remote user.
static getInstance()
Get singleton instance.
Stores relevant user data.
getFirstname()
get firstname
getLastname()
getLastname
getLogin()
get login
getImportId()
get Email
getEmail()
get email
getInstitution()
get institution
Class ilMailOptions this class handles user mails.
static _lookupId($a_user_str)
Lookup id by login.
static _writeImportId($a_obj_id, $a_import_id)
write import id to db (static)
static _lookupObjIdByImportId($a_import_id)
const SYSTEM_USER_ID
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: constants.php:24
$server
global $DIC
Definition: goto.php:24
Interface of auth credentials.
Standard interface for auth provider implementations.
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
global $ilSetting
Definition: privfeed.php:17
foreach($_POST as $key=> $value) $res