ILIAS  release_8 Revision v8.19-1-g4e8f2f9140c
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference
+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 
 getAuthSession ()
 Get auth session. More...
 
 getCredentials ()
 Get auth credentials. More...
 
 getProviders ()
 Get providers. More...
 
 getStatus ()
 
 resetStatus ()
 Reset status. More...
 
 migrateAccount (ilAuthSession $session)
 Migrate Account to existing user account. More...
 
 migrateAccountNew ()
 Create new user account. More...
 
 authenticate ()
 Try to authenticate user. More...
 

Data Fields

const MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 Handle account migration. More...
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 Handle successful authentication. More...
 
 checkActivation (ilObjUser $user)
 Check activation. More...
 
 checkExceededLoginAttempts (ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 Check time limit. More...
 
 checkIp (ilObjUser $user)
 Check ip. More...
 
 checkSimultaneousLogins (ilObjUser $user)
 Check simultaneous logins. More...
 
 handleAuthenticationFail ()
 Handle failed authenication. More...
 

Private Attributes

ilLogger $logger
 
ilSetting $settings
 
ilLanguage $lng
 
ilAuthCredentials $credentials
 
ilAuthStatus $status
 
array $providers
 
ilAuthSession $auth_session
 
ilAppEventHandler $ilAppEventHandler
 
bool $authenticated = false
 

Detailed Description

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 27 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)
Parameters
ilAuthSession$session
ilAuthStatus$status
ilAuthCredentials$credentials
ilAuthProvider[]$providers

Definition at line 52 of file class.ilAuthFrontend.php.

References $credentials, $DIC, $providers, $session, $status, ILIAS\Repository\lng(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

53  {
54  global $DIC;
55  $this->logger = $DIC->logger()->auth();
56  $this->settings = $DIC->settings();
57  $this->lng = $DIC->language();
58  $this->ilAppEventHandler = $DIC->event();
59 
60  $this->auth_session = $session;
61  $this->credentials = $credentials;
62  $this->status = $status;
63  $this->providers = $providers;
64  }
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
$session
$session
Definition: proxy_ylocal.php:32
$DIC
global $DIC
Definition: feed.php:28
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Try to authenticate user.

Definition at line 172 of file class.ilAuthFrontend.php.

References $provider, getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

172  : bool
173  {
174  foreach ($this->getProviders() as $provider) {
175  $this->resetStatus();
176 
177  $this->logger->debug('Trying authentication against: ' . get_class($provider));
178 
179  $provider->doAuthentication($this->getStatus());
180 
181  $this->logger->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
182 
183  switch ($this->getStatus()->getStatus()) {
184  case ilAuthStatus::STATUS_AUTHENTICATED:
185  return $this->handleAuthenticationSuccess($provider);
186 
187  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
188  $this->logger->notice("Account migration required.");
189  if ($provider instanceof ilAuthProviderAccountMigrationInterface) {
190  return $this->handleAccountMigration($provider);
191  }
192 
193  $this->logger->error('Authentication migratittion required but provider does not support interface' . get_class($provider));
194  break;
195  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
196  default:
197  $this->logger->debug('Authentication failed against: ' . get_class($provider));
198  break;
199  }
200  }
201  return $this->handleAuthenticationFail();
202  }
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:86
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:229
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Handle account migration.
Definition: class.ilAuthFrontend.php:208
ilAuthFrontend\resetStatus
resetStatus()
Reset status.
Definition: class.ilAuthFrontend.php:102
$provider
$provider
Definition: ltitoken.php:83
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:445
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Check activation.

Definition at line 377 of file class.ilAuthFrontend.php.

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

377  : bool
378  {
379  return $user->getActive();
380  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( ilObjUser  $user)
protected

Definition at line 382 of file class.ilAuthFrontend.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ANONYMOUS_USER_ID, ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

382  : bool
383  {
384  if ($user->getId() === ANONYMOUS_USER_ID) {
385  return true;
386  }
387 
388  $isInactive = !$user->getActive();
389  if (!$isInactive) {
390  return true;
391  }
392 
393  $security = ilSecuritySettings::_getInstance();
394  $maxLoginAttempts = $security->getLoginMaxAttempts();
395 
396  if (!$maxLoginAttempts) {
397  return true;
398  }
399 
400  $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
401 
402  return $numLoginAttempts < $maxLoginAttempts;
403  }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3497
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Check ip.

Definition at line 416 of file class.ilAuthFrontend.php.

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

416  : bool
417  {
418  $clientip = $user->getClientIP();
419  if (trim($clientip) !== "") {
420  $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
421  $clientip = str_replace([".", "?", "*", ","], ["\\.", "[0-9]", "[0-9]*", "|"], $clientip);
422 
423  ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
424 
425  if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
426  return false;
427  }
428  }
429  return true;
430  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Check simultaneous logins.

Definition at line 435 of file class.ilAuthFrontend.php.

References getAuthSession(), ilObject\getId(), ilObjUser\hasActiveSession(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Referenced by handleAuthenticationSuccess().

435  : bool
436  {
437  $this->logger->debug('Setting prevent simultaneous session is: ' . $this->settings->get('ps_prevent_simultaneous_logins'));
438  return !($this->settings->get('ps_prevent_simultaneous_logins') &&
439  ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId()));
440  }
ilObjUser\hasActiveSession
static hasActiveSession(int $a_user_id, string $a_session_id)
Definition: class.ilObjUser.php:1944
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:69
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Check time limit.

Definition at line 408 of file class.ilAuthFrontend.php.

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

408  : bool
409  {
410  return $user->checkTimeLimit();
411  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Get auth session.

Definition at line 69 of file class.ilAuthFrontend.php.

References $auth_session.

Referenced by checkSimultaneousLogins(), and handleAuthenticationSuccess().

69  : ilAuthSession
70  {
71  return $this->auth_session;
72  }
ilAuthFrontend\$auth_session
ilAuthSession $auth_session
Definition: class.ilAuthFrontend.php:41
+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Get auth credentials.

Definition at line 77 of file class.ilAuthFrontend.php.

References $credentials.

Referenced by handleAuthenticationFail(), and migrateAccount().

77  : ilAuthCredentials
78  {
79  return $this->credentials;
80  }
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:27
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:37
+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )

Get providers.

Returns
ilAuthProviderInterface[] $provider

Definition at line 86 of file class.ilAuthFrontend.php.

References $providers.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), and migrateAccount().

86  : array
87  {
88  return $this->providers;
89  }
+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )
Returns

Definition at line 94 of file class.ilAuthFrontend.php.

References $status.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), migrateAccount(), migrateAccountNew(), and resetStatus().

94  : ilAuthStatus
95  {
96  return $this->status;
97  }
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:27
+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Handle account migration.

Parameters
ilAuthProvider$provider

Definition at line 208 of file class.ilAuthFrontend.php.

References ANONYMOUS_USER_ID, ilLogLevel\DEBUG, ilSession\dumpToString(), ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), ILIAS\Repository\logger(), and ilSession\set().

Referenced by authenticate().

208  : bool
209  {
210  $this->logger->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
211  $this->logger->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
212  $this->logger->debug('External account: ' . $provider->getExternalAccountName());
213 
214  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
215  #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
216 
217  ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
218  ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
219  ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
220 
221  $this->logger->dump(ilSession::dumpToString(), ilLogLevel::DEBUG);
222 
223  return true;
224  }
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:479
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth...
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Handle failed authenication.

Definition at line 445 of file class.ilAuthFrontend.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), ANONYMOUS_USER_ID, getCredentials(), getStatus(), and ILIAS\Repository\logger().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

445  : bool
446  {
447  $this->logger->debug('Authentication failed for all authentication methods.');
448 
449  $user_id = ilObjUser::_lookupId($this->getCredentials()->getUsername());
450  if (is_int($user_id) && $user_id !== ANONYMOUS_USER_ID) {
451  ilObjUser::_incrementLoginAttempts($user_id);
452  $login_attempts = ilObjUser::_getLoginAttempts($user_id);
453 
454  $this->logger->notice('Increased login attempts for user: ' . $this->getCredentials()->getUsername());
455 
456  $security = ilSecuritySettings::_getInstance();
457  $max_attempts = $security->getLoginMaxAttempts();
458 
459  if ($max_attempts && $login_attempts >= $max_attempts) {
460  $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
461  $this->logger->warning('User account set to inactive due to exceeded login attempts.');
462  ilObjUser::_setUserInactive($user_id);
463  }
464  }
465  return false;
466  }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3497
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:77
ilObjUser\_setUserInactive
static _setUserInactive(int $a_usr_id)
Definition: class.ilObjUser.php:3527
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3510
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Handle successful authentication.

Definition at line 229 of file class.ilAuthFrontend.php.

References $_SERVER, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilObjForum\_updateOldAccess(), ilOnlineTracking\addUser(), ANONYMOUS_USER_ID, checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, ilContext\CONTEXT_LTI_PROVIDER, getAuthSession(), ilAuthFactory\getContext(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getStatus(), ilContext\getType(), ilSessionControl\handleLoginEvent(), ilInitialisation\initUserAccount(), ilUserProfile\isProfileIncomplete(), ILIAS\Repository\lng(), ILIAS\Repository\logger(), ilAppEventHandler\raise(), ilSession\set(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), migrateAccount(), and migrateAccountNew().

229  : bool
230  {
231  $user = ilObjectFactory::getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(), false);
232 
233  // reset expired status
234  $this->getAuthSession()->setExpired(false);
235 
236  if (!$user instanceof ilObjUser) {
237  $this->logger->error('Cannot instantiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
238  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
239  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
240  $this->getStatus()->setReason('auth_err_invalid_user_account');
241  return false;
242  }
243 
244  if (!$this->checkExceededLoginAttempts($user)) {
245  $this->logger->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
246  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
247  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
248  $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
249  return false;
250  }
251 
252  if (!$this->checkActivation($user)) {
253  $this->logger->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
254  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
255  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
256  $this->getStatus()->setReason('err_inactive');
257  return false;
258  }
259 
260  // time limit
261  if (!$this->checkTimeLimit($user)) {
262  $this->logger->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
263 
264  if ($this->settings->get('user_reactivate_code')) {
265  $this->logger->debug('Accout reactivation codes are active');
266  $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
267  } else {
268  $this->logger->debug('Accout reactivation codes are inactive');
269  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
270  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
271  }
272  $this->getStatus()->setReason('time_limit_reached');
273  return false;
274  }
275 
276  // ip check
277  if (!$this->checkIp($user)) {
278  $this->logger->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
279  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
280  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
281 
282  $this->getStatus()->setTranslatedReason(
283  sprintf(
284  $this->lng->txt('wrong_ip_detected'),
285  $_SERVER['REMOTE_ADDR']
286  )
287  );
288  return false;
289  }
290 
291  // check simultaneos logins
292  $this->logger->debug('Check simutaneous login');
293  if (!$this->checkSimultaneousLogins($user)) {
294  $this->logger->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
295  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
296  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
297  $this->getStatus()->setReason('simultaneous_login_detected');
298  return false;
299  }
300 
301  // check if profile is complete
302  if (
303  ilUserProfile::isProfileIncomplete($user) &&
304  ilAuthFactory::getContext() !== ilAuthFactory::CONTEXT_ECS &&
305  ilContext::getType() !== ilContext::CONTEXT_LTI_PROVIDER
306  ) {
307  ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
308  $user->setProfileIncomplete(true);
309  $user->update();
310  }
311 
312  // redirects in case of error (session pool limit reached)
313  ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
314 
315 
316  // @todo move to event handling
317  ilOnlineTracking::addUser($user->getId());
318 
319  // @todo move to event handling
320  ilObjForum::_updateOldAccess($user->getId());
321 
322  $security_settings = ilSecuritySettings::_getInstance();
323 
324  // determine first login of user for setting an indicator
325  // which still is available in PersonalDesktop, Repository, ...
326  // (last login date is set to current date in next step)
327  if (
328  $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
329  $user->getLastLogin() === ''
330  ) {
331  $user->resetLastPasswordChange();
332  }
333  $user->refreshLogin();
334 
335  if ($user->getLoginAttempts() > 0) {
336  $user->setLoginAttempts(0);
337  $user->update();
338  }
339 
340 
341  $this->logger->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
342  $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
343 
344  ilInitialisation::initUserAccount();
345 
346  ilSession::set('orig_request_target', '');
347  $user->hasToAcceptTermsOfServiceInSession(true);
348 
349 
350  // --- anonymous/registered user
351  if (PHP_SAPI !== "cli") {
352  $this->logger->info(
353  'logged in as ' . $user->getLogin() .
354  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
355  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
356  );
357  } else {
358  $this->logger->info(
359  'logged in as ' . $user->getLogin() . ' from CLI'
360  );
361  }
362 
363  // finally raise event
364  $this->ilAppEventHandler->raise(
365  'Services/Authentication',
366  'afterLogin',
367  array(
368  'username' => $user->getLogin())
369  );
370 
371  return true;
372  }
ilUserProfile\isProfileIncomplete
static isProfileIncomplete(ilObjUser $a_user, bool $a_include_udf=true, bool $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:857
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Check ip.
Definition: class.ilAuthFrontend.php:416
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Check simultaneous logins.
Definition: class.ilAuthFrontend.php:435
ilContext\CONTEXT_LTI_PROVIDER
const CONTEXT_LTI_PROVIDER
Definition: class.ilContext.php:46
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(ilObjUser $user)
Definition: class.ilAuthFrontend.php:382
ilOnlineTracking\addUser
static addUser(int $a_user_id)
Definition: class.ilOnlineTracking.php:37
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Check time limit.
Definition: class.ilAuthFrontend.php:408
ilObjForum\_updateOldAccess
static _updateOldAccess(int $a_usr_id)
Definition: class.ilObjForum.php:280
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Check activation.
Definition: class.ilAuthFrontend.php:377
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilAuthFactory\CONTEXT_ECS
const CONTEXT_ECS
Calendar authentication with auth token.
Definition: class.ilAuthFactory.php:64
ilSessionControl\handleLoginEvent
static handleLoginEvent(string $a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:89
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:37
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilInitialisation\initUserAccount
static initUserAccount()
Init user with current account id.
Definition: class.ilInitialisation.php:932
ilAuthFrontend\getAuthSession
getAuthSession()
Get auth session.
Definition: class.ilAuthFrontend.php:69
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilAppEventHandler\raise
raise(string $a_component, string $a_event, array $a_parameter=[])
Raise an event.
Definition: class.ilAppEventHandler.php:102
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:660
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Migrate Account to existing user account.

Exceptions

Definition at line 113 of file class.ilAuthFrontend.php.

References $provider, ilSession\get(), getCredentials(), ilObjectFactory\getInstanceByObjId(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ilAuthSession\isAuthenticated(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

113  : bool
114  {
115  if (!$session->isAuthenticated()) {
116  $this->logger->warning('Desired user account is not authenticated');
117  return false;
118  }
119  $user = ilObjectFactory::getInstanceByObjId($session->getUserId(), false);
120 
121  if (!$user instanceof ilObjUser) {
122  $this->logger->info('Cannot instantiate user account for account migration: ' . $session->getUserId());
123  return false;
124  }
125 
126  $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
127 
128  $this->logger->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
129 
130  $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
131  $user->update();
132 
133  foreach ($this->getProviders() as $provider) {
134  if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
135  $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
136  throw new InvalidArgumentException('Invalid auth provider given.');
137  }
138  $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
139  $provider->migrateAccount($this->getStatus());
140  if ($this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
141  return $this->handleAuthenticationSuccess($provider);
142  }
143  }
144  return $this->handleAuthenticationFail();
145  }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459
ilAuthFrontend\getProviders
getProviders()
Get providers.
Definition: class.ilAuthFrontend.php:86
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:229
ilAuthSession\isAuthenticated
isAuthenticated()
Check if session is authenticated.
Definition: class.ilAuthSession.php:127
ilAuthFrontend\getCredentials
getCredentials()
Get auth credentials.
Definition: class.ilAuthFrontend.php:77
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:175
$provider
$provider
Definition: ltitoken.php:83
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:445
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Create new user account.

Definition at line 150 of file class.ilAuthFrontend.php.

References $provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

150  : bool
151  {
152  foreach ($this->providers as $provider) {
153  if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
154  $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
155  throw new InvalidArgumentException('Invalid auth provider given.');
156  }
157  $provider->createNewAccount($this->getStatus());
158 
159  if ($provider instanceof ilAuthProviderInterface &&
160  $this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
161  return $this->handleAuthenticationSuccess($provider);
162  }
163  }
164  return $this->handleAuthenticationFail();
165  }
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Handle successful authentication.
Definition: class.ilAuthFrontend.php:229
$provider
$provider
Definition: ltitoken.php:83
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:27
ilAuthFrontend\handleAuthenticationFail
handleAuthenticationFail()
Handle failed authenication.
Definition: class.ilAuthFrontend.php:445
+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Reset status.

Definition at line 102 of file class.ilAuthFrontend.php.

References ANONYMOUS_USER_ID, getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by ilAuthFrontendHTTP\authenticate(), and authenticate().

102  : void
103  {
104  $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
105  $this->getStatus()->setReason('');
106  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
107  }
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthSession ilAuthFrontend::$auth_session
private

Definition at line 41 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $authenticated

bool ilAuthFrontend::$authenticated = false
private

Definition at line 44 of file class.ilAuthFrontend.php.

◆ $credentials

ilAuthCredentials ilAuthFrontend::$credentials
private

Definition at line 37 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getCredentials().

◆ $ilAppEventHandler

ilAppEventHandler ilAuthFrontend::$ilAppEventHandler
private

Definition at line 42 of file class.ilAuthFrontend.php.

◆ $lng

ilLanguage ilAuthFrontend::$lng
private

Definition at line 35 of file class.ilAuthFrontend.php.

◆ $logger

ilLogger ilAuthFrontend::$logger
private

Definition at line 33 of file class.ilAuthFrontend.php.

◆ $providers

array ilAuthFrontend::$providers
private

Definition at line 40 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getProviders().

◆ $settings

ilSetting ilAuthFrontend::$settings
private

Definition at line 34 of file class.ilAuthFrontend.php.

◆ $status

ilAuthStatus ilAuthFrontend::$status
private

Definition at line 38 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getStatus().

◆ MIG_DESIRED_AUTHMODE

const ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 31 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 29 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 30 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: