ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilAuthProviderECS.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7
14class ilAuthProviderECS extends ilAuthProvider implements ilAuthProviderInterface
15{
16 protected $mid = null;
17 protected $abreviation = null;
18
19 protected $currentServer = null;
20 protected $servers = null;
21
22
27 public function __construct(\ilAuthCredentials $credentials)
28 {
29 parent::__construct($credentials);
30
31 $this->initECSServices();
32 }
33
41 public function getAbreviation()
42 {
43 return $this->abreviation;
44 }
45
51 public function getMID()
52 {
53 return $this->mid;
54 }
55
56 public function setMID($a_mid)
57 {
58 $this->mid = $a_mid;
59 }
60
65 public function setCurrentServer(ilECSSetting $server = null)
66 {
67 $this->currentServer = $server;
68 }
69
74 public function getCurrentServer()
75 {
76 return $this->currentServer;
77 }
78
83 public function getServerSettings()
84 {
85 return $this->servers;
86 }
87
88
94 public function doAuthentication(\ilAuthStatus $status)
95 {
96 $this->getLogger()->debug('Starting ECS authentication');
97 if (!$this->getServerSettings()->activeServerExists()) {
98 $this->getLogger()->warning('No active ecs server found. Aborting');
99 $this->handleAuthenticationFail($status, 'err_wrong_login');
100 return false;
101 }
102
103 // Iterate through all active ecs instances
104 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
105 foreach ($this->getServerSettings()->getServers() as $server) {
106 $this->setCurrentServer($server);
107 if ($this->validateHash()) {
108 // handle successful authentication
109 $new_usr_id = $this->handleLogin();
110 $this->getLogger()->info('ECS authentication successful.');
111 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
112 $status->setAuthenticatedUserId($new_usr_id);
113 return true;
114 }
115 }
116
117 $this->getLogger()->warning('Could not validate ecs hash for any active server.');
118 $this->handleAuthenticationFail($status, 'err_wrong_login');
119 return false;
120 }
121
122
128 public function handleLogin()
129 {
130 include_once('./Services/WebServices/ECS/classes/class.ilECSUser.php');
131
132 $user = new ilECSUser($_GET);
133
134 if (!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId())) {
135 $username = $this->createUser($user);
136 } else {
137 $username = $this->updateUser($user, $usr_id);
138 }
139
140 // set user imported
141 include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
142 $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
143 $import->save();
144
145 // Store remote user data
146 include_once './Services/WebServices/ECS/classes/class.ilECSRemoteUser.php';
147 $remote = new ilECSRemoteUser();
148 $remote->setServerId($this->getCurrentServer()->getServerId());
149 $remote->setMid($this->getMID());
150 $remote->setRemoteUserId($user->getImportId());
151 $remote->setUserId(ilObjUser::_lookupId($username));
152
153 $this->getLogger()->info('Current user is: ' . $username);
154
155 if (!$remote->exists()) {
156 $remote->create();
157 }
158 return ilObjUser::_lookupId($username);
159 }
160
161
170 public function validateHash()
171 {
172 global $DIC;
173
174 $ilLog = $DIC['ilLog'];
175
176 // fetch hash
177 if (isset($_GET['ecs_hash']) and strlen($_GET['ecs_hash'])) {
178 $hash = $_GET['ecs_hash'];
179 }
180 if (isset($_GET['ecs_hash_url'])) {
181 $hashurl = urldecode($_GET['ecs_hash_url']);
182 $hash = basename(parse_url($hashurl, PHP_URL_PATH));
183 //$hash = urldecode($_GET['ecs_hash_url']);
184 }
185
186 $this->getLogger()->info('Using ecs hash: ' . $hash);
187 // Check if hash is valid ...
188 try {
189 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
190 $connector = new ilECSConnector($this->getCurrentServer());
191 $res = $connector->getAuth($hash);
192 $auths = $res->getResult();
193
194 $this->getLogger()->dump($auths, ilLogLevel::DEBUG);
195
196 if ($auths->pid) {
197 try {
198 include_once './Services/WebServices/ECS/classes/class.ilECSCommunityReader.php';
199 $reader = ilECSCommunityReader::getInstanceByServerId($this->getCurrentServer()->getServerId());
200 foreach ($reader->getParticipantsByPid($auths->pid) as $participant) {
201 if ($participant->getOrganisation() instanceof \ilECSOrganisation) {
202 $this->abreviation = $participant->getOrganisation()->getAbbreviation();
203 break;
204 }
205 }
206 if (!$this->abreviation) {
207 $this->abreviation = $auths->abbr;
208 }
209 } catch (Exception $e) {
210 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
211 return false;
212 }
213 } else {
214 $this->abreviation = $auths->abbr;
215 }
216
217 $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
218 } catch (ilECSConnectorException $e) {
219 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
220 return false;
221 }
222
223 // read current mid
224 try {
225 include_once('./Services/WebServices/ECS/classes/class.ilECSConnector.php');
226 $connector = new ilECSConnector($this->getCurrentServer());
227 $details = $connector->getAuth($hash, true);
228
229 $this->getLogger()->dump($details, ilLogLevel::DEBUG);
230 $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
231
232 $this->setMID($details->getFirstSender());
233 } catch (ilECSConnectorException $e) {
234 $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
235 return false;
236 }
237 return true;
238 }
239
240
247 private function initECSServices()
248 {
249 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
250 $this->servers = ilECSServerSettings::getInstance();
251 }
252
258 protected function createUser(ilECSUser $user)
259 {
260 global $DIC;
261
262 $ilClientIniFile = $DIC['ilClientIniFile'];
263 $ilSetting = $DIC['ilSetting'];
264 $rbacadmin = $DIC['rbacadmin'];
265 $ilLog = $DIC['ilLog'];
266
267 $userObj = new ilObjUser();
268 $userObj->setOwner(SYSTEM_USER_ID);
269
270 include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
271 $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
272
273 $newUser["login"] = $local_user;
274 $newUser["firstname"] = $user->getFirstname();
275 $newUser["lastname"] = $user->getLastname();
276 $newUser['email'] = $user->getEmail();
277 $newUser['institution'] = $user->getInstitution();
278
279 // set "plain md5" password (= no valid password)
280 $newUser["passwd"] = "";
281 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
282
283 $newUser["auth_mode"] = "ecs";
284 $newUser["profile_incomplete"] = 0;
285
286 // system data
287 $userObj->assignData($newUser);
288 $userObj->setTitle($userObj->getFullname());
289 $userObj->setDescription($userObj->getEmail());
290
291 // set user language to system language
292 $userObj->setLanguage($ilSetting->get("language"));
293
294 // Time limit
295 $userObj->setTimeLimitOwner(7);
296 $userObj->setTimeLimitUnlimited(0);
297 $userObj->setTimeLimitFrom(time() - 5);
298 $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
299
300 #$now = new ilDateTime(time(), IL_CAL_UNIX);
301 #$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
302
303 // Create user in DB
304 $userObj->setOwner(6);
305 $userObj->create();
306 $userObj->setActive(1);
307 $userObj->updateOwner();
308 $userObj->saveAsNew();
309 $userObj->writePrefs();
310
311 if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
312 $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
313 }
314 ilObject::_writeImportId($userObj->getId(), $user->getImportId());
315
316 $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
317
318 // Send Mail
319 #$this->sendNotification($userObj);
320 $this->resetMailOptions($userObj->getId());
321
322 return $userObj->getLogin();
323 }
324
330 protected function updateUser(ilECSUser $user, $a_local_user_id)
331 {
332 global $DIC;
333
334 $ilClientIniFile = $DIC['ilClientIniFile'];
335 $ilLog = $DIC['ilLog'];
336 $rbacadmin = $DIC['rbacadmin'];
337
338 $user_obj = new ilObjUser($a_local_user_id);
339 $user_obj->setFirstname($user->getFirstname());
340 $user_obj->setLastname($user->getLastname());
341 $user_obj->setEmail($user->getEmail());
342 $user_obj->setInstitution($user->getInstitution());
343 $user_obj->setActive(true);
344
345 $until = $user_obj->getTimeLimitUntil();
346
347 if ($until < (time() + $ilClientIniFile->readVariable('session', 'expire'))) {
348 $user_obj->setTimeLimitFrom(time() - 60);
349 $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
350 }
351 $user_obj->update();
352 $user_obj->refreshLogin();
353
354 if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
355 $rbacadmin->assignUser(
356 $this->getCurrentServer()->getGlobalRole(),
357 $user_obj->getId(),
358 true
359 );
360 }
361
362 $this->resetMailOptions($a_local_user_id);
363
364 $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
365 return $user_obj->getLogin();
366 }
367
372 protected function resetMailOptions($a_usr_id)
373 {
374 include_once './Services/Mail/classes/class.ilMailOptions.php';
375 $options = new ilMailOptions($a_usr_id);
376 $options->setIncomingType(ilMailOptions::INCOMING_LOCAL);
377 $options->updateOptions();
378 }
379}
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
php
An exception for terminatinating execution or to throw for unit testing.
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:7
ilAuthProviderECS
Auth prvider for ecs auth.
Definition: class.ilAuthProviderECS.php:15
ilAuthProviderECS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Tra ecs authentication.
Definition: class.ilAuthProviderECS.php:94
ilAuthProviderECS\__construct
__construct(\ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderECS.php:27
ilAuthProviderECS\getServerSettings
getServerSettings()
Get server settings.
Definition: class.ilAuthProviderECS.php:83
ilAuthProviderECS\getAbreviation
getAbreviation()
get abbreviation
Definition: class.ilAuthProviderECS.php:41
ilAuthProviderECS\createUser
createUser(ilECSUser $user)
create new user
Definition: class.ilAuthProviderECS.php:258
ilAuthProviderECS\initECSServices
initECSServices()
Init ECS Services @access private.
Definition: class.ilAuthProviderECS.php:247
ilAuthProviderECS\handleLogin
handleLogin()
Called from base class after successful login.
Definition: class.ilAuthProviderECS.php:128
ilAuthProviderECS\getCurrentServer
getCurrentServer()
Get current server.
Definition: class.ilAuthProviderECS.php:74
ilAuthProviderECS\updateUser
updateUser(ilECSUser $user, $a_local_user_id)
update existing user
Definition: class.ilAuthProviderECS.php:330
ilAuthProviderECS\validateHash
validateHash()
Validate ECS hash.
Definition: class.ilAuthProviderECS.php:170
ilAuthProviderECS\resetMailOptions
resetMailOptions($a_usr_id)
Reset mail options to "local only".
Definition: class.ilAuthProviderECS.php:372
ilAuthProviderECS\setCurrentServer
setCurrentServer(ilECSSetting $server=null)
Set current server.
Definition: class.ilAuthProviderECS.php:65
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:12
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:12
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:374
ilECSCommunityReader\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilECSCommunityReader.php:97
ilECSImport
Storage of ECS imported objects.
Definition: class.ilECSImport.php:15
ilECSRemoteUser
Storage of ecs remote user.
Definition: class.ilECSRemoteUser.php:9
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilECSUser
Stores relevant user data.
Definition: class.ilECSUser.php:36
ilECSUser\getFirstname
getFirstname()
get firstname
Definition: class.ilECSUser.php:81
ilECSUser\getLastname
getLastname()
getLastname
Definition: class.ilECSUser.php:91
ilECSUser\getLogin
getLogin()
get login
Definition: class.ilECSUser.php:70
ilECSUser\getImportId
getImportId()
get Email
Definition: class.ilECSUser.php:122
ilECSUser\getEmail
getEmail()
get email
Definition: class.ilECSUser.php:101
ilECSUser\getInstitution
getInstitution()
get institution
Definition: class.ilECSUser.php:111
ilMailOptions
Class ilMailOptions this class handles user mails.
Definition: class.ilMailOptions.php:11
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:832
ilObject\_writeImportId
static _writeImportId($a_obj_id, $a_import_id)
write import id to db (static)
Definition: class.ilObject.php:1261
ilObject\_lookupObjIdByImportId
static _lookupObjIdByImportId($a_import_id)
Definition: class.ilObject.php:489
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: constants.php:24
$server
$server
Definition: dummy_client.php:12
$DIC
global $DIC
Definition: goto.php:24
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:12
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:12
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:40
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15