ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilOpenIdConnectSettings.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
11class ilOpenIdConnectSettings
12{
13 const FILE_STORAGE = 'openidconnect/login_form_image';
14 const STORAGE_ID = 'oidc';
15 const DEFAULT_SCOPE = 'openid';
16
17 const LOGIN_ELEMENT_TYPE_TXT = 0;
18 const LOGIN_ELEMENT_TYPE_IMG = 1;
19
20 const LOGIN_ENFORCE = 0;
21 const LOGIN_STANDARD = 1;
22
23 const LOGOUT_SCOPE_GLOBAL = 0;
24 const LOGOUT_SCOPE_LOCAL = 1;
25
26 const URL_VALIDATION_PROVIDER = 0;
27 const URL_VALIDATION_CUSTOM = 1;
28 const URL_VALIDATION_NONE = 2;
29
30 const VALIDATION_ISSUE_INVALID_SCOPE = 0;
31 const VALIDATION_ISSUE_DISCOVERY_ERROR = 1;
32
33
38 private static $instance = null;
39
40
44 private $storage = null;
45
49 private $filesystem = null;
50
51
55 private $active = false;
56
60 private $provider = '';
61
65 private $client_id = '';
66
70 private $secret = '';
71
75 private $login_element_type = self::LOGIN_ELEMENT_TYPE_TXT;
76
80 private $login_element_img_name;
81
85 private $login_element_text;
86
90 private $login_prompt_type = self::LOGIN_ENFORCE;
91
92
96 private $logout_scope;
97
101 private $custom_session = false;
102
106 private $session_duration = 60;
107
111 private $allow_sync;
112
116 private $role;
117
121 private $uid = '';
122
126 private $profile_map = [];
127
131 private $profile_update_map = [];
132
136 private $role_mappings = [];
137
141 private $additional_scopes = [];
142
143 private $validate_scopes = self::URL_VALIDATION_PROVIDER;
144 private $custom_discovery_url = null;
145
146
150 private function __construct()
151 {
152 global $DIC;
153
154 $this->storage = new ilSetting(self::STORAGE_ID);
155 $this->filesystem = $DIC->filesystem()->web();
156 $this->load();
157 }
158
163 public static function getInstance() : \ilOpenIdConnectSettings
164 {
165 if (!self::$instance) {
166 self::$instance = new self();
167 }
168 return new self::$instance;
169 }
170
174 public function setActive(bool $active)
175 {
176 $this->active = $active;
177 }
178
182 public function getActive() : bool
183 {
184 return $this->active;
185 }
186
190 public function setProvider(string $url)
191 {
192 $this->provider = $url;
193 }
194
198 public function getProvider() : string
199 {
200 return $this->provider;
201 }
202
206 public function setClientId(string $client_id)
207 {
208 $this->client_id = $client_id;
209 }
210
214 public function getClientId() : string
215 {
216 return $this->client_id;
217 }
218
222 public function setSecret(string $secret)
223 {
224 $this->secret = $secret;
225 }
226
230 public function getSecret() : string
231 {
232 return $this->secret;
233 }
234
238 public function setLoginElementType(int $type)
239 {
240 $this->login_element_type = $type;
241 }
242
246 public function getLoginElementType() : int
247 {
248 return $this->login_element_type;
249 }
250
254 public function setLoginElementImage(string $a_img_name)
255 {
256 $this->login_element_img_name = $a_img_name;
257 }
258
262 public function getLoginElementImage() : string
263 {
264 return $this->login_element_img_name;
265 }
266
267 public function setLoginElementText(string $text)
268 {
269 $this->login_element_text = $text;
270 }
271
272
273 public function getLoginElemenText() : string
274 {
275 return $this->login_element_text;
276 }
277
281 public function setLoginPromptType(int $a_type)
282 {
283 $this->login_prompt_type = $a_type;
284 }
285
289 public function getLoginPromptType() : int
290 {
291 return $this->login_prompt_type;
292 }
293
297 public function setLogoutScope(int $a_scope)
298 {
299 $this->logout_scope = $a_scope;
300 }
301
305 public function getLogoutScope() : int
306 {
307 return $this->logout_scope;
308 }
309
313 public function useCustomSession(bool $a_stat)
314 {
315 $this->custom_session = $a_stat;
316 }
317
321 public function isCustomSession() : bool
322 {
323 return $this->custom_session;
324 }
325
329 public function setSessionDuration(int $a_duration)
330 {
331 $this->session_duration = $a_duration;
332 }
333
337 public function getSessionDuration() : int
338 {
339 return $this->session_duration;
340 }
341
345 public function isSyncAllowed() : bool
346 {
347 return $this->allow_sync;
348 }
349
353 public function allowSync(bool $a_stat)
354 {
355 $this->allow_sync = $a_stat;
356 }
357
361 public function setRole(int $role)
362 {
363 $this->role = $role;
364 }
365
369 public function getRole() : int
370 {
371 return $this->role;
372 }
373
377 public function setUidField(string $field)
378 {
379 $this->uid = $field;
380 }
381
385 public function getUidField() : string
386 {
387 return $this->uid;
388 }
389
393 public function getAdditionalScopes() : array
394 {
395 return $this->additional_scopes;
396 }
397
401 public function setAdditionalScopes(array $additional_scopes)
402 {
403 $this->additional_scopes = $additional_scopes;
404 }
405
409 public function getAllScopes() : array
410 {
411 $scopes = $this->additional_scopes;
412 array_unshift($scopes, self::DEFAULT_SCOPE);
413
414 return $scopes;
415 }
416
423 public function deleteImageFile()
424 {
425 if ($this->filesystem->has(self::FILE_STORAGE . '/' . $this->getLoginElementImage())) {
426 $this->filesystem->delete(self::FILE_STORAGE . '/' . $this->getLoginElementImage());
427 }
428 }
429
433 public function hasImageFile() : bool
434 {
435 return
436 strlen($this->getLoginElementImage()) &&
437 $this->filesystem->has(self::FILE_STORAGE . '/' . $this->getLoginElementImage());
438 }
439
443 public function getImageFilePath() : string
444 {
445 return implode(
446 '/',
447 [
448 \ilUtil::getWebspaceDir(),
449 self::FILE_STORAGE . '/' . $this->getLoginElementImage()
450 ]
451 );
452 }
453
457 public function setRoleMappings(array $a_role_mappings)
458 {
459 $this->role_mappings = $a_role_mappings;
460 }
461
465 public function getRoleMappings() : array
466 {
467 return (array) $this->role_mappings;
468 }
469
474 public function getRoleMappingValueForId($a_role_id) : string
475 {
476 if (
477 isset($this->role_mappings[$a_role_id]) &&
478 isset($this->role_mappings[$a_role_id]['value'])
479 ) {
480 return (string) $this->role_mappings[$a_role_id]['value'];
481 }
482 return '';
483 }
484
489 public function getRoleMappingUpdateForId($a_role_id) : bool
490 {
491 if (
492 isset($this->role_mappings[$a_role_id]) &&
493 isset($this->role_mappings[$a_role_id]['update'])
494 ) {
495 return (bool) $this->role_mappings[$a_role_id]['update'];
496 }
497 return '';
498 }
499 public function setValidateScopes(int $validation_mode) : void
500 {
501 $this->validate_scopes = $validation_mode;
502 }
503
504 public function getValidateScopes() : int
505 {
506 return $this->validate_scopes;
507 }
508
509 public function setCustomDiscoveryUrl(?string $discoveryUrl) : void
510 {
511 $this->custom_discovery_url = $discoveryUrl;
512 }
513
514 public function getCustomDiscoveryUrl() : ?string
515 {
516 return $this->custom_discovery_url;
517 }
518
519 public function validateScopes(string $discoveryURL, array $custom_scopes)
520 {
521 $result = array();
522 try {
523 $curl = new ilCurlConnection($discoveryURL);
524 $curl->init();
525
526 $curl->setOpt(CURLOPT_HEADER, 0);
527 $curl->setOpt(CURLOPT_RETURNTRANSFER, true);
528 $curl->setOpt(CURLOPT_TIMEOUT, 4);
529
530 $response = $curl->exec();
531
532 if ($curl->getInfo(CURLINFO_RESPONSE_CODE) === 200) {
533 $available_scopes = $response->scopes_supported;
534 $decoded_response = json_decode($response, false, 512, JSON_THROW_ON_ERROR);
535 $available_scopes = $decoded_response->scopes_supported;
536 array_unshift($custom_scopes, self::DEFAULT_SCOPE);
537
538 $result = array_diff($custom_scopes, $available_scopes);
539 if (!empty(array_diff($custom_scopes, $available_scopes))) {
540 $result = [self::VALIDATION_ISSUE_INVALID_SCOPE, array_diff($custom_scopes, $available_scopes)];
541 }
542 } else {
543 $result = [self::VALIDATION_ISSUE_DISCOVERY_ERROR, $response];
544 }
545 } catch (ilCurlConnectionException $e) {
546 throw $e;
547 } finally {
548 $curl->close();
549 }
550 return $result;
551 }
552
556 public function save()
557 {
558 $this->storage->set('active', (int) $this->getActive());
559 $this->storage->set('provider', $this->getProvider());
560 $this->storage->set('client_id', $this->getClientId());
561 $this->storage->set('secret', $this->getSecret());
562 $this->storage->set('scopes', (string) serialize($this->getAdditionalScopes()));
563 $this->storage->set('le_img', $this->getLoginElementImage());
564 $this->storage->set('le_text', $this->getLoginElemenText());
565 $this->storage->set('le_type', $this->getLoginElementType());
566 $this->storage->set('prompt_type', $this->getLoginPromptType());
567 $this->storage->set('logout_scope', $this->getLogoutScope());
568 $this->storage->set('custom_session', (int) $this->isCustomSession());
569 $this->storage->set('session_duration', (int) $this->getSessionDuration());
570 $this->storage->set('allow_sync', (int) $this->isSyncAllowed());
571 $this->storage->set('role', (int) $this->getRole());
572 $this->storage->set('uid', (string) $this->getUidField());
573
574 foreach ($this->getProfileMappingFields() as $field => $lang_key) {
575 $this->storage->set('pmap_' . $field, $this->getProfileMappingFieldValue($field));
576 $this->storage->set('pumap_' . $field, $this->getProfileMappingFieldUpdate($field));
577 }
578 $this->storage->set('role_mappings', (string) serialize($this->getRoleMappings()));
579
580 $this->storage->set('validate_scopes', (string) $this->getValidateScopes());
581 if (self::URL_VALIDATION_CUSTOM === $this->getValidateScopes()) {
582 $this->storage->set('custom_discovery_url', $this->getCustomDiscoveryUrl());
583 } else {
584 $this->storage->delete('custom_discovery_url');
585 }
586 }
587
591 protected function load()
592 {
593 foreach ($this->getProfileMappingFields() as $field => $lang_key) {
594 $this->profile_map[$field] = (string) $this->storage->get('pmap_' . $field, '');
595 $this->profile_update_map[$field] = (bool) $this->storage->get('pumap_' . $field, '');
596 }
597
598 $this->setActive((bool) $this->storage->get('active', 0));
599 $this->setProvider($this->storage->get('provider', ''));
600 $this->setClientId($this->storage->get('client_id', ''));
601 $this->setSecret($this->storage->get('secret', ''));
602 $this->setAdditionalScopes((array) unserialize($this->storage->get('scopes', serialize([]))));
603 $this->setLoginElementImage($this->storage->get('le_img', ''));
604 $this->setLoginElementText($this->storage->get('le_text'));
605 $this->setLoginElementType($this->storage->get('le_type'));
606 $this->setLoginPromptType((int) $this->storage->get('prompt_type', self::LOGIN_ENFORCE));
607 $this->setLogoutScope((int) $this->storage->get('logout_scope', self::LOGOUT_SCOPE_GLOBAL));
608 $this->useCustomSession((bool) $this->storage->get('custom_session'), false);
609 $this->setSessionDuration((int) $this->storage->get('session_duration', 60));
610 $this->allowSync((bool) $this->storage->get('allow_sync'), false);
611 $this->setRole((int) $this->storage->get('role'), 0);
612 $this->setUidField((string) $this->storage->get('uid'), '');
613 $this->setRoleMappings((array) unserialize($this->storage->get('role_mappings', serialize([]))));
614 $this->setValidateScopes((int) $this->storage->get('validate_scopes', (string) self::URL_VALIDATION_PROVIDER));
615 if (self::URL_VALIDATION_CUSTOM === $this->getValidateScopes()) {
616 $this->setCustomDiscoveryUrl($this->storage->get('custom_discovery_url'));
617 }
618 }
619
623 public function getProfileMappingFieldValue(string $field) : string
624 {
625 return (string) $this->profile_map[$field];
626 }
627
632 public function setProfileMappingFieldValue(string $field, string $value)
633 {
634 $this->profile_map[$field] = $value;
635 }
636
641 public function getProfileMappingFieldUpdate(string $field) : bool
642 {
643 return (bool) $this->profile_update_map[$field];
644 }
645
650 public function setProfileMappingFieldUpdate(string $field, bool $value)
651 {
652 $this->profile_update_map[$field] = $value;
653 }
654
655
659 public function getProfileMappingFields() : array
660 {
661 return [
662 'firstname' => 'firstname',
663 'lastname' => 'lastname',
664 'email' => 'email',
665 'birthday' => 'birthday'
666 ];
667 }
668}
$result
$result
Definition: CleanUpTest.php:463
php
An exception for terminatinating execution or to throw for unit testing.
ilOpenIdConnectSettings
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectSettings.php:12
ilOpenIdConnectSettings\setAdditionalScopes
setAdditionalScopes(array $additional_scopes)
Definition: class.ilOpenIdConnectSettings.php:401
ilOpenIdConnectSettings\setProfileMappingFieldValue
setProfileMappingFieldValue(string $field, string $value)
Definition: class.ilOpenIdConnectSettings.php:632
ilOpenIdConnectSettings\setProfileMappingFieldUpdate
setProfileMappingFieldUpdate(string $field, bool $value)
Definition: class.ilOpenIdConnectSettings.php:650
ilOpenIdConnectSettings\setLoginElementType
setLoginElementType(int $type)
Set login element type.
Definition: class.ilOpenIdConnectSettings.php:238
ilOpenIdConnectSettings\validateScopes
validateScopes(string $discoveryURL, array $custom_scopes)
Definition: class.ilOpenIdConnectSettings.php:519
ilOpenIdConnectSettings\__construct
__construct()
ilOpenIdConnectSettings constructor.
Definition: class.ilOpenIdConnectSettings.php:150
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:163
ilOpenIdConnectSettings\setCustomDiscoveryUrl
setCustomDiscoveryUrl(?string $discoveryUrl)
Definition: class.ilOpenIdConnectSettings.php:509
ilOpenIdConnectSettings\setRoleMappings
setRoleMappings(array $a_role_mappings)
Definition: class.ilOpenIdConnectSettings.php:457
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilUtil\getWebspaceDir
static getWebspaceDir($mode="filesystem")
get webspace directory
Definition: class.ilUtil.php:1507
$DIC
global $DIC
Definition: goto.php:24
$type
$type
Definition: proxy_ylocal.php:10
$url
$url
Definition: proxy_ylocal.php:28
$response
$response
Definition: proxy_ylocal.php:39