ILIAS  release_8 Revision v8.24
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference
+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 
 getAuthSession ()
 Get auth session. More...
 
 getCredentials ()
 Get auth credentials. More...
 
 getProviders ()
 Get providers. More...
 
 getStatus ()
 
 resetStatus ()
 Reset status. More...
 
 migrateAccount (ilAuthSession $session)
 Migrate Account to existing user account. More...
 
 migrateAccountNew ()
 Create new user account. More...
 
 authenticate ()
 Try to authenticate user. More...
 

Data Fields

const MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 Handle account migration. More...
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 Handle successful authentication. More...
 
 checkActivation (ilObjUser $user)
 Check activation. More...
 
 checkExceededLoginAttempts (ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 Check time limit. More...
 
 checkIp (ilObjUser $user)
 Check ip. More...
 
 checkSimultaneousLogins (ilObjUser $user)
 Check simultaneous logins. More...
 
 handleAuthenticationFail ()
 Handle failed authenication. More...
 

Private Attributes

ilLogger $logger
 
ilSetting $settings
 
ilLanguage $lng
 
ilAuthCredentials $credentials
 
ilAuthStatus $status
 
array $providers
 
ilAuthSession $auth_session
 
ilAppEventHandler $ilAppEventHandler
 
bool $authenticated = false
 

Detailed Description

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 27 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)
Parameters
ilAuthSession$session
ilAuthStatus$status
ilAuthCredentials$credentials
ilAuthProvider[]$providers

Reimplemented in ilAuthFrontendHTTP.

Definition at line 52 of file class.ilAuthFrontend.php.

53 {
54 global $DIC;
55 $this->logger = $DIC->logger()->auth();
56 $this->settings = $DIC->settings();
57 $this->lng = $DIC->language();
58 $this->ilAppEventHandler = $DIC->event();
59
60 $this->auth_session = $session;
61 $this->credentials = $credentials;
62 $this->status = $status;
63 $this->providers = $providers;
64 }
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:52
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:37
$DIC
global $DIC
Definition: feed.php:28
$session
$session
Definition: proxy_ylocal.php:32

References $credentials, $DIC, $providers, $session, $status, ILIAS\Repository\lng(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Try to authenticate user.

Reimplemented in ilAuthFrontendHTTP.

Definition at line 172 of file class.ilAuthFrontend.php.

172 : bool
173 {
174 foreach ($this->getProviders() as $provider) {
175 $this->resetStatus();
176
177 $this->logger->debug('Trying authentication against: ' . get_class($provider));
178
179 $provider->doAuthentication($this->getStatus());
180
181 $this->logger->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
182
183 switch ($this->getStatus()->getStatus()) {
184 case ilAuthStatus::STATUS_AUTHENTICATED:
185 return $this->handleAuthenticationSuccess($provider);
186
187 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
188 $this->logger->notice("Account migration required.");
189 if ($provider instanceof ilAuthProviderAccountMigrationInterface) {
190 return $this->handleAccountMigration($provider);
191 }
192
193 $this->logger->error('Authentication migratittion required but provider does not support interface' . get_class($provider));
194 break;
195 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
196 default:
197 $this->logger->debug('Authentication failed against: ' . get_class($provider));
198 break;
199 }
200 }
201 return $this->handleAuthenticationFail();
202 }
ilAuthFrontend\resetStatus
resetStatus()
Reset status.
Definition: class.ilAuthFrontend.php:102
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:445
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Handle account migration.
Definition: class.ilAuthFrontend.php:208
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:86
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:229
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
$provider
$provider
Definition: ltitoken.php:83

References $provider, getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Check activation.

Definition at line 377 of file class.ilAuthFrontend.php.

377 : bool
378 {
379 return $user->getActive();
380 }

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( ilObjUser  $user)
protected

Definition at line 382 of file class.ilAuthFrontend.php.

382 : bool
383 {
384 if ($user->getId() === ANONYMOUS_USER_ID) {
385 return true;
386 }
387
388 $isInactive = !$user->getActive();
389 if (!$isInactive) {
390 return true;
391 }
392
393 $security = ilSecuritySettings::_getInstance();
394 $maxLoginAttempts = $security->getLoginMaxAttempts();
395
396 if (!$maxLoginAttempts) {
397 return true;
398 }
399
400 $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
401
402 return $numLoginAttempts < $maxLoginAttempts;
403 }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3497
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ANONYMOUS_USER_ID, ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Check ip.

Reimplemented in ilAuthFrontendCLI.

Definition at line 416 of file class.ilAuthFrontend.php.

416 : bool
417 {
418 $clientip = $user->getClientIP();
419 if (trim($clientip) !== "") {
420 $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
421 $clientip = str_replace([".", "?", "*", ","], ["\\.", "[0-9]", "[0-9]*", "|"], $clientip);
422
423 ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
424
425 if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
426 return false;
427 }
428 }
429 return true;
430 }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Check simultaneous logins.

Definition at line 435 of file class.ilAuthFrontend.php.

435 : bool
436 {
437 $this->logger->debug('Setting prevent simultaneous session is: ' . $this->settings->get('ps_prevent_simultaneous_logins'));
438 return !($this->settings->get('ps_prevent_simultaneous_logins') &&
439 ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId()));
440 }
ilObjUser\hasActiveSession
static hasActiveSession(int $a_user_id, string $a_session_id)
Definition: class.ilObjUser.php:1944

References ilObject\getId(), ilObjUser\hasActiveSession(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Check time limit.

Definition at line 408 of file class.ilAuthFrontend.php.

408 : bool
409 {
410 return $user->checkTimeLimit();
411 }

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Get auth session.

Definition at line 69 of file class.ilAuthFrontend.php.

69 : ilAuthSession
70 {
71 return $this->auth_session;
72 }
ilAuthFrontend\$auth_session
ilAuthSession $auth_session
Definition: class.ilAuthFrontend.php:41

References $auth_session.

Referenced by handleAuthenticationSuccess().

+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Get auth credentials.

Definition at line 77 of file class.ilAuthFrontend.php.

77 : ilAuthCredentials
78 {
79 return $this->credentials;
80 }
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:28

References $credentials.

Referenced by handleAuthenticationFail(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )

Get providers.

Returns
ilAuthProviderInterface[] $provider

Definition at line 86 of file class.ilAuthFrontend.php.

86 : array
87 {
88 return $this->providers;
89 }

References $providers.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )
Returns
\ilAuthStatus

Definition at line 94 of file class.ilAuthFrontend.php.

94 : ilAuthStatus
95 {
96 return $this->status;
97 }
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:28

References $status.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), migrateAccount(), migrateAccountNew(), and resetStatus().

+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Handle account migration.

Parameters
ilAuthProvider$provider

Definition at line 208 of file class.ilAuthFrontend.php.

208 : bool
209 {
210 $this->logger->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
211 $this->logger->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
212 $this->logger->debug('External account: ' . $provider->getExternalAccountName());
213
214 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
215 #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
216
217 ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
218 ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
219 ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
220
221 $this->logger->dump(ilSession::dumpToString(), ilLogLevel::DEBUG);
222
223 return true;
224 }
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:479
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

References $provider, ANONYMOUS_USER_ID, ilLogLevel\DEBUG, ilSession\dumpToString(), ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), ILIAS\Repository\logger(), and ilSession\set().

Referenced by authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Handle failed authenication.

Reimplemented in ilAuthFrontendHTTP.

Definition at line 445 of file class.ilAuthFrontend.php.

445 : bool
446 {
447 $this->logger->debug('Authentication failed for all authentication methods.');
448
449 $user_id = ilObjUser::_lookupId($this->getCredentials()->getUsername());
450 if (is_int($user_id) && $user_id !== ANONYMOUS_USER_ID) {
451 ilObjUser::_incrementLoginAttempts($user_id);
452 $login_attempts = ilObjUser::_getLoginAttempts($user_id);
453
454 $this->logger->notice('Increased login attempts for user: ' . $this->getCredentials()->getUsername());
455
456 $security = ilSecuritySettings::_getInstance();
457 $max_attempts = $security->getLoginMaxAttempts();
458
459 if ($max_attempts && $login_attempts >= $max_attempts) {
460 $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
461 $this->logger->warning('User account set to inactive due to exceeded login attempts.');
462 ilObjUser::_setUserInactive($user_id);
463 }
464 }
465 return false;
466 }
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:77
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3510
ilObjUser\_setUserInactive
static _setUserInactive(int $a_usr_id)
Definition: class.ilObjUser.php:3527

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), ANONYMOUS_USER_ID, getCredentials(), getStatus(), and ILIAS\Repository\logger().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Handle successful authentication.

Definition at line 229 of file class.ilAuthFrontend.php.

229 : bool
230 {
231 $user = ilObjectFactory::getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(), false);
232
233 // reset expired status
234 $this->getAuthSession()->setExpired(false);
235
236 if (!$user instanceof ilObjUser) {
237 $this->logger->error('Cannot instantiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
238 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
239 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
240 $this->getStatus()->setReason('auth_err_invalid_user_account');
241 return false;
242 }
243
244 if (!$this->checkExceededLoginAttempts($user)) {
245 $this->logger->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
246 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
247 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
248 $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
249 return false;
250 }
251
252 if (!$this->checkActivation($user)) {
253 $this->logger->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
254 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
255 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
256 $this->getStatus()->setReason('err_inactive');
257 return false;
258 }
259
260 // time limit
261 if (!$this->checkTimeLimit($user)) {
262 $this->logger->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
263
264 if ($this->settings->get('user_reactivate_code')) {
265 $this->logger->debug('Accout reactivation codes are active');
266 $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
267 } else {
268 $this->logger->debug('Accout reactivation codes are inactive');
269 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
270 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
271 }
272 $this->getStatus()->setReason('time_limit_reached');
273 return false;
274 }
275
276 // ip check
277 if (!$this->checkIp($user)) {
278 $this->logger->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
279 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
280 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
281
282 $this->getStatus()->setTranslatedReason(
283 sprintf(
284 $this->lng->txt('wrong_ip_detected'),
285 $_SERVER['REMOTE_ADDR']
286 )
287 );
288 return false;
289 }
290
291 // check simultaneos logins
292 $this->logger->debug('Check simutaneous login');
293 if (!$this->checkSimultaneousLogins($user)) {
294 $this->logger->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
295 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
296 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
297 $this->getStatus()->setReason('simultaneous_login_detected');
298 return false;
299 }
300
301 // check if profile is complete
302 if (
303 ilUserProfile::isProfileIncomplete($user) &&
304 ilAuthFactory::getContext() !== ilAuthFactory::CONTEXT_ECS &&
305 ilContext::getType() !== ilContext::CONTEXT_LTI_PROVIDER
306 ) {
307 ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
308 $user->setProfileIncomplete(true);
309 $user->update();
310 }
311
312 // redirects in case of error (session pool limit reached)
313 ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
314
315
316 // @todo move to event handling
317 ilOnlineTracking::addUser($user->getId());
318
319 // @todo move to event handling
320 ilObjForum::_updateOldAccess($user->getId());
321
322 $security_settings = ilSecuritySettings::_getInstance();
323
324 // determine first login of user for setting an indicator
325 // which still is available in PersonalDesktop, Repository, ...
326 // (last login date is set to current date in next step)
327 if (
328 $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
329 $user->getLastLogin() === ''
330 ) {
331 $user->resetLastPasswordChange();
332 }
333 $user->refreshLogin();
334
335 if ($user->getLoginAttempts() > 0) {
336 $user->setLoginAttempts(0);
337 $user->update();
338 }
339
340
341 $this->logger->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
342 $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
343
344 ilInitialisation::initUserAccount();
345
346 ilSession::set('orig_request_target', '');
347 $user->hasToAcceptTermsOfServiceInSession(true);
348
349
350 // --- anonymous/registered user
351 if (PHP_SAPI !== "cli") {
352 $this->logger->info(
353 'logged in as ' . $user->getLogin() .
354 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
355 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
356 );
357 } else {
358 $this->logger->info(
359 'logged in as ' . $user->getLogin() . ' from CLI'
360 );
361 }
362
363 // finally raise event
364 $this->ilAppEventHandler->raise(
365 'Services/Authentication',
366 'afterLogin',
367 array(
368 'username' => $user->getLogin())
369 );
370
371 return true;
372 }
ilAppEventHandler\raise
raise(string $a_component, string $a_event, array $a_parameter=[])
Raise an event.
Definition: class.ilAppEventHandler.php:102
ilAuthFactory\CONTEXT_ECS
const CONTEXT_ECS
Calendar authentication with auth token.
Definition: class.ilAuthFactory.php:64
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Check activation.
Definition: class.ilAuthFrontend.php:377
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Check ip.
Definition: class.ilAuthFrontend.php:416
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(ilObjUser $user)
Definition: class.ilAuthFrontend.php:382
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Check time limit.
Definition: class.ilAuthFrontend.php:408
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Check simultaneous logins.
Definition: class.ilAuthFrontend.php:435
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:69
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:37
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilContext\CONTEXT_LTI_PROVIDER
const CONTEXT_LTI_PROVIDER
Definition: class.ilContext.php:46
ilInitialisation\initUserAccount
static initUserAccount()
Init user with current account id.
Definition: class.ilInitialisation.php:932
ilObjForum\_updateOldAccess
static _updateOldAccess(int $a_usr_id)
Definition: class.ilObjForum.php:280
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:660
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilOnlineTracking\addUser
static addUser(int $a_user_id)
Definition: class.ilOnlineTracking.php:37
ilSessionControl\handleLoginEvent
static handleLoginEvent(string $a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:89
ilUserProfile\isProfileIncomplete
static isProfileIncomplete(ilObjUser $a_user, bool $a_include_udf=true, bool $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:857

References $_SERVER, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilObjForum\_updateOldAccess(), ilOnlineTracking\addUser(), ANONYMOUS_USER_ID, checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, ilContext\CONTEXT_LTI_PROVIDER, getAuthSession(), ilAuthFactory\getContext(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getStatus(), ilContext\getType(), ilSessionControl\handleLoginEvent(), ilInitialisation\initUserAccount(), ilUserProfile\isProfileIncomplete(), ILIAS\Repository\lng(), ILIAS\Repository\logger(), ilAppEventHandler\raise(), ilSession\set(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Migrate Account to existing user account.

Exceptions

InvalidArgumentException if current auth provider does not support account migration

Definition at line 113 of file class.ilAuthFrontend.php.

113 : bool
114 {
115 if (!$session->isAuthenticated()) {
116 $this->logger->warning('Desired user account is not authenticated');
117 return false;
118 }
119 $user = ilObjectFactory::getInstanceByObjId($session->getUserId(), false);
120
121 if (!$user instanceof ilObjUser) {
122 $this->logger->info('Cannot instantiate user account for account migration: ' . $session->getUserId());
123 return false;
124 }
125
126 $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
127
128 $this->logger->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
129
130 $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
131 $user->update();
132
133 foreach ($this->getProviders() as $provider) {
134 if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
135 $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
136 throw new InvalidArgumentException('Invalid auth provider given.');
137 }
138 $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
139 $provider->migrateAccount($this->getStatus());
140 if ($this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
141 return $this->handleAuthenticationSuccess($provider);
142 }
143 }
144 return $this->handleAuthenticationFail();
145 }
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:175
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459

References $provider, $session, ilSession\get(), getCredentials(), ilObjectFactory\getInstanceByObjId(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Create new user account.

Definition at line 150 of file class.ilAuthFrontend.php.

150 : bool
151 {
152 foreach ($this->providers as $provider) {
153 if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
154 $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
155 throw new InvalidArgumentException('Invalid auth provider given.');
156 }
157 $provider->createNewAccount($this->getStatus());
158
159 if ($provider instanceof ilAuthProviderInterface &&
160 $this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
161 return $this->handleAuthenticationSuccess($provider);
162 }
163 }
164 return $this->handleAuthenticationFail();
165 }
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:28

References $provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Reset status.

Definition at line 102 of file class.ilAuthFrontend.php.

102 : void
103 {
104 $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
105 $this->getStatus()->setReason('');
106 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
107 }

References ANONYMOUS_USER_ID, getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by authenticate(), and ilAuthFrontendHTTP\authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthSession ilAuthFrontend::$auth_session
private

Definition at line 41 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $authenticated

bool ilAuthFrontend::$authenticated = false
private

Definition at line 44 of file class.ilAuthFrontend.php.

◆ $credentials

ilAuthCredentials ilAuthFrontend::$credentials
private

Definition at line 37 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getCredentials().

◆ $ilAppEventHandler

ilAppEventHandler ilAuthFrontend::$ilAppEventHandler
private

Definition at line 42 of file class.ilAuthFrontend.php.

◆ $lng

ilLanguage ilAuthFrontend::$lng
private

Definition at line 35 of file class.ilAuthFrontend.php.

◆ $logger

ilLogger ilAuthFrontend::$logger
private

Definition at line 33 of file class.ilAuthFrontend.php.

◆ $providers

array ilAuthFrontend::$providers
private

Definition at line 40 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getProviders().

◆ $settings

ilSetting ilAuthFrontend::$settings
private

Definition at line 34 of file class.ilAuthFrontend.php.

◆ $status

ilAuthStatus ilAuthFrontend::$status
private

Definition at line 38 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getStatus().

◆ MIG_DESIRED_AUTHMODE

const ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 31 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 29 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 30 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: