ILIAS  release_7 Revision v7.30-3-g800a261c036
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderApache Class Reference

Apache auth provider. More...

+ Inheritance diagram for ilAuthProviderApache:
+ Collaboration diagram for ilAuthProviderApache:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 doAuthentication (ilAuthStatus $status)
 @inheritDoc More...
 
 migrateAccount (ilAuthStatus $status)
 @inheritDoc More...
 
 createNewAccount (ilAuthStatus $status)
 @inheritDoc More...
 
 getExternalAccountName ()
 @inheritDoc More...
 
 setExternalAccountName (string $name)
 
 getTriggerAuthMode ()
 @inheritDoc More...
 
 getUserAuthModeName ()
 @inheritDoc More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 

Data Fields

const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1
 
const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2
 
const APACHE_AUTH_TYPE_BY_FUNCTION = 3
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Protected Member Functions

 getSettings ()
 Get setings. More...
 
 handleLDAPDataSource (ilAuthStatus $status)
 @inheritDoc More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $settings = null
 
 $migration_account = ''
 
 $force_new_account = false
 

Detailed Description

Apache auth provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 8 of file class.ilAuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderApache::__construct ( ilAuthCredentials  $credentials)

Constructor.

Parameters
ilAuthCredentials$credentials

Reimplemented from ilAuthProvider.

Definition at line 23 of file class.ilAuthProviderApache.php.

24 {
25 parent::__construct($credentials);
26 $this->settings = new ilSetting('apache_auth');
27 }
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:40
settings
settings()
Definition: settings.php:2

References ilAuthProvider\$credentials, ILIAS\GlobalScreen\Provider\__construct(), and settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ilAuthProviderApache::createNewAccount ( ilAuthStatus  $status)

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 112 of file class.ilAuthProviderApache.php.

113 {
114 $this->force_new_account = true;
115 if ($this->getSettings()->get('apache_enable_ldap')) {
116 return $this->handleLDAPDataSource($status);
117 }
118 }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
@inheritDoc
Definition: class.ilAuthProviderApache.php:159

References getSettings(), and handleLDAPDataSource().

+ Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderApache::doAuthentication ( ilAuthStatus  $status)

@inheritDoc

Definition at line 41 of file class.ilAuthProviderApache.php.

42 {
43 if (!$this->getSettings()->get('apache_enable_auth')) {
44 $this->getLogger()->info('Apache auth disabled.');
45 $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
46 return false;
47 }
48
49 if (
50 !$this->getSettings()->get('apache_auth_indicator_name') ||
51 !$this->getSettings()->get('apache_auth_indicator_value')
52 ) {
53 $this->getLogger()->warning('Apache auth indicator match failure.');
54 $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
55 return false;
56 }
57
58 $validIndicatorValues = array_filter(array_map(
59 'trim',
60 str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))
61 ));
62 if (!in_array($_SERVER[$this->getSettings()->get('apache_auth_indicator_name')], $validIndicatorValues)) {
63 $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
64 $this->handleAuthenticationFail($status, 'err_wrong_login');
65 return false;
66 }
67
68 if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
69 $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
70 $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
71 return false;
72 }
73
74 if (!strlen($this->getCredentials()->getUsername())) {
75 $this->getLogger()->info('No username given');
76 $this->handleAuthenticationFail($status, 'err_wrong_login');
77 return false;
78 }
79
80 // Apache with ldap as data source
81 if ($this->getSettings()->get('apache_enable_ldap')) {
82 return $this->handleLDAPDataSource($status);
83 }
84
85 $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
86 $usr_id = ilObjUser::_lookupId($login);
87 if (!$usr_id) {
88 $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
89 $this->handleAuthenticationFail($status, 'err_wrong_login');
90 return false;
91 }
92
93 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
94 $status->setAuthenticatedUserId($usr_id);
95 return true;
96 }
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3568
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:832
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1312
$login
$login
Definition: cron.php:13
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10

References $_SERVER, $login, ilAuthProvider\$status, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilUtil\isLogin(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderApache::getExternalAccountName ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 123 of file class.ilAuthProviderApache.php.

124 {
125 return $this->migration_account;
126 }

References $migration_account.

◆ getSettings()

ilAuthProviderApache::getSettings ( )
protected

Get setings.

Returns
ilSetting

Definition at line 33 of file class.ilAuthProviderApache.php.

33 : ilSetting
34 {
35 return $this->settings;
36 }

References $settings.

Referenced by createNewAccount(), doAuthentication(), getUserAuthModeName(), handleLDAPDataSource(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderApache::getTriggerAuthMode ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 139 of file class.ilAuthProviderApache.php.

140 {
141 return AUTH_APACHE;
142 }
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:17

References AUTH_APACHE.

◆ getUserAuthModeName()

ilAuthProviderApache::getUserAuthModeName ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 147 of file class.ilAuthProviderApache.php.

148 {
149 if ($this->getSettings()->get('apache_ldap_sid')) {
150 return 'ldap_' . (string) $this->getSettings()->get('apache_ldap_sid');
151 }
152
153 return 'apache';
154 }

References getSettings().

+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderApache::handleLDAPDataSource ( ilAuthStatus  $status)
protected

@inheritDoc

Definition at line 159 of file class.ilAuthProviderApache.php.

159 : bool
160 {
161 $server = ilLDAPServer::getInstanceByServerId(
162 $this->getSettings()->get('apache_ldap_sid')
163 );
164
165 $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
166
167 $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
168 $sync->setExternalAccount($this->getCredentials()->getUsername());
169 $sync->setUserData(array());
170 $sync->forceCreation($this->force_new_account);
171 $sync->forceReadLdapData(true);
172
173 try {
174 $internal_account = $sync->sync();
175 $this->getLogger()->debug('Internal account: ' . $internal_account);
176 } catch (UnexpectedValueException $e) {
177 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
178 $this->handleAuthenticationFail($status, 'err_wrong_login');
179 return false;
180 } catch (ilLDAPSynchronisationFailedException $e) {
181 $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
182 return false;
183 }
184 catch (ilLDAPSynchronisationForbiddenException $e) {
185 // No syncronisation allowed => create Error
186 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
187 $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
188 return false;
189 } catch (ilLDAPAccountMigrationRequiredException $e) {
190 // Account migration required
191 $this->setExternalAccountName($this->getCredentials()->getUsername());
192 $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
193 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
194 return false;
195 }
196
197 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
198 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
199 return true;
200 }
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:11
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
$server
$server
Definition: dummy_client.php:12

References Vendor\Package\$e, $server, ilAuthProvider\$status, ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), setExternalAccountName(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderApache::migrateAccount ( ilAuthStatus  $status)

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 101 of file class.ilAuthProviderApache.php.

102 {
103 $this->force_new_account = true;
104 if ($this->getSettings()->get('apache_enable_ldap')) {
105 return $this->handleLDAPDataSource($status);
106 }
107 }

References getSettings(), and handleLDAPDataSource().

+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderApache::setExternalAccountName ( string  $name)
Parameters
string$name

Definition at line 131 of file class.ilAuthProviderApache.php.

131 : void
132 {
133 $this->migration_account = $name;
134 }
$name
if($format !==null) $name
Definition: metadata.php:230

References $name.

Referenced by handleLDAPDataSource().

+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

ilAuthProviderApache::$force_new_account = false
private

Definition at line 17 of file class.ilAuthProviderApache.php.

◆ $migration_account

ilAuthProviderApache::$migration_account = ''
private

Definition at line 16 of file class.ilAuthProviderApache.php.

Referenced by getExternalAccountName().

◆ $settings

ilAuthProviderApache::$settings = null
private

Definition at line 14 of file class.ilAuthProviderApache.php.

Referenced by getSettings().

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 12 of file class.ilAuthProviderApache.php.

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 10 of file class.ilAuthProviderApache.php.

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 11 of file class.ilAuthProviderApache.php.

The documentation for this class was generated from the following file: