Collaboration diagram for ilOpenIdConnectUserSync:

Public Member Functions
	__construct (ilOpenIdConnectSettings $settings, stdClass $user_info)

	setExternalAccount (string $ext_account)

	setInternalAccount (string $int_account)

	getUserId ()

	needsCreation ()

	updateUser ()

Data Fields
const	AUTH_MODE = 'oidc'

Protected Member Functions
	transformToXml ()

	parseRoleAssignments ()
	Parse role assignments. More...

	valueFrom (string $connect_name)

Private Attributes
ilOpenIdConnectSettings	$settings

ilLogger	$logger

ilXmlWriter	$writer

stdClass	$user_info

string	$ext_account = ''

string	$int_account = ''

int	$usr_id = 0

Detailed Description

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 24 of file class.ilOpenIdConnectUserSync.php.

Constructor & Destructor Documentation

◆ __construct()

ilOpenIdConnectUserSync::__construct	(	ilOpenIdConnectSettings	$settings,
		stdClass	$user_info
	)

Definition at line 36 of file class.ilOpenIdConnectUserSync.php.

    {
        global $DIC;
 
        $this->settings = $settings;
        $this->user_info = $user_info;
 
        $this->logger = $DIC->logger()->auth();
        $this->writer = new ilXmlWriter();
    }

References $DIC, $settings, $user_info, ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Here is the call graph for this function:

Member Function Documentation

◆ getUserId()

ilOpenIdConnectUserSync::getUserId ( )

Definition at line 58 of file class.ilOpenIdConnectUserSync.php.

                               : int
    {
        return $this->usr_id;
    }

References $usr_id.

Referenced by transformToXml().

Here is the caller graph for this function:

◆ needsCreation()

ilOpenIdConnectUserSync::needsCreation ( )

Definition at line 63 of file class.ilOpenIdConnectUserSync.php.

                                   : bool
    {
        $this->logger->dump($this->int_account, ilLogLevel::DEBUG);
 
        return $this->int_account === '';
    }

References ilLogLevel\DEBUG, and ILIAS\Repository\logger().

Referenced by parseRoleAssignments(), transformToXml(), and updateUser().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parseRoleAssignments()

ilOpenIdConnectUserSync::parseRoleAssignments ( )

protected

Parse role assignments.

Returns: array<int, int> array of role assignments

Definition at line 176 of file class.ilOpenIdConnectUserSync.php.

                                             : array
    {
        $this->logger->debug('Parsing role assignments');
 
        $found_role = false;
 
        $roles_assignable[$this->settings->getRole()] = $this->settings->getRole();
 
        $this->logger->dump($this->settings->getRoleMappings(), ilLogLevel::DEBUG);
 
        foreach ($this->settings->getRoleMappings() as $role_id => $role_info) {
            $this->logger->dump($role_id);
            $this->logger->dump($role_info);
 
            [$role_attribute, $role_value] = explode('::', $role_info['value']);
 
            if (
                !$role_attribute ||
                !$role_value
            ) {
                $this->logger->debug('No valid role mapping configuration for: ' . $role_id);
                continue;
            }
 
            if (!isset($this->user_info->{$role_attribute})) {
                $this->logger->debug('No user info passed');
                continue;
            }
 
            if (!$role_info['update'] && !$this->needsCreation()) {
                $this->logger->debug('No user role update for role: ' . $role_id);
                continue;
            }
 
            if (is_array($this->user_info->{$role_attribute})) {
                if (!in_array($role_value, $this->user_info->{$role_attribute}, true)) {
                    $this->logger->debug('User account has no ' . $role_value);
                    continue;
                }
            } elseif (strcmp($this->user_info->{$role_attribute}, $role_value) !== 0) {
                $this->logger->debug('User account has no ' . $role_value);
                continue;
            }
            $this->logger->debug('Matching role mapping for role_id: ' . $role_id);
 
            $found_role = true;
            $roles_assignable[(int) $role_id] = (int) $role_id;
            $long_role_id = ('il_' . IL_INST_ID . '_role_' . $role_id);
 
            $this->writer->xmlElement(
                'Role',
                [
                    'Id' => $long_role_id,
                    'Type' => 'Global',
                    'Action' => 'Assign'
                ],
                null
            );
        }
 
        if (!$found_role && $this->needsCreation()) {
            $long_role_id = ('il_' . IL_INST_ID . '_role_' . $this->settings->getRole());
 
            // add default role
            $this->writer->xmlElement(
                'Role',
                [
                    'Id' => $long_role_id,
                    'Type' => 'Global',
                    'Action' => 'Assign'
                ],
                null
            );
        }
        return $roles_assignable;
    }

References ilLogLevel\DEBUG, ILIAS\Repository\logger(), needsCreation(), and ILIAS\Repository\settings().

Referenced by transformToXml(), and updateUser().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setExternalAccount()

ilOpenIdConnectUserSync::setExternalAccount ( string $ext_account )

Definition at line 47 of file class.ilOpenIdConnectUserSync.php.

                                                           : void
    {
        $this->ext_account = $ext_account;
    }

References $ext_account.

◆ setInternalAccount()

ilOpenIdConnectUserSync::setInternalAccount ( string $int_account )

Definition at line 52 of file class.ilOpenIdConnectUserSync.php.

                                                           : void
    {
        $this->int_account = $int_account;
        $this->usr_id = (int) ilObjUser::_lookupId($this->int_account);
    }

References $int_account, ilObjUser\_lookupId(), and ILIAS\Repository\int().

Referenced by updateUser().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ transformToXml()

ilOpenIdConnectUserSync::transformToXml ( )

protected

Definition at line 100 of file class.ilOpenIdConnectUserSync.php.

                                       : void
    {
        $this->writer->xmlStartTag('Users');
 
        if ($this->needsCreation()) {
            $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
            $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($this->ext_account));
        } else {
            $this->writer->xmlStartTag(
                'User',
                [
                    'Id' => $this->getUserId(),
                    'Action' => 'Update'
                ]
            );
            $this->writer->xmlElement('Login', [], $this->int_account);
        }
 
        $this->writer->xmlElement('ExternalAccount', array(), $this->ext_account);
        $this->writer->xmlElement('AuthMode', array('type' => self::AUTH_MODE), null);
 
        $this->parseRoleAssignments();
 
        if ($this->needsCreation()) {
            $this->writer->xmlElement('Active', array(), "true");
            $this->writer->xmlElement('TimeLimitOwner', array(), 7);
            $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
            $this->writer->xmlElement('TimeLimitFrom', array(), time());
            $this->writer->xmlElement('TimeLimitUntil', array(), time());
        }
 
        foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
            $connect_name = $this->settings->getProfileMappingFieldValue($field);
            if (!$connect_name) {
                $this->logger->debug('Ignoring unconfigured field: ' . $field);
                continue;
            }
            if (!$this->needsCreation() && !$this->settings->getProfileMappingFieldUpdate($field)) {
                $this->logger->debug('Ignoring ' . $field . ' for update.');
                continue;
            }
 
            $value = $this->valueFrom($connect_name);
            if ($value === '') {
                $this->logger->debug('Cannot find user data in ' . $connect_name);
                continue;
            }
 
            switch ($field) {
                case 'firstname':
                    $this->writer->xmlElement('Firstname', [], $value);
                    break;
 
                case 'lastname':
                    $this->writer->xmlElement('Lastname', [], $value);
                    break;
 
                case 'email':
                    $this->writer->xmlElement('Email', [], $value);
                    break;
 
                case 'birthday':
                    $this->writer->xmlElement('Birthday', [], $value);
                    break;
            }
        }
        $this->writer->xmlEndTag('User');
        $this->writer->xmlEndTag('Users');
 
        $this->logger->debug($this->writer->xmlDumpMem());
    }

References ilAuthUtils\_generateLogin(), getUserId(), ILIAS\Repository\logger(), needsCreation(), parseRoleAssignments(), ILIAS\Repository\settings(), and valueFrom().

Referenced by updateUser().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ updateUser()

ilOpenIdConnectUserSync::updateUser ( )

Exceptions

ilOpenIdConnectSyncForbiddenException

Definition at line 73 of file class.ilOpenIdConnectUserSync.php.

                                : bool
    {
        if ($this->needsCreation() && !$this->settings->isSyncAllowed()) {
            throw new ilOpenIdConnectSyncForbiddenException('No internal account given.');
        }
 
        $this->transformToXml();
 
        $importParser = new ilUserImportParser();
        $importParser->setXMLContent($this->writer->xmlDumpMem(false));
 
        $roles = $this->parseRoleAssignments();
        $importParser->setRoleAssignment($roles);
 
        $importParser->setFolderId(USER_FOLDER_ID);
        $importParser->startParsing();
        $debug = $importParser->getProtocol();
 
        $int_account = ilObjUser::_checkExternalAuthAccount(
            self::AUTH_MODE,
            $this->ext_account
        );
        $this->setInternalAccount($int_account);
 
        return true;
    }

References $int_account, ilObjUser\_checkExternalAuthAccount(), needsCreation(), parseRoleAssignments(), setInternalAccount(), ILIAS\Repository\settings(), transformToXml(), and USER_FOLDER_ID.

Here is the call graph for this function:

◆ valueFrom()

ilOpenIdConnectUserSync::valueFrom ( string $connect_name )

protected

Definition at line 253 of file class.ilOpenIdConnectUserSync.php.

                                                      : string
    {
        if (!$connect_name) {
            return '';
        }
        if (!property_exists($this->user_info, $connect_name)) {
            $this->logger->debug('Cannot find property ' . $connect_name . ' in user info ');
            return '';
        }
 
        return (string) $this->user_info->{$connect_name};
    }