ilAuthProviderLTI Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

Inheritance diagram for ilAuthProviderLTI:

Collaboration diagram for ilAuthProviderLTI:

Static Public Member Functions
static	getAuthModeByKey (string $a_auth_key)
	Get auth mode by key. More...
static	getKeyByAuthMode (string $a_auth_mode)
	Get auth id by auth mode. More...
static	getActiveAuthModes ()
	get all active authmode server ids More...
static	getAuthModes ()
static	lookupConsumer (int $a_sid)
	Lookup consumer title. More...
static	getServerIdByAuthMode (string $a_auth_mode)
	Get auth id by auth mode. More...
static	isAuthModeLTI (string $a_auth_mode)
	Check if user auth mode is LTI. More...

Data Fields
const	AUTH_MODE_PREFIX = 'lti'

Protected Member Functions
	findAuthKeyId (string $a_oauth_consumer_key)
	find consumer key id More...
	findAuthPrefix (int $a_lti_id)
	find lti id More...
	findGlobalRole (int $a_lti_id)
	find global role of consumer More...
	findUserId (string $a_oauth_user, string $a_oauth_id, string $a_user_prefix)
	Find user by auth mode and lti id. More...
	updateUser (int $a_local_user_id, ilLTIPlatform $consumer)
	update existing user @access protected More...
	createUser (ilLTIPlatform $consumer)
	create new user @access protected More...
	handleLocalRoleAssignments (int $user_id, ilLTIPlatform $consumer)
Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
	Handle failed authentication. More...

Private Attributes
ilLTIDataConnector	$dataConnector = null
string	$lti_context_id = ""
int	$ref_id = 0
ilLTITool	$provider = null
array	$messageParameters = null

Additional Inherited Members
Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...
	getLogger ()
	Get logger. More...
	getCredentials ()
Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning OAuth based lti authentication

Author

Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de

Stefan Schneider

Definition at line 27 of file class.ilAuthProviderLTI.php.

Member Function Documentation

createUser()

ilAuthProviderLTI::createUser ( ilLTIPlatform  $consumer )

protected

create new user @access protected

Parameters

ilLTIPlatform

$consumer

Returns

int

Exceptions

ilPasswordException
ilUserException

Definition at line 418 of file class.ilAuthProviderLTI.php.

                                                          : int
    {
        global $ilClientIniFile, $DIC;
        //        if (empty($this->messageParameters)) {
        //            $status->setReason('empty_lti_message_parameters');
        //            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
        //            return false;
        //        }
        $userObj = new ilObjUser();
        $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
 
        $newUser["login"] = $local_user;
        if(isset($this->messageParameters['lis_person_name_given'])) {
            $newUser["firstname"] = $this->messageParameters['lis_person_name_given'];
        } else {
            $newUser["firstname"] = '-';
        }
        if(isset($this->messageParameters['lis_person_name_family'])) {
            $newUser["lastname"] = $this->messageParameters['lis_person_name_family'];
        } else {
            $newUser["lastname"] = '-';
        }
        $newUser['email'] = $this->messageParameters['lis_person_contact_email_primary'];
 
        // set "plain md5" password (= no valid password)
        //        $newUser["passwd"] = "";
        $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
 
        $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
        $newUser['ext_account'] = $this->getCredentials()->getUsername();
        $newUser["profile_incomplete"] = 0;
 
        // ILIAS 8
        //check
        $newUser["gender"] = 'n';
        $newUser["title"] = null;
        $newUser["birthday"] = null;
        $newUser["institution"] = null;
        $newUser["department"] = null;
        $newUser["street"] = null;
        $newUser["city"] = null;
        $newUser["zipcode"] = null;
        $newUser["country"] = null;
        $newUser["sel_country"] = null;
        $newUser["phone_office"] = null;
        $newUser["phone_home"] = null;
        $newUser["phone_mobile"] = null;
        $newUser["fax"] = null;
        $newUser["matriculation"] = null;
        $newUser["second_email"] = null;
        $newUser["hobby"] = null;
        $newUser["client_ip"] = null;
        $newUser["passwd_salt"] = null;//$newUser->getPasswordSalt();
        $newUser["latitude"] = null;
        $newUser["longitude"] = null;
        $newUser["loc_zoom"] = null;
        $newUser["last_login"] = null;
        $newUser["first_login"] = null;
        $newUser["last_profile_prompt"] = null;
        $newUser["last_update"] = ilUtil::now();
        $newUser["create_date"] = ilUtil::now();
        $newUser["referral_comment"] = null;
        $newUser["approve_date"] = null;
        $newUser["agree_date"] = null;
        $newUser["inactivation_date"] = null;
        $newUser["time_limit_from"] = null;
        $newUser["time_limit_until"] = null;
        $newUser["is_self_registered"] = null;
        //end to check
 
        $newUser["passwd_enc_type"] = "";
        $newUser["active"] = true;
        $newUser["time_limit_owner"] = 7;
        $newUser["time_limit_unlimited"] = 0;
        $newUser["time_limit_message"] = 0;
        $newUser["passwd"] = " ";
        //        $newUser["last_update"]
 
        // system data
        $userObj->assignData($newUser);
        $userObj->setTitle($userObj->getFullname());
        $userObj->setDescription($userObj->getEmail());
 
        // set user language
        $userObj->setLanguage($consumer->getLanguage());
 
        // Time limit
        $userObj->setTimeLimitOwner(7);
        $userObj->setTimeLimitUnlimited(false);
        $userObj->setTimeLimitFrom(time() - 5);
        //        todo ?
        $userObj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
 
        // Create user in DB
        $userObj->setOwner(6);
        $userObj->create();
        $userObj->setActive(true);
        //        $userObj->updateOwner();
        $userObj->setLastPasswordChangeTS(time());
        $userObj->saveAsNew();
        $userObj->writePrefs();
 
        $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
 
        $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
        return $userObj->getId();
    }

References $DIC, $GLOBALS, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIPlatform\getExtConsumerId(), ilLTIPlatform\getLanguage(), ilAuthProvider\getLogger(), ilLTIPlatform\getPrefix(), ilLTIPlatform\getRole(), ilUtil\now(), and ilObjUser\PASSWD_CRYPTED.

Here is the call graph for this function:

findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId ( string  $a_oauth_consumer_key )

protected

find consumer key id

Parameters

string

$a_oauth_consumer_key

Returns

int

Definition at line 147 of file class.ilAuthProviderLTI.php.

                                                                  : int
    {
        global $ilDB;
 
        $query = 'SELECT consumer_pk from lti2_consumer where consumer_key = ' . $ilDB->quote(
            $a_oauth_consumer_key,
            'text'
        );
        // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
 
        $lti_id = 0;
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $lti_id = $row->consumer_pk;
            // $lti_id = $row->id;
        }
        $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
        return $lti_id;
    }

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

Here is the call graph for this function:

findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix ( int  $a_lti_id )

protected

find lti id

Parameters

int

$a_lti_id

Returns

string

Definition at line 173 of file class.ilAuthProviderLTI.php.

                                                    : string
    {
        global $ilDB;
 
        $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
 
        // $prefix = 'lti'.$a_lti_id.'_';
        $prefix = '';
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $prefix = $row->prefix;
        }
        $this->getLogger()->debug('LTI prefix: ' . $prefix);
        return $prefix;
    }

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

Here is the call graph for this function:

findGlobalRole()

ilAuthProviderLTI::findGlobalRole ( int  $a_lti_id )

protected

find global role of consumer

Parameters

int

$a_lti_id

Returns

int|null

Definition at line 195 of file class.ilAuthProviderLTI.php.

                                                    : ?int
    {
        global $ilDB;
 
        $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
        $this->getLogger()->debug($query);
        $res = $ilDB->query($query);
 
        $role = null;
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $role = (int) $row->role;
        }
        $this->getLogger()->debug('LTI role: ' . $role);
        return $role;
    }

References $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, ilAuthProvider\getLogger(), and ILIAS\Repository\int().

Here is the call graph for this function:

findUserId()

ilAuthProviderLTI::findUserId ( string  $a_oauth_user, string  $a_oauth_id, string  $a_user_prefix  )

protected

Find user by auth mode and lti id.

Parameters

string	$a_oauth_user
string	$a_oauth_id
string	$a_user_prefix

Returns

int

Definition at line 350 of file class.ilAuthProviderLTI.php.

                                                                                                  : int
    {
        $user_name = ilObjUser::_checkExternalAuthAccount(
            self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
            $a_oauth_user
        );
        $user_id = 0;
        if ($user_name) {
            $user_id = ilObjUser::_lookupId($user_name);
        }
        $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
        return $user_id;
    }

References ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

Here is the call graph for this function:

getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )

static

get all active authmode server ids

Returns

array

Definition at line 68 of file class.ilAuthProviderLTI.php.

                                               : array
    {
        global $ilDB;
 
        // move to connector
        $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
        $res = $ilDB->query($query);
 
        $sids = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $sids[] = $row->consumer_pk;
        }
        return $sids;
    }

References $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

Here is the caller graph for this function:

getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey ( string  $a_auth_key )

static

Get auth mode by key.

Parameters

string

$a_auth_mode

Returns

string auth_mode

Definition at line 41 of file class.ilAuthProviderLTI.php.

                                                               : string
    {
        $auth_arr = explode('_', $a_auth_key);
        if (count($auth_arr) > 1) {
            return 'lti_' . $auth_arr[1];
        }
        return 'lti';
    }

Referenced by ilAuthUtils\_getAuthModeName().

Here is the caller graph for this function:

getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )

static

Returns

array

Definition at line 86 of file class.ilAuthProviderLTI.php.

                                         : array
    {
        global $ilDB;
 
        // move to connector
        $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
        $res = $ilDB->query($query);
 
        $sids = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $sids[] = $row->consumer_pk;
        }
        return $sids;
    }

References $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

Here is the caller graph for this function:

getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode ( string  $a_auth_mode )

static

Get auth id by auth mode.

Parameters

string

$a_auth_mode

Returns

int|string auth_mode

Definition at line 55 of file class.ilAuthProviderLTI.php.

    {
        $auth_arr = explode('_', $a_auth_mode);
        if (count($auth_arr) > 1) {
            return ilAuthUtils::AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
        }
        return ilAuthUtils::AUTH_PROVIDER_LTI;
    }

References ilAuthUtils\AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

Here is the caller graph for this function:

getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode ( string  $a_auth_mode )

static

Get auth id by auth mode.

Parameters

string

$a_auth_mode

Returns

int|null

Definition at line 118 of file class.ilAuthProviderLTI.php.

                                                                     : ?int
    {
        if (self::isAuthModeLTI($a_auth_mode)) {
            $auth_arr = explode('_', $a_auth_mode);
            return (int) $auth_arr[1];
        }
        return null;
    }

Referenced by ilAuthUtils\getAuthModeTranslation().

Here is the caller graph for this function:

handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments ( int  $user_id, ilLTIPlatform  $consumer  )

protected

Definition at line 526 of file class.ilAuthProviderLTI.php.

                                                                                        : bool
    {
        global $DIC;
        //        if (empty($this->messageParameters)) {
        //            $status->setReason('empty_lti_message_parameters');
        //            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
        //            return false;
        //        }
        //$target_ref_id = $_SESSION['lti_current_context_id'];
        $target_ref_id = $this->ref_id;
        $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
        if (!$target_ref_id) {
            $this->getLogger()->warning('No target id given');
            return false;
        }
 
        $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
 
        // @todo read from lti data
        //$roles = $DIC->http()->wrapper()->post()->retrieve('roles', $DIC->refinery()->kindlyTo()->string());
        $roles = $this->messageParameters['roles'];
 
        if (!strlen($roles)) {
            $this->getLogger()->warning('No role information given');
            return false;
        }
        $role_arr = explode(',', $roles);
        foreach ($role_arr as $role_name) {
            $role_name = trim($role_name);
            $role_name = str_replace('http://purl.imsglobal.org/vocab/lis/v2/membership#', '', $role_name);
            switch ($role_name) {
                case 'Administrator':
                    $this->getLogger()->info('Administrator role handling');
                    if ($obj_settings->getAdminRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getAdminRole(),
                            $user_id
                        );
                    }
                    break;
 
                case 'Instructor':
                case 'Mentor':
                case 'TeachingAssistant':
                    $this->getLogger()->info('Instructor role handling');
                    $this->getLogger()->info('Tutor role for request: ' . $obj_settings->getTutorRole());
                    if ($obj_settings->getTutorRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getTutorRole(),
                            $user_id
                        );
                    }
                    break;
 
                case 'Member':
                case 'Learner':
                    $this->getLogger()->info('Member role handling');
                    if ($obj_settings->getMemberRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getMemberRole(),
                            $user_id
                        );
                    }
                    break;
                default: // ToDo: correct parsing of lti1.3 roles
                    $this->getLogger()->info('default role handling');
                    if ($obj_settings->getMemberRole()) {
                        $GLOBALS['DIC']->rbac()->admin()->assignUser(
                            $obj_settings->getMemberRole(),
                            $user_id
                        );
                    }
            }
        }
        return true;
    }

References $DIC, $GLOBALS, $ref_id, ilAuthProvider\$user_id, ilLTIPlatform\getExtConsumerId(), and ilAuthProvider\getLogger().

Here is the call graph for this function:

isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI ( string  $a_auth_mode )

static

Check if user auth mode is LTI.

Parameters

string

$a_auth_mode

Returns

bool

Definition at line 132 of file class.ilAuthProviderLTI.php.

                                                             : bool
    {
        if (!$a_auth_mode) {
            ilLoggerFactory::getLogger('ltis')->warning('No auth mode given.');
            return false;
        }
        $auth_arr = explode('_', $a_auth_mode);
        return ($auth_arr[0] == ilAuthUtils::AUTH_PROVIDER_LTI) and $auth_arr[1];
    }

References ilAuthUtils\AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

Here is the call graph for this function:

lookupConsumer()

static ilAuthProviderLTI::lookupConsumer ( int  $a_sid )

static

Lookup consumer title.

Parameters

int

$a_sid

Returns

string

Definition at line 106 of file class.ilAuthProviderLTI.php.

                                                     : string
    {
        $connector = new ilLTIDataConnector();
        $consumer = ilLTIPlatform::fromRecordId($a_sid, $connector);
        return $consumer->getTitle();
    }

References ilLTIPlatform\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

Here is the call graph for this function:

Here is the caller graph for this function:

updateUser()

ilAuthProviderLTI::updateUser ( int  $a_local_user_id, ilLTIPlatform  $consumer  )

protected

update existing user @access protected

Parameters

int	$a_local_user_id
ilLTIPlatform	$consumer

Returns

int

Definition at line 371 of file class.ilAuthProviderLTI.php.

                                                                                : int
    {
        global $ilClientIniFile, $DIC;
        //        if (empty($this->messageParameters)) {
        //            $status->setReason('empty_lti_message_parameters');
        //            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
        //            return false;
        //        }
        $user_obj = new ilObjUser($a_local_user_id);
        if (isset($this->messageParameters['lis_person_name_given'])) {
            $user_obj->setFirstname($this->messageParameters['lis_person_name_given']);
        } else {
            $user_obj->setFirstname('-');
        }
        if (isset($this->messageParameters['lis_person_name_family'])) {
            $user_obj->setLastname($this->messageParameters['lis_person_name_family']);
        } else {
            $user_obj->setLastname('-');
        }
        $user_obj->setEmail($this->messageParameters['lis_person_contact_email_primary']);
 
        $user_obj->setActive(true);
 
        $until = $user_obj->getTimeLimitUntil();
 
        if ($until < (time() + (int) $ilClientIniFile->readVariable('session', 'expire'))) {
            $user_obj->setTimeLimitFrom(time() - 60);
            $user_obj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
        }
        $user_obj->update();
        $user_obj->refreshLogin();
 
        $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
        $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
 
        $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
        return $user_obj->getId();
    }

References $DIC, $GLOBALS, ilAuthProvider\getLogger(), and ilLTIPlatform\getRole().

Here is the call graph for this function:

Field Documentation

$dataConnector

ilLTIDataConnector ilAuthProviderLTI::$dataConnector = null

private

Definition at line 30 of file class.ilAuthProviderLTI.php.

$lti_context_id

string ilAuthProviderLTI::$lti_context_id = ""

private

Definition at line 31 of file class.ilAuthProviderLTI.php.

$messageParameters

array ilAuthProviderLTI::$messageParameters = null

private

Definition at line 34 of file class.ilAuthProviderLTI.php.

$provider

ilLTITool ilAuthProviderLTI::$provider = null

private

Definition at line 33 of file class.ilAuthProviderLTI.php.

$ref_id

int ilAuthProviderLTI::$ref_id = 0

private

Definition at line 32 of file class.ilAuthProviderLTI.php.

Referenced by handleLocalRoleAssignments().

AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 29 of file class.ilAuthProviderLTI.php.

---

The documentation for this class was generated from the following file:

• Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php