ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1 <?php
2 
18 declare(strict_types=1);
19 
24 class ilAuthProviderSoap extends ilAuthProvider
25 {
26  protected string $server_host = '';
27  protected string $server_port = '';
28  protected string $server_uri = '';
29  protected bool $server_https = false;
30  protected string $server_nms = '';
31  protected bool $use_dot_net = false;
32  protected string $uri = '';
33  protected nusoap_client $client;
34  protected ilLogger $logger;
35  protected ilSetting $settings;
36  protected ilLanguage $language;
37  protected ilRbacAdmin $rbacAdmin;
38 
39  public function __construct(ilAuthCredentials $credentials)
40  {
41  global $DIC;
42 
43  $this->settings = $DIC->settings();
44  $this->logger = $DIC->logger()->auth();
45  $this->language = $DIC->language();
46  $this->rbacAdmin = $DIC->rbac()->admin();
47 
48  parent::__construct($credentials);
49  }
50 
51  private function initClient(): void
52  {
53  $this->server_host = (string) $this->settings->get('soap_auth_server', '');
54  $this->server_port = (string) $this->settings->get('soap_auth_port', '');
55  $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
56  $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
57  $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
58  $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
59 
60  $this->uri = $this->server_https ? 'https://' : 'http://';
61  $this->uri .= $this->server_host;
62 
63  if ($this->server_port > 0) {
64  $this->uri .= (':' . $this->server_port);
65  }
66  if ($this->server_uri) {
67  $this->uri .= ('/' . $this->server_uri);
68  }
69 
70  require_once './webservice/soap/lib/nusoap.php';
71  $this->client = new nusoap_client($this->uri);
72  }
73 
77  public function doAuthentication(ilAuthStatus $status): bool
78  {
79  try {
80  $this->initClient();
81  $this->handleSoapAuth($status);
82  } catch (Exception $e) {
83  $this->getLogger()->error($e->getMessage());
84  $status->setTranslatedReason($e->getMessage());
85  }
86 
87  if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
88  $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
89  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
90  ilSession::set('used_external_auth', true);
91 
92  return true;
93  }
94 
95  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
96 
97  return false;
98  }
99 
100  private function handleSoapAuth(ilAuthStatus $status): bool
101  {
102  $this->logger->debug(sprintf(
103  'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
104  $this->getCredentials()->getUsername(),
105  'soap'
106  ));
107  $this->logger->debug(sprintf(
108  'Trying to find ext_account "%s" for auth_mode "%s".',
109  $this->getCredentials()->getUsername(),
110  'soap'
111  ));
112 
113  $internalLogin = ilObjUser::_checkExternalAuthAccount(
114  'soap',
115  $this->getCredentials()->getUsername()
116  );
117 
118  $isNewUser = false;
119  if ('' === $internalLogin || null === $internalLogin) {
120  $isNewUser = true;
121  }
122 
123  $soapAction = '';
124  $nspref = '';
125  if ($this->use_dot_net) {
126  $soapAction = $this->server_nms . '/isValidSession';
127  $nspref = 'ns1:';
128  }
129 
130  $valid = $this->client->call(
131  'isValidSession',
132  [
133  $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
134  $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
135  $nspref . 'new_user' => $isNewUser
136  ],
137  $this->server_nms,
138  $soapAction
139  );
140 
141  if (!is_array($valid)) {
142  $valid = ['valid' => false];
143  }
144 
145  if ($valid['valid'] !== true) {
146  $valid['valid'] = false;
147  }
148 
149  if (!$valid['valid']) {
150  $status->setReason('err_wrong_login');
151  return false;
152  }
153 
154  if (!$isNewUser) {
155  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
156  return true;
157  }
158 
159  if (!$this->settings->get('soap_auth_create_users')) {
160  // Translate the reasons, otherwise the default failure is displayed
161  $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
162  return false;
163  }
164 
165  $userObj = new ilObjUser();
166  $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
167 
168  $usrData = [];
169  $usrData['firstname'] = $valid['firstname'];
170  $usrData['lastname'] = $valid['lastname'];
171  $usrData['email'] = $valid['email'];
172  $usrData['login'] = $internalLogin;
173  $usrData['passwd'] = '';
174  $usrData['passwd_type'] = ilObjUser::PASSWD_CRYPTED;
175 
176  $password = '';
177  if ($this->settings->get('soap_auth_allow_local')) {
178  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
179  $password = $passwords[0];
180  $usrData['passwd'] = $password;
181  $usrData['passwd_type'] = ilObjUser::PASSWD_PLAIN;
182  }
183 
184  $usrData['auth_mode'] = 'soap';
185  $usrData['ext_account'] = $this->getCredentials()->getUsername();
186  $usrData['profile_incomplete'] = 1;
187 
188  $userObj->assignData($usrData);
189  $userObj->setTitle($userObj->getFullname());
190  $userObj->setDescription($userObj->getEmail());
191  $userObj->setLanguage($this->language->getDefaultLanguage());
192 
193  $userObj->setTimeLimitOwner(USER_FOLDER_ID);
194  $userObj->setTimeLimitUnlimited(true);
195  $userObj->setTimeLimitFrom(time());
196  $userObj->setTimeLimitUntil(time());
197  $userObj->setOwner(0);
198  $userObj->create();
199  $userObj->setActive(true);
200  $userObj->updateOwner();
201  $userObj->saveAsNew();
202  $userObj->writePrefs();
203 
204  $this->rbacAdmin->assignUser(
205  (int) $this->settings->get('soap_auth_user_default_role', '4'),
206  $userObj->getId()
207  );
208 
209  if ($this->settings->get('soap_auth_account_mail', '0')) {
210  $registrationSettings = new ilRegistrationSettings();
211  $registrationSettings->setPasswordGenerationStatus(true);
212 
213  $accountMail = new ilAccountRegistrationMail(
214  $registrationSettings,
215  $this->language,
216  $this->logger
217  );
218  $accountMail
219  ->withDirectRegistrationMode()
220  ->send($userObj, $password, false);
221  }
222 
223  $status->setAuthenticatedUserId($userObj->getId());
224  return true;
225  }
226 }
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:370
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:27
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
$valid
$valid
Definition: dummy_client.php:57
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:100
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:29
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:39
ilAuthProviderSoap
Class ilAuthProviderSoap.
Definition: class.ilAuthProviderSoap.php:24
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:128
$DIC
global $DIC
Definition: feed.php:28
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:27
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7205
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:77
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:30
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:95
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:27
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451