ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthProviderApache Class Reference

Apache auth provider. More...

+ Inheritance diagram for ilAuthProviderApache:
+ Collaboration diagram for ilAuthProviderApache:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 setExternalAccountName (string $name)
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Data Fields

const APACHE_AUTH_TYPE_DIRECT_MAPPING = 1
 
const APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2
 
const APACHE_AUTH_TYPE_BY_FUNCTION = 3
 

Protected Member Functions

 getSettings ()
 
 handleLDAPDataSource (ilAuthStatus $status)
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 Handle failed authentication. More...
 

Private Attributes

ilSetting $settings
 
string $migration_account = ''
 
bool $force_new_account = false
 

Detailed Description

Apache auth provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Michael Jansen mjans.nosp@m.en@d.nosp@m.ataba.nosp@m.y.de

Definition at line 24 of file class.ilAuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderApache::__construct ( ilAuthCredentials  $credentials)

Definition at line 34 of file class.ilAuthProviderApache.php.

References ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\settings().

35  {
36  parent::__construct($credentials);
37  $this->settings = new ilSetting('apache_auth');
38  }
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ilAuthProviderApache::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 114 of file class.ilAuthProviderApache.php.

References getSettings(), and handleLDAPDataSource().

114  : void
115  {
116  $this->force_new_account = true;
117  if ($this->getSettings()->get('apache_enable_ldap', '0')) {
118  $this->handleLDAPDataSource($status);
119  }
120  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:146
+ Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderApache::doAuthentication ( ilAuthStatus  $status)

Definition at line 45 of file class.ilAuthProviderApache.php.

References $_SERVER, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilUtil\isLogin(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

45  : bool
46  {
47  if (!$this->getSettings()->get('apache_enable_auth', '0')) {
48  $this->getLogger()->info('Apache auth disabled.');
49  $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
50  return false;
51  }
52 
53  if (
54  !$this->getSettings()->get('apache_auth_indicator_name', '') ||
55  !$this->getSettings()->get('apache_auth_indicator_value', '')
56  ) {
57  $this->getLogger()->warning('Apache auth indicator match failure.');
58  $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
59  return false;
60  }
61 
62  $validIndicatorValues = array_filter(array_map(
63  'trim',
64  str_getcsv($this->getSettings()->get('apache_auth_indicator_value', ''))
65  ));
66  //TODO PHP8-REVIEW: $DIC->http()->request()->getServerParams()['apache_auth_indicator_name']
67  if (
68  !isset($_SERVER[$this->getSettings()->get('apache_auth_indicator_name', '')]) ||
69  !in_array($_SERVER[$this->getSettings()->get('apache_auth_indicator_name', '')], $validIndicatorValues, true)
70  ) {
71  $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
72  $this->handleAuthenticationFail($status, 'err_wrong_login');
73  return false;
74  }
75 
76  if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
77  $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
78  $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
79  return false;
80  }
81 
82  if ($this->getCredentials()->getUsername() === '') {
83  $this->getLogger()->info('No username given');
84  $this->handleAuthenticationFail($status, 'err_wrong_login');
85  return false;
86  }
87 
88  // Apache with ldap as data source
89  if ($this->getSettings()->get('apache_enable_ldap', '0')) {
90  return $this->handleLDAPDataSource($status);
91  }
92 
93  $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
94  $usr_id = ilObjUser::_lookupId($login);
95  if (!$usr_id) {
96  $this->getLogger()->info('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
97  $this->handleAuthenticationFail($status, 'err_wrong_login');
98  return false;
99  }
100 
101  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
102  $status->setAuthenticatedUserId($usr_id);
103  return true;
104  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:146
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilUtil\isLogin
static isLogin(string $a_login)
Definition: class.ilUtil.php:303
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderApache::getExternalAccountName ( )

Get external account name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 122 of file class.ilAuthProviderApache.php.

References $migration_account.

122  : string
123  {
124  return $this->migration_account;
125  }

◆ getSettings()

ilAuthProviderApache::getSettings ( )
protected

Definition at line 40 of file class.ilAuthProviderApache.php.

References $settings.

Referenced by createNewAccount(), doAuthentication(), getUserAuthModeName(), handleLDAPDataSource(), and migrateAccount().

40  : ilSetting
41  {
42  return $this->settings;
43  }
+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderApache::getTriggerAuthMode ( )

Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth.

See also
ilAuthUtils

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 132 of file class.ilAuthProviderApache.php.

References ilAuthUtils\AUTH_APACHE.

132  : string
133  {
134  return (string) ilAuthUtils::AUTH_APACHE;
135  }

◆ getUserAuthModeName()

ilAuthProviderApache::getUserAuthModeName ( )

Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 137 of file class.ilAuthProviderApache.php.

References getSettings().

137  : string
138  {
139  if ($this->getSettings()->get('apache_ldap_sid', '0')) {
140  return 'ldap_' . $this->getSettings()->get('apache_ldap_sid', '');
141  }
142 
143  return 'apache';
144  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderApache::handleLDAPDataSource ( ilAuthStatus  $status)
protected

Definition at line 146 of file class.ilAuthProviderApache.php.

References Vendor\Package\$e, $server, ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilLDAPUserSynchronisation\setExternalAccount(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

146  : bool
147  {
148  $server = ilLDAPServer::getInstanceByServerId(
149  (int) $this->getSettings()->get('apache_ldap_sid', '0')
150  );
151 
152  $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
153 
154  $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
155  $sync->setExternalAccount($this->getCredentials()->getUsername());
156  $sync->setUserData([]);
157  $sync->forceCreation($this->force_new_account);
158  $sync->forceReadLdapData(true);
159 
160  try {
161  $internal_account = $sync->sync();
162  $this->getLogger()->debug('Internal account: ' . $internal_account);
163  } catch (UnexpectedValueException $e) {
164  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
165  $this->handleAuthenticationFail($status, 'err_wrong_login');
166  return false;
167  } catch (ilLDAPSynchronisationFailedException $e) {
168  $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
169  return false;
170  } catch (ilLDAPSynchronisationForbiddenException $e) {
171  // No syncronisation allowed => create Error
172  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
173  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
174  return false;
175  } catch (ilLDAPAccountMigrationRequiredException $e) {
176  $this->setExternalAccountName($this->getCredentials()->getUsername());
177  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
178  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
179  return false;
180  }
181 
182  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
183  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
184  return true;
185  }
ilLDAPSynchronisationForbiddenException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationForbiddenException.php:24
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPSynchronisationFailedException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationFailedException.php:26
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, cas,...
Definition: class.ilLDAPUserSynchronisation.php:26
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilLDAPAccountMigrationRequiredException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPAccountMigrationRequiredException.php:24
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount(string $a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:66
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
$server
$server
Definition: dummy_client.php:22
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderApache::migrateAccount ( ilAuthStatus  $status)

Create new account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 106 of file class.ilAuthProviderApache.php.

References getSettings(), and handleLDAPDataSource().

106  : void
107  {
108  $this->force_new_account = true;
109  if ($this->getSettings()->get('apache_enable_ldap', '0')) {
110  $this->handleLDAPDataSource($status);
111  }
112  }
ilAuthProviderApache\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderApache.php:146
+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderApache::setExternalAccountName ( string  $name)

Definition at line 127 of file class.ilAuthProviderApache.php.

References $name.

Referenced by handleLDAPDataSource().

127  : void
128  {
129  $this->migration_account = $name;
130  }
$name
if($format !==null) $name
Definition: metadata.php:247
+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

bool ilAuthProviderApache::$force_new_account = false
private

Definition at line 32 of file class.ilAuthProviderApache.php.

◆ $migration_account

string ilAuthProviderApache::$migration_account = ''
private

Definition at line 31 of file class.ilAuthProviderApache.php.

Referenced by getExternalAccountName().

◆ $settings

ilSetting ilAuthProviderApache::$settings
private

Definition at line 30 of file class.ilAuthProviderApache.php.

Referenced by getSettings().

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const ilAuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 28 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 26 of file class.ilAuthProviderApache.php.

Referenced by ilAuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const ilAuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 27 of file class.ilAuthProviderApache.php.

The documentation for this class was generated from the following file: