Collaboration diagram for ilOpenIdConnectUserSync:

Public Member Functions
	__construct (ilOpenIdConnectSettings $settings, stdClass $user_info)

	setExternalAccount (string $ext_account)

	setInternalAccount (string $int_account)

	getUserId ()

	needsCreation ()

	updateUser ()

Data Fields
const	AUTH_MODE = 'oidc'

Protected Member Functions
	transformToXml ()

	parseRoleAssignments ()
	Parse role assignments. More...

	valueFrom (string $connect_name)

Private Attributes
ilOpenIdConnectSettings	$settings

ilLogger	$logger

ilXmlWriter	$writer

stdClass	$user_info

string	$ext_account = ''

string	$int_account = ''

int	$usr_id = 0

Detailed Description

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 24 of file class.ilOpenIdConnectUserSync.php.

Constructor & Destructor Documentation

◆ __construct()

ilOpenIdConnectUserSync::__construct	(	ilOpenIdConnectSettings	$settings,
		stdClass	$user_info
	)

Definition at line 36 of file class.ilOpenIdConnectUserSync.php.

References $DIC, $settings, $user_info, ILIAS\Repository\logger(), and ILIAS\Repository\settings().

     {
         global $DIC;
 
         $this->settings = $settings;
         $this->user_info = $user_info;
 
         $this->logger = $DIC->logger()->auth();
         $this->writer = new ilXmlWriter();
     }

Here is the call graph for this function:

Member Function Documentation

◆ getUserId()

ilOpenIdConnectUserSync::getUserId ( )

Definition at line 58 of file class.ilOpenIdConnectUserSync.php.

References $usr_id.

Referenced by transformToXml().

                                : int
     {
         return $this->usr_id;
     }

Here is the caller graph for this function:

◆ needsCreation()

ilOpenIdConnectUserSync::needsCreation ( )

Definition at line 63 of file class.ilOpenIdConnectUserSync.php.

References ilLogLevel\DEBUG, and ILIAS\Repository\logger().

Referenced by parseRoleAssignments(), transformToXml(), and updateUser().

                                    : bool
     {
         $this->logger->dump($this->int_account, ilLogLevel::DEBUG);
 
         return $this->int_account === '';
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parseRoleAssignments()

ilOpenIdConnectUserSync::parseRoleAssignments ( )

protected

Parse role assignments.

Returns: array<int, int> array of role assignments

Definition at line 176 of file class.ilOpenIdConnectUserSync.php.

References ilLogLevel\DEBUG, IL_INST_ID, ILIAS\Repository\int(), ILIAS\Repository\logger(), needsCreation(), and ILIAS\Repository\settings().

Referenced by transformToXml(), and updateUser().

                                              : array
     {
         $this->logger->debug('Parsing role assignments');
 
         $found_role = false;
 
         $roles_assignable[$this->settings->getRole()] = $this->settings->getRole();
 
         $this->logger->dump($this->settings->getRoleMappings(), ilLogLevel::DEBUG);
 
         foreach ($this->settings->getRoleMappings() as $role_id => $role_info) {
             $this->logger->dump($role_id);
             $this->logger->dump($role_info);
 
             [$role_attribute, $role_value] = explode('::', $role_info['value']);
 
             if (
                 !$role_attribute ||
                 !$role_value
             ) {
                 $this->logger->debug('No valid role mapping configuration for: ' . $role_id);
                 continue;
             }
 
             if (!isset($this->user_info->{$role_attribute})) {
                 $this->logger->debug('No user info passed');
                 continue;
             }
 
             if (!$role_info['update'] && !$this->needsCreation()) {
                 $this->logger->debug('No user role update for role: ' . $role_id);
                 continue;
             }
 
             if (is_array($this->user_info->{$role_attribute})) {
                 if (!in_array($role_value, $this->user_info->{$role_attribute}, true)) {
                     $this->logger->debug('User account has no ' . $role_value);
                     continue;
                 }
             } elseif (strcmp($this->user_info->{$role_attribute}, $role_value) !== 0) {
                 $this->logger->debug('User account has no ' . $role_value);
                 continue;
             }
             $this->logger->debug('Matching role mapping for role_id: ' . $role_id);
 
             $found_role = true;
             $roles_assignable[(int) $role_id] = (int) $role_id;
             $long_role_id = ('il_' . IL_INST_ID . '_role_' . $role_id);
 
             $this->writer->xmlElement(
                 'Role',
                 [
                     'Id' => $long_role_id,
                     'Type' => 'Global',
                     'Action' => 'Assign'
                 ],
                 null
             );
         }
 
         if (!$found_role && $this->needsCreation()) {
             $long_role_id = ('il_' . IL_INST_ID . '_role_' . $this->settings->getRole());
 
             // add default role
             $this->writer->xmlElement(
                 'Role',
                 [
                     'Id' => $long_role_id,
                     'Type' => 'Global',
                     'Action' => 'Assign'
                 ],
                 null
             );
         }
         return $roles_assignable;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setExternalAccount()

ilOpenIdConnectUserSync::setExternalAccount ( string $ext_account )

Definition at line 47 of file class.ilOpenIdConnectUserSync.php.

References $ext_account.

                                                            : void
     {
         $this->ext_account = $ext_account;
     }

◆ setInternalAccount()

ilOpenIdConnectUserSync::setInternalAccount ( string $int_account )

Definition at line 52 of file class.ilOpenIdConnectUserSync.php.

References $int_account, ilObjUser\_lookupId(), and ILIAS\Repository\int().

Referenced by updateUser().

                                                            : void
     {
         $this->int_account = $int_account;
         $this->usr_id = (int) ilObjUser::_lookupId($this->int_account);
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ transformToXml()

ilOpenIdConnectUserSync::transformToXml ( )

protected

Definition at line 100 of file class.ilOpenIdConnectUserSync.php.

References ilAuthUtils\_generateLogin(), getUserId(), ILIAS\Repository\logger(), needsCreation(), parseRoleAssignments(), ILIAS\Repository\settings(), and valueFrom().

Referenced by updateUser().

                                        : void
     {
         $this->writer->xmlStartTag('Users');
 
         if ($this->needsCreation()) {
             $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
             $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($this->ext_account));
         } else {
             $this->writer->xmlStartTag(
                 'User',
                 [
                     'Id' => $this->getUserId(),
                     'Action' => 'Update'
                 ]
             );
             $this->writer->xmlElement('Login', [], $this->int_account);
         }
 
         $this->writer->xmlElement('ExternalAccount', array(), $this->ext_account);
         $this->writer->xmlElement('AuthMode', array('type' => self::AUTH_MODE), null);
 
         $this->parseRoleAssignments();
 
         if ($this->needsCreation()) {
             $this->writer->xmlElement('Active', array(), "true");
             $this->writer->xmlElement('TimeLimitOwner', array(), 7);
             $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
             $this->writer->xmlElement('TimeLimitFrom', array(), time());
             $this->writer->xmlElement('TimeLimitUntil', array(), time());
         }
 
         foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
             $connect_name = $this->settings->getProfileMappingFieldValue($field);
             if (!$connect_name) {
                 $this->logger->debug('Ignoring unconfigured field: ' . $field);
                 continue;
             }
             if (!$this->needsCreation() && !$this->settings->getProfileMappingFieldUpdate($field)) {
                 $this->logger->debug('Ignoring ' . $field . ' for update.');
                 continue;
             }
 
             $value = $this->valueFrom($connect_name);
             if ($value === '') {
                 $this->logger->debug('Cannot find user data in ' . $connect_name);
                 continue;
             }
 
             switch ($field) {
                 case 'firstname':
                     $this->writer->xmlElement('Firstname', [], $value);
                     break;
 
                 case 'lastname':
                     $this->writer->xmlElement('Lastname', [], $value);
                     break;
 
                 case 'email':
                     $this->writer->xmlElement('Email', [], $value);
                     break;
 
                 case 'birthday':
                     $this->writer->xmlElement('Birthday', [], $value);
                     break;
             }
         }
         $this->writer->xmlEndTag('User');
         $this->writer->xmlEndTag('Users');
 
         $this->logger->debug($this->writer->xmlDumpMem());
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ updateUser()

ilOpenIdConnectUserSync::updateUser ( )

Exceptions

ilOpenIdConnectSyncForbiddenException

Definition at line 73 of file class.ilOpenIdConnectUserSync.php.

References ilObjUser\_checkExternalAuthAccount(), needsCreation(), parseRoleAssignments(), setInternalAccount(), ILIAS\Repository\settings(), transformToXml(), and USER_FOLDER_ID.

                                 : bool
     {
         if ($this->needsCreation() && !$this->settings->isSyncAllowed()) {
             throw new ilOpenIdConnectSyncForbiddenException('No internal account given.');
         }
 
         $this->transformToXml();
 
         $importParser = new ilUserImportParser();
         $importParser->setXMLContent($this->writer->xmlDumpMem(false));
 
         $roles = $this->parseRoleAssignments();
         $importParser->setRoleAssignment($roles);
 
         $importParser->setFolderId(USER_FOLDER_ID);
         $importParser->startParsing();
         $debug = $importParser->getProtocol();
 
         $int_account = ilObjUser::_checkExternalAuthAccount(
             self::AUTH_MODE,
             $this->ext_account
         );
         $this->setInternalAccount($int_account);
 
         return true;
     }

Here is the call graph for this function:

◆ valueFrom()

ilOpenIdConnectUserSync::valueFrom ( string $connect_name )

protected

Definition at line 253 of file class.ilOpenIdConnectUserSync.php.

References ILIAS\Repository\logger().

Referenced by transformToXml().

                                                       : string
     {
         if (!$connect_name) {
             return '';
         }
         if (!property_exists($this->user_info, $connect_name)) {
             $this->logger->debug('Cannot find property ' . $connect_name . ' in user info ');
             return '';
         }
 
         return (string) $this->user_info->{$connect_name};
     }