Collaboration diagram for ilWebAccessChecker:

Public Member Functions
	__construct (Services $httpState, CookieFactory $cookieFactory)
	ilWebAccessChecker constructor. More...

	check ()

	initILIAS ()

	isChecked ()

	setChecked (bool $checked)

	getPathObject ()

	setPathObject (ilWACPath $path_object)

	getDisposition ()

	setDisposition (string $disposition)

	getOverrideMimetype ()

	setOverrideMimetype (string $override_mimetype)

	isInitialized ()

	setInitialized (bool $initialized)

	isSendStatusCode ()

	setSendStatusCode (bool $send_status_code)

	isRevalidateFolderTokens ()

	setRevalidateFolderTokens (bool $revalidate_folder_tokens)

	getAppliedCheckingMethods ()

	setAppliedCheckingMethods (array $applied_checking_methods)

Static Public Member Functions
static	isUseSeperateLogfile ()

static	setUseSeperateLogfile (bool $use_seperate_logfile)

Data Fields
const	DISPOSITION = 'disposition'

const	STATUS_CODE = 'status_code'

const	REVALIDATE = 'revalidate'

const	CM_FILE_TOKEN = 1

const	CM_FOLDER_TOKEN = 2

const	CM_CHECKINGINSTANCE = 3

const	CM_SECFOLDER = 4

Protected Member Functions
	sendHeader (string $message)

	checkPublicSection ()

	checkUser ()

	addAppliedCheckingMethod (int $method)

Protected Attributes
ilWACPath	$path_object = null

bool	$checked = false

string	$disposition = ilFileDelivery::DISP_INLINE

string	$override_mimetype = ''

bool	$send_status_code = false

bool	$initialized = false

bool	$revalidate_folder_tokens = true

array	$applied_checking_methods = []

Static Protected Attributes
static bool	$use_seperate_logfile = false

Private Attributes
Services	$http

CookieFactory	$cookieFactory

ilWACException	$ressource_not_found

Detailed Description

Class ilWebAccessChecker.

Author: Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Version: 1.0.0

Definition at line 30 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct	(	Services	$httpState,
		CookieFactory	$cookieFactory
	)

ilWebAccessChecker constructor.

Definition at line 59 of file class.ilWebAccessChecker.php.

    {
        try {
            $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
        } catch (ilWACException $e) {
            if ($e->getCode() !== ilWACException::NOT_FOUND) {
                throw $e;
            }
            $this->ressource_not_found = $e;
        }
 
        $this->http = $httpState;
        $this->cookieFactory = $cookieFactory;
    }

References $cookieFactory, Vendor\Package\$e, ILIAS\FileDelivery\http(), ilWACException\NOT_FOUND, ILIAS\HTTP\Services\request(), and setPathObject().

Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod ( int $method )

protected

Definition at line 336 of file class.ilWebAccessChecker.php.

                                                            : void
    {
        $this->applied_checking_methods[] = $method;
    }

Referenced by check().

Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )

Exceptions

ilWACException

Definition at line 77 of file class.ilWebAccessChecker.php.

                           : bool
    {
        if ($this->getPathObject() === null) {
            if ($this->ressource_not_found !== null) {
                throw new ilWACException(ilWACException::NOT_FOUND, '', $this->ressource_not_found);
            }
 
            throw new ilWACException(ilWACException::CODE_NO_PATH);
        }
 
        // Check if Path has been signed with a token
        $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
        if ($ilWACSignedPath->isSignedPath()) {
            $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
            if ($ilWACSignedPath->isSignedPathValid()) {
                $this->setChecked(true);
                $this->sendHeader('checked using token');
 
                return true;
            }
        }
 
        // Check if the whole secured folder has been signed
        if ($ilWACSignedPath->isFolderSigned()) {
            $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
            if ($ilWACSignedPath->isFolderTokenValid()) {
                if ($this->isRevalidateFolderTokens()) {
                    $ilWACSignedPath->revalidatingFolderToken();
                }
                $this->setChecked(true);
                $this->sendHeader('checked using secure folder');
 
                return true;
            }
        }
 
        // Fallback, have to initiate ILIAS
        $this->initILIAS();
 
        // Check if Path is within accepted paths
        if ($this->getPathObject()->getModuleType() !== 'rs') {
            $clean_path = $this->getPathObject()->getCleanURLdecodedPath();
            $path = realpath($clean_path);
            $data_dir = realpath(CLIENT_WEB_DIR);
            if (strpos($path, $data_dir) !== 0) {
                return false;
            }
            if (dirname($path) === $data_dir && is_file($path)) {
                return false;
            }
        }
 
        if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
            // Maybe the path has been registered, lets check
            $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
            $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
            $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
            if ($canBeDelivered) {
                $this->sendHeader('checked using fallback');
                if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
                    $ilWACSignedPath->revalidatingFolderToken();
                }
            }
            $this->setChecked(true);
            return $canBeDelivered;
        }
 
        // none of the checking mechanisms could have been applied. no access
        $this->setChecked(true);
        $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
        return !$this->getPathObject()->isInSecFolder();
    }

References $data_dir, $path, addAppliedCheckingMethod(), CLIENT_WEB_DIR, ilWACException\CODE_NO_PATH, getPathObject(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), isRevalidateFolderTokens(), ilWACException\NOT_FOUND, sendHeader(), and setChecked().

Here is the call graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )

protected

Exceptions

ilWACException

Definition at line 206 of file class.ilWebAccessChecker.php.

                                           : void
    {
        global $DIC;
        $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
        $is_null_user = ($DIC->user()->getId() === 0);
        $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
        $isset = isset($DIC['ilSetting']);
        $instanceof = $DIC['ilSetting'] instanceof ilSetting;
 
        if (!$isset || !$instanceof) {
            throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
        }
 
        if ($pub_section_activated && ($is_null_user || $is_anonymous)) {
            // Request is initiated from an enabled public area
            return;
        }
 
        if ($is_anonymous || $is_null_user) {
            throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
        }
    }

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, ANONYMOUS_USER_ID, and ILIAS\Repository\int().

Referenced by initILIAS().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )

protected

Definition at line 229 of file class.ilWebAccessChecker.php.

                                  : void
    {
        global $DIC;
 
        $is_user = $DIC->user() instanceof ilObjUser;
        $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
        if (!$is_user || $user_id_is_zero) {
            throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
        }
    }

References $DIC, ilWACException\ACCESS_DENIED_NO_LOGIN, and ILIAS\Repository\int().

Referenced by initILIAS().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )

Returns: int[]

Definition at line 323 of file class.ilWebAccessChecker.php.

                                               : array
    {
        return $this->applied_checking_methods;
    }

References $applied_checking_methods.

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )

Definition at line 260 of file class.ilWebAccessChecker.php.

                                    : string
    {
        return $this->disposition;
    }

References $disposition.

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )

Definition at line 270 of file class.ilWebAccessChecker.php.

                                         : string
    {
        return $this->override_mimetype;
    }

References $override_mimetype.

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

Definition at line 250 of file class.ilWebAccessChecker.php.

                                   : ?\ilWACPath
    {
        return $this->path_object;
    }

References $path_object.

Referenced by check(), and initILIAS().

Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )

Definition at line 156 of file class.ilWebAccessChecker.php.

                               : void
    {
        global $DIC;
 
        if ($this->isInitialized()) {
            return;
        }
 
        $GLOBALS['COOKIE_PATH'] = '/';
 
        $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
                                      ->withPath('/')
                                      ->withExpires(0);
 
        $response = $this->http->cookieJar()
                               ->with($cookie)
                               ->renderIntoResponseHeader($this->http->response());
 
        $this->http->saveResponse($response);
 
        ilContext::init(ilContext::CONTEXT_WAC);
        try {
            ilInitialisation::initILIAS();
            $this->checkUser();
            $this->checkPublicSection();
        } catch (Exception $e) {
            if ($e instanceof ilWACException
                && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
                throw  $e;
            }
            if (($e instanceof Exception && $e->getMessage() === 'Authentication failed.')
                || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
                $this->initAnonymousSession();
                $this->checkUser();
                $this->checkPublicSection();
            }
        }
        $this->setInitialized(true);
 
        // This workaround is needed because these issues:
        // https://mantis.ilias.de/view.php?id=32284 and
        // https://mantis.ilias.de/view.php?id=32063
        if ($DIC->user()->getId() === 0) {
            $DIC->user()->setId(ANONYMOUS_USER_ID);
        }
    }

References $DIC, Vendor\Package\$e, $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, ANONYMOUS_USER_ID, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )

Definition at line 240 of file class.ilWebAccessChecker.php.

                               : bool
    {
        return $this->checked;
    }

References $checked.

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )

Definition at line 280 of file class.ilWebAccessChecker.php.

                                   : bool
    {
        return $this->initialized;
    }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )

Definition at line 300 of file class.ilWebAccessChecker.php.

                                              : bool
    {
        return $this->revalidate_folder_tokens;
    }

References $revalidate_folder_tokens.

Referenced by check().

Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )

Definition at line 290 of file class.ilWebAccessChecker.php.

                                      : bool
    {
        return $this->send_status_code;
    }

References $send_status_code.

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )

static

Definition at line 310 of file class.ilWebAccessChecker.php.

                                                 : bool
    {
        return self::$use_seperate_logfile;
    }

References $use_seperate_logfile.

◆ sendHeader()

ilWebAccessChecker::sendHeader ( string $message )

protected

Definition at line 150 of file class.ilWebAccessChecker.php.

                                                  : void
    {
        $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
        $this->http->saveResponse($response);
    }

References $response, and ILIAS\FileDelivery\http().

Referenced by check().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array $applied_checking_methods )

Parameters

int[] $applied_checking_methods

Definition at line 331 of file class.ilWebAccessChecker.php.

                                                                              : void
    {
        $this->applied_checking_methods = $applied_checking_methods;
    }

References $applied_checking_methods.

◆ setChecked()

ilWebAccessChecker::setChecked ( bool $checked )

Definition at line 245 of file class.ilWebAccessChecker.php.

                                             : void
    {
        $this->checked = $checked;
    }

References $checked.

Referenced by check().

Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition ( string $disposition )

Definition at line 265 of file class.ilWebAccessChecker.php.

                                                       : void
    {
        $this->disposition = $disposition;
    }

References $disposition.

◆ setInitialized()

ilWebAccessChecker::setInitialized ( bool $initialized )

Definition at line 285 of file class.ilWebAccessChecker.php.

                                                     : void
    {
        $this->initialized = $initialized;
    }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype ( string $override_mimetype )

Definition at line 275 of file class.ilWebAccessChecker.php.

                                                                  : void
    {
        $this->override_mimetype = $override_mimetype;
    }

References $override_mimetype.

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath $path_object )

Definition at line 255 of file class.ilWebAccessChecker.php.

                                                         : void
    {
        $this->path_object = $path_object;
    }

References $path_object.

Referenced by __construct().

Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens ( bool $revalidate_folder_tokens )

Definition at line 305 of file class.ilWebAccessChecker.php.

                                                                             : void
    {
        $this->revalidate_folder_tokens = $revalidate_folder_tokens;
    }

References $revalidate_folder_tokens.

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode ( bool $send_status_code )

Definition at line 295 of file class.ilWebAccessChecker.php.

                                                             : void
    {
        $this->send_status_code = $send_status_code;
    }

References $send_status_code.

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile ( bool $use_seperate_logfile )

static

Definition at line 315 of file class.ilWebAccessChecker.php.

                                                                            : void
    {
        self::$use_seperate_logfile = $use_seperate_logfile;
    }

References $use_seperate_logfile.