ILIAS  release_8 Revision v8.24
class.ilOpenIdConnectUserSync.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
24class ilOpenIdConnectUserSync
25{
26 public const AUTH_MODE = 'oidc';
27
28 private ilOpenIdConnectSettings $settings;
29 private ilLogger $logger;
30 private ilXmlWriter $writer;
31 private stdClass $user_info;
32 private string $ext_account = '';
33 private string $int_account = '';
34 private int $usr_id = 0;
35
36 public function __construct(ilOpenIdConnectSettings $settings, stdClass $user_info)
37 {
38 global $DIC;
39
40 $this->settings = $settings;
41 $this->user_info = $user_info;
42
43 $this->logger = $DIC->logger()->auth();
44 $this->writer = new ilXmlWriter();
45 }
46
47 public function setExternalAccount(string $ext_account): void
48 {
49 $this->ext_account = $ext_account;
50 }
51
52 public function setInternalAccount(string $int_account): void
53 {
54 $this->int_account = $int_account;
55 $this->usr_id = (int) ilObjUser::_lookupId($this->int_account);
56 }
57
58 public function getUserId(): int
59 {
60 return $this->usr_id;
61 }
62
63 public function needsCreation(): bool
64 {
65 $this->logger->dump($this->int_account, ilLogLevel::DEBUG);
66
67 return $this->int_account === '';
68 }
69
73 public function updateUser(): bool
74 {
75 if ($this->needsCreation() && !$this->settings->isSyncAllowed()) {
76 throw new ilOpenIdConnectSyncForbiddenException('No internal account given.');
77 }
78
79 $this->transformToXml();
80
81 $importParser = new ilUserImportParser();
82 $importParser->setXMLContent($this->writer->xmlDumpMem(false));
83
84 $roles = $this->parseRoleAssignments();
85 $importParser->setRoleAssignment($roles);
86
87 $importParser->setFolderId(USER_FOLDER_ID);
88 $importParser->startParsing();
89 $debug = $importParser->getProtocol();
90
91 $int_account = ilObjUser::_checkExternalAuthAccount(
92 self::AUTH_MODE,
93 $this->ext_account
94 );
95 $this->setInternalAccount($int_account);
96
97 return true;
98 }
99
100 protected function transformToXml(): void
101 {
102 $this->writer->xmlStartTag('Users');
103
104 if ($this->needsCreation()) {
105 $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
106 $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($this->ext_account));
107 } else {
108 $this->writer->xmlStartTag(
109 'User',
110 [
111 'Id' => $this->getUserId(),
112 'Action' => 'Update'
113 ]
114 );
115 $this->writer->xmlElement('Login', [], $this->int_account);
116 }
117
118 $this->writer->xmlElement('ExternalAccount', array(), $this->ext_account);
119 $this->writer->xmlElement('AuthMode', array('type' => self::AUTH_MODE), null);
120
121 $this->parseRoleAssignments();
122
123 if ($this->needsCreation()) {
124 $this->writer->xmlElement('Active', array(), "true");
125 $this->writer->xmlElement('TimeLimitOwner', array(), 7);
126 $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
127 $this->writer->xmlElement('TimeLimitFrom', array(), time());
128 $this->writer->xmlElement('TimeLimitUntil', array(), time());
129 }
130
131 foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
132 $connect_name = $this->settings->getProfileMappingFieldValue($field);
133 if (!$connect_name) {
134 $this->logger->debug('Ignoring unconfigured field: ' . $field);
135 continue;
136 }
137 if (!$this->needsCreation() && !$this->settings->getProfileMappingFieldUpdate($field)) {
138 $this->logger->debug('Ignoring ' . $field . ' for update.');
139 continue;
140 }
141
142 $value = $this->valueFrom($connect_name);
143 if ($value === '') {
144 $this->logger->debug('Cannot find user data in ' . $connect_name);
145 continue;
146 }
147
148 switch ($field) {
149 case 'firstname':
150 $this->writer->xmlElement('Firstname', [], $value);
151 break;
152
153 case 'lastname':
154 $this->writer->xmlElement('Lastname', [], $value);
155 break;
156
157 case 'email':
158 $this->writer->xmlElement('Email', [], $value);
159 break;
160
161 case 'birthday':
162 $this->writer->xmlElement('Birthday', [], $value);
163 break;
164 }
165 }
166 $this->writer->xmlEndTag('User');
167 $this->writer->xmlEndTag('Users');
168
169 $this->logger->debug($this->writer->xmlDumpMem());
170 }
171
176 protected function parseRoleAssignments(): array
177 {
178 $this->logger->debug('Parsing role assignments');
179
180 $found_role = false;
181
182 $roles_assignable[$this->settings->getRole()] = $this->settings->getRole();
183
184 $this->logger->dump($this->settings->getRoleMappings(), ilLogLevel::DEBUG);
185
186 foreach ($this->settings->getRoleMappings() as $role_id => $role_info) {
187 $this->logger->dump($role_id);
188 $this->logger->dump($role_info);
189
190 [$role_attribute, $role_value] = explode('::', $role_info['value']);
191
192 if (
193 !$role_attribute ||
194 !$role_value
195 ) {
196 $this->logger->debug('No valid role mapping configuration for: ' . $role_id);
197 continue;
198 }
199
200 if (!isset($this->user_info->{$role_attribute})) {
201 $this->logger->debug('No user info passed');
202 continue;
203 }
204
205 if (!$role_info['update'] && !$this->needsCreation()) {
206 $this->logger->debug('No user role update for role: ' . $role_id);
207 continue;
208 }
209
210 if (is_array($this->user_info->{$role_attribute})) {
211 if (!in_array($role_value, $this->user_info->{$role_attribute}, true)) {
212 $this->logger->debug('User account has no ' . $role_value);
213 continue;
214 }
215 } elseif (strcmp($this->user_info->{$role_attribute}, $role_value) !== 0) {
216 $this->logger->debug('User account has no ' . $role_value);
217 continue;
218 }
219 $this->logger->debug('Matching role mapping for role_id: ' . $role_id);
220
221 $found_role = true;
222 $roles_assignable[(int) $role_id] = (int) $role_id;
223 $long_role_id = ('il_' . IL_INST_ID . '_role_' . $role_id);
224
225 $this->writer->xmlElement(
226 'Role',
227 [
228 'Id' => $long_role_id,
229 'Type' => 'Global',
230 'Action' => 'Assign'
231 ],
232 null
233 );
234 }
235
236 if (!$found_role && $this->needsCreation()) {
237 $long_role_id = ('il_' . IL_INST_ID . '_role_' . $this->settings->getRole());
238
239 // add default role
240 $this->writer->xmlElement(
241 'Role',
242 [
243 'Id' => $long_role_id,
244 'Type' => 'Global',
245 'Action' => 'Assign'
246 ],
247 null
248 );
249 }
250 return $roles_assignable;
251 }
252
253 protected function valueFrom(string $connect_name): string
254 {
255 if (!$connect_name) {
256 return '';
257 }
258 if (!property_exists($this->user_info, $connect_name)) {
259 $this->logger->debug('Cannot find property ' . $connect_name . ' in user info ');
260 return '';
261 }
262
263 return (string) $this->user_info->{$connect_name};
264 }
265}
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:370
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700
ilOpenIdConnectSyncForbiddenException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOpenIdConnectSyncForbiddenException.php:28
ilOpenIdConnectUserSync\parseRoleAssignments
parseRoleAssignments()
Parse role assignments.
Definition: class.ilOpenIdConnectUserSync.php:176
ilOpenIdConnectUserSync\__construct
__construct(ilOpenIdConnectSettings $settings, stdClass $user_info)
Definition: class.ilOpenIdConnectUserSync.php:36
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:31
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
$DIC
global $DIC
Definition: feed.php:28