ILIAS  release_8 Revision v8.24
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1<?php
2
18declare(strict_types=1);
19
24class ilAuthProviderSoap extends ilAuthProvider
25{
26 protected string $server_host = '';
27 protected string $server_port = '';
28 protected string $server_uri = '';
29 protected bool $server_https = false;
30 protected string $server_nms = '';
31 protected bool $use_dot_net = false;
32 protected string $uri = '';
33 protected nusoap_client $client;
34 protected ilLogger $logger;
35 protected ilSetting $settings;
36 protected ilLanguage $language;
37 protected ilRbacAdmin $rbacAdmin;
38
39 public function __construct(ilAuthCredentials $credentials)
40 {
41 global $DIC;
42
43 $this->settings = $DIC->settings();
44 $this->logger = $DIC->logger()->auth();
45 $this->language = $DIC->language();
46 $this->rbacAdmin = $DIC->rbac()->admin();
47
48 parent::__construct($credentials);
49 }
50
51 private function initClient(): void
52 {
53 $this->server_host = (string) $this->settings->get('soap_auth_server', '');
54 $this->server_port = (string) $this->settings->get('soap_auth_port', '');
55 $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
56 $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
57 $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
58 $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
59
60 $this->uri = $this->server_https ? 'https://' : 'http://';
61 $this->uri .= $this->server_host;
62
63 if ($this->server_port > 0) {
64 $this->uri .= (':' . $this->server_port);
65 }
66 if ($this->server_uri) {
67 $this->uri .= ('/' . $this->server_uri);
68 }
69
70 require_once './webservice/soap/lib/nusoap.php';
71 $this->client = new nusoap_client($this->uri);
72 }
73
77 public function doAuthentication(ilAuthStatus $status): bool
78 {
79 try {
80 $this->initClient();
81 $this->handleSoapAuth($status);
82 } catch (Exception $e) {
83 $this->getLogger()->error($e->getMessage());
84 $status->setTranslatedReason($e->getMessage());
85 }
86
87 if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
88 $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
89 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
90 ilSession::set('used_external_auth', true);
91
92 return true;
93 }
94
95 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
96
97 return false;
98 }
99
100 private function handleSoapAuth(ilAuthStatus $status): bool
101 {
102 $this->logger->debug(sprintf(
103 'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
104 $this->getCredentials()->getUsername(),
105 'soap'
106 ));
107 $this->logger->debug(sprintf(
108 'Trying to find ext_account "%s" for auth_mode "%s".',
109 $this->getCredentials()->getUsername(),
110 'soap'
111 ));
112
113 $internalLogin = ilObjUser::_checkExternalAuthAccount(
114 'soap',
115 $this->getCredentials()->getUsername()
116 );
117
118 $isNewUser = false;
119 if ('' === $internalLogin || null === $internalLogin) {
120 $isNewUser = true;
121 }
122
123 $soapAction = '';
124 $nspref = '';
125 if ($this->use_dot_net) {
126 $soapAction = $this->server_nms . '/isValidSession';
127 $nspref = 'ns1:';
128 }
129
130 $valid = $this->client->call(
131 'isValidSession',
132 [
133 $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
134 $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
135 $nspref . 'new_user' => $isNewUser
136 ],
137 $this->server_nms,
138 $soapAction
139 );
140
141 if (!is_array($valid)) {
142 $valid = ['valid' => false];
143 }
144
145 if ($valid['valid'] !== true) {
146 $valid['valid'] = false;
147 }
148
149 if (!$valid['valid']) {
150 $status->setReason('err_wrong_login');
151 return false;
152 }
153
154 if (!$isNewUser) {
155 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
156 return true;
157 }
158
159 if (!$this->settings->get('soap_auth_create_users')) {
160 // Translate the reasons, otherwise the default failure is displayed
161 $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
162 return false;
163 }
164
165 $userObj = new ilObjUser();
166 $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
167
168 $usrData = [];
169 $usrData['firstname'] = $valid['firstname'];
170 $usrData['lastname'] = $valid['lastname'];
171 $usrData['email'] = $valid['email'];
172 $usrData['login'] = $internalLogin;
173 $usrData['passwd'] = '';
174 $usrData['passwd_type'] = ilObjUser::PASSWD_CRYPTED;
175
176 $password = '';
177 if ($this->settings->get('soap_auth_allow_local')) {
178 $passwords = ilSecuritySettingsChecker::generatePasswords(1);
179 $password = $passwords[0];
180 $usrData['passwd'] = $password;
181 $usrData['passwd_type'] = ilObjUser::PASSWD_PLAIN;
182 }
183
184 $usrData['auth_mode'] = 'soap';
185 $usrData['ext_account'] = $this->getCredentials()->getUsername();
186 $usrData['profile_incomplete'] = 1;
187
188 $userObj->assignData($usrData);
189 $userObj->setTitle($userObj->getFullname());
190 $userObj->setDescription($userObj->getEmail());
191 $userObj->setLanguage($this->language->getDefaultLanguage());
192
193 $userObj->setTimeLimitOwner(USER_FOLDER_ID);
194 $userObj->setTimeLimitUnlimited(true);
195 $userObj->setTimeLimitFrom(time());
196 $userObj->setTimeLimitUntil(time());
197 $userObj->setOwner(0);
198 $userObj->create();
199 $userObj->setActive(true);
200 $userObj->updateOwner();
201 $userObj->saveAsNew();
202 $userObj->writePrefs();
203
204 $this->rbacAdmin->assignUser(
205 (int) $this->settings->get('soap_auth_user_default_role', '4'),
206 $userObj->getId()
207 );
208
209 if ($this->settings->get('soap_auth_account_mail', '0')) {
210 $registrationSettings = new ilRegistrationSettings();
211 $registrationSettings->setPasswordGenerationStatus(true);
212
213 $accountMail = new ilAccountRegistrationMail(
214 $registrationSettings,
215 $this->language,
216 $this->logger
217 );
218 $accountMail
219 ->withDirectRegistrationMode()
220 ->send($userObj, $password, false);
221 }
222
223 $status->setAuthenticatedUserId($userObj->getId());
224 return true;
225 }
226}
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:26
ilAuthProviderSoap
Class ilAuthProviderSoap.
Definition: class.ilAuthProviderSoap.php:25
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:100
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
@inheritDoc
Definition: class.ilAuthProviderSoap.php:77
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderSoap.php:39
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:28
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:28
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:95
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:370
ilLanguage
language handling
Definition: class.ilLanguage.php:44
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:30
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:29
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:31
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilSetting
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSetting.php:27
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7206
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
$valid
$valid
Definition: dummy_client.php:57
$DIC
global $DIC
Definition: feed.php:28
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:28
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:37