ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderApache Class Reference

Apache auth provider. More...

+ Inheritance diagram for ilAuthProviderApache:
+ Collaboration diagram for ilAuthProviderApache:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 
 createNewAccount (ilAuthStatus $status)
 
 getExternalAccountName ()
 
 setExternalAccountName (string $name)
 
 getTriggerAuthMode ()
 
 getUserAuthModeName ()
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Data Fields

const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1
 
const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2
 
const APACHE_AUTH_TYPE_BY_FUNCTION = 3
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Protected Member Functions

 getSettings ()
 Get setings. More...
 
 handleLDAPDataSource (ilAuthStatus $status)
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $settings = null
 
 $migration_account = ''
 
 $force_new_account = false
 

Detailed Description

Apache auth provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 8 of file class.ilAuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderApache::__construct ( ilAuthCredentials  $credentials)

Constructor.

Parameters
ilAuthCredentials$credentials

Definition at line 23 of file class.ilAuthProviderApache.php.

References ILIAS\GlobalScreen\Provider\__construct(), and settings().

24  {
25  parent::__construct($credentials);
26  $this->settings = new ilSetting('apache_auth');
27  }
settings
settings()
Definition: settings.php:2
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:40
+ Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ilAuthProviderApache::createNewAccount ( ilAuthStatus  $status)

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 112 of file class.ilAuthProviderApache.php.

References getSettings(), and handleLDAPDataSource().

113  {
114  $this->force_new_account = true;
115  if ($this->getSettings()->get('apache_enable_ldap')) {
116  return $this->handleLDAPDataSource($status);
117  }
118  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:159
+ Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderApache::doAuthentication ( ilAuthStatus  $status)

Definition at line 41 of file class.ilAuthProviderApache.php.

References $_SERVER, $login, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilUtil\isLogin(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

42  {
43  if (!$this->getSettings()->get('apache_enable_auth')) {
44  $this->getLogger()->info('Apache auth disabled.');
45  $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
46  return false;
47  }
48 
49  if (
50  !$this->getSettings()->get('apache_auth_indicator_name') ||
51  !$this->getSettings()->get('apache_auth_indicator_value')
52  ) {
53  $this->getLogger()->warning('Apache auth indicator match failure.');
54  $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
55  return false;
56  }
57 
58  $validIndicatorValues = array_filter(array_map(
59  'trim',
60  str_getcsv($this->getSettings()->get('apache_auth_indicator_value'))
61  ));
62  if (!in_array($_SERVER[$this->getSettings()->get('apache_auth_indicator_name')], $validIndicatorValues)) {
63  $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
64  $this->handleAuthenticationFail($status, 'err_wrong_login');
65  return false;
66  }
67 
68  if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
69  $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
70  $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
71  return false;
72  }
73 
74  if (!strlen($this->getCredentials()->getUsername())) {
75  $this->getLogger()->info('No username given');
76  $this->handleAuthenticationFail($status, 'err_wrong_login');
77  return false;
78  }
79 
80  // Apache with ldap as data source
81  if ($this->getSettings()->get('apache_enable_ldap')) {
82  return $this->handleLDAPDataSource($status);
83  }
84 
85  $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
86  $usr_id = ilObjUser::_lookupId($login);
87  if (!$usr_id) {
88  $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
89  $this->handleAuthenticationFail($status, 'err_wrong_login');
90  return false;
91  }
92 
93  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
94  $status->setAuthenticatedUserId($usr_id);
95  return true;
96  }
$login
$login
Definition: cron.php:13
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:159
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:832
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3568
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilUtil\isLogin
static isLogin($a_login)
Definition: class.ilUtil.php:1312
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderApache::getExternalAccountName ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 123 of file class.ilAuthProviderApache.php.

References $migration_account.

124  {
125  return $this->migration_account;
126  }

◆ getSettings()

ilAuthProviderApache::getSettings ( )
protected

Get setings.

Returns
ilSetting

Definition at line 33 of file class.ilAuthProviderApache.php.

References $settings.

Referenced by createNewAccount(), doAuthentication(), getUserAuthModeName(), handleLDAPDataSource(), and migrateAccount().

33  : ilSetting
34  {
35  return $this->settings;
36  }
+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderApache::getTriggerAuthMode ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 139 of file class.ilAuthProviderApache.php.

References AUTH_APACHE.

140  {
141  return AUTH_APACHE;
142  }
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:17

◆ getUserAuthModeName()

ilAuthProviderApache::getUserAuthModeName ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 147 of file class.ilAuthProviderApache.php.

References getSettings().

148  {
149  if ($this->getSettings()->get('apache_ldap_sid')) {
150  return 'ldap_' . (string) $this->getSettings()->get('apache_ldap_sid');
151  }
152 
153  return 'apache';
154  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderApache::handleLDAPDataSource ( ilAuthStatus  $status)
protected

Definition at line 159 of file class.ilAuthProviderApache.php.

References Vendor\Package\$e, $server, ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilLDAPUserSynchronisation\setExternalAccount(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

159  : bool
160  {
161  $server = ilLDAPServer::getInstanceByServerId(
162  $this->getSettings()->get('apache_ldap_sid')
163  );
164 
165  $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
166 
167  $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
168  $sync->setExternalAccount($this->getCredentials()->getUsername());
169  $sync->setUserData(array());
170  $sync->forceCreation($this->force_new_account);
171  $sync->forceReadLdapData(true);
172 
173  try {
174  $internal_account = $sync->sync();
175  $this->getLogger()->debug('Internal account: ' . $internal_account);
176  } catch (UnexpectedValueException $e) {
177  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
178  $this->handleAuthenticationFail($status, 'err_wrong_login');
179  return false;
180  } catch (ilLDAPSynchronisationFailedException $e) {
181  $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
182  return false;
183  }
184  catch (ilLDAPSynchronisationForbiddenException $e) {
185  // No syncronisation allowed => create Error
186  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
187  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
188  return false;
189  } catch (ilLDAPAccountMigrationRequiredException $e) {
190  // Account migration required
191  $this->setExternalAccountName($this->getCredentials()->getUsername());
192  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
193  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
194  return false;
195  }
196 
197  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
198  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
199  return true;
200  }
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:10
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:832
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:66
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$server
$server
Definition: dummy_client.php:12
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderApache::migrateAccount ( ilAuthStatus  $status)

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 101 of file class.ilAuthProviderApache.php.

References getSettings(), and handleLDAPDataSource().

102  {
103  $this->force_new_account = true;
104  if ($this->getSettings()->get('apache_enable_ldap')) {
105  return $this->handleLDAPDataSource($status);
106  }
107  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:159
+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderApache::setExternalAccountName ( string  $name)
Parameters
string$name

Definition at line 131 of file class.ilAuthProviderApache.php.

References $name.

Referenced by handleLDAPDataSource().

131  : void
132  {
133  $this->migration_account = $name;
134  }
$name
if($format !==null) $name
Definition: metadata.php:230
+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

ilAuthProviderApache::$force_new_account = false
private

Definition at line 17 of file class.ilAuthProviderApache.php.

◆ $migration_account

ilAuthProviderApache::$migration_account = ''
private

Definition at line 16 of file class.ilAuthProviderApache.php.

Referenced by getExternalAccountName().

◆ $settings

ilAuthProviderApache::$settings = null
private

Definition at line 14 of file class.ilAuthProviderApache.php.

Referenced by getSettings().

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 12 of file class.ilAuthProviderApache.php.

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 10 of file class.ilAuthProviderApache.php.

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 11 of file class.ilAuthProviderApache.php.

The documentation for this class was generated from the following file: