Collaboration diagram for ilWebAccessChecker:

Public Member Functions
	__construct (Services $httpState, private CookieFactory $cookieFactory)
	ilWebAccessChecker constructor. More...

	check ()

	initILIAS ()

	isChecked ()

	setChecked (bool $checked)

	getPathObject ()

	setPathObject (ilWACPath $path_object)

	getDisposition ()

	setDisposition (string $disposition)

	getOverrideMimetype ()

	setOverrideMimetype (string $override_mimetype)

	isInitialized ()

	setInitialized (bool $initialized)

	isSendStatusCode ()

	setSendStatusCode (bool $send_status_code)

	isRevalidateFolderTokens ()

	setRevalidateFolderTokens (bool $revalidate_folder_tokens)

	getAppliedCheckingMethods ()

	setAppliedCheckingMethods (array $applied_checking_methods)

Static Public Member Functions
static	isUseSeperateLogfile ()

static	setUseSeperateLogfile (bool $use_seperate_logfile)

Data Fields
const	DISPOSITION = 'disposition'

const	STATUS_CODE = 'status_code'

const	REVALIDATE = 'revalidate'

const	CM_FILE_TOKEN = 1

const	CM_FOLDER_TOKEN = 2

const	CM_CHECKINGINSTANCE = 3

const	CM_SECFOLDER = 4

Protected Member Functions
	sendHeader (string $message)

	checkPublicSection ()

	checkUser ()

	addAppliedCheckingMethod (int $method)

Protected Attributes
ilWACPath	$path_object = null

bool	$checked = false

string	$disposition = ilFileDelivery::DISP_INLINE

string	$override_mimetype = ''

bool	$send_status_code = false

bool	$initialized = false

bool	$revalidate_folder_tokens = true

array	$applied_checking_methods = []

Static Protected Attributes
static bool	$use_seperate_logfile = false

Private Attributes
Services	$http

ilWACException	$ressource_not_found = null

Detailed Description

Class ilWebAccessChecker.

Author: Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Version: 1.0.0

Definition at line 30 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct	(	Services	$httpState,
		private CookieFactory	$cookieFactory
	)

ilWebAccessChecker constructor.

Definition at line 58 of file class.ilWebAccessChecker.php.

References Vendor\Package\$e, ILIAS\FileDelivery\http(), ilWACException\NOT_FOUND, ILIAS\HTTP\Services\request(), and setPathObject().

     {
         try {
             $this->setPathObject(new ilWACPath($httpState->request()->getRequestTarget()));
         } catch (ilWACException $e) {
             if ($e->getCode() !== ilWACException::NOT_FOUND) {
                 throw $e;
             }
             $this->ressource_not_found = $e;
         }
 
         $this->http = $httpState;
     }

Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod ( int $method )

protected

Definition at line 334 of file class.ilWebAccessChecker.php.

References $DIC, ANONYMOUS_USER_ID, ilContext\CONTEXT_WAC, ilContext\init(), and ilInitialisation\reInitUser().

Referenced by check().

                                                             : void
     {
         $this->applied_checking_methods[] = $method;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )

Exceptions

ilWACException

Definition at line 75 of file class.ilWebAccessChecker.php.

References $data_dir, $path, addAppliedCheckingMethod(), CLIENT_WEB_DIR, ilWACException\CODE_NO_PATH, getPathObject(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), isRevalidateFolderTokens(), ilWACException\NOT_FOUND, sendHeader(), and setChecked().

                            : bool
     {
         if (!$this->getPathObject() instanceof \ilWACPath) {
             if ($this->ressource_not_found instanceof \ilWACException) {
                 throw new ilWACException(ilWACException::NOT_FOUND, '', $this->ressource_not_found);
             }
 
             throw new ilWACException(ilWACException::CODE_NO_PATH);
         }
 
         // Check if Path has been signed with a token
         $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->http, $this->cookieFactory);
         if ($ilWACSignedPath->isSignedPath()) {
             $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
             if ($ilWACSignedPath->isSignedPathValid()) {
                 $this->setChecked(true);
                 $this->sendHeader('checked using token');
 
                 return true;
             }
         }
 
         // Check if the whole secured folder has been signed
         if ($ilWACSignedPath->isFolderSigned()) {
             $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
             if ($ilWACSignedPath->isFolderTokenValid()) {
                 if ($this->isRevalidateFolderTokens()) {
                     $ilWACSignedPath->revalidatingFolderToken();
                 }
                 $this->setChecked(true);
                 $this->sendHeader('checked using secure folder');
 
                 return true;
             }
         }
 
         // Fallback, have to initiate ILIAS
         $this->initILIAS();
 
         // Check if Path is within accepted paths
         if ($this->getPathObject()->getModuleType() !== 'rs') {
             $clean_path = $this->getPathObject()->getCleanURLdecodedPath();
             $path = realpath($clean_path);
             $data_dir = realpath(CLIENT_WEB_DIR);
             if (!str_starts_with($path, $data_dir)) {
                 return false;
             }
             if (dirname($path) === $data_dir && is_file($path)) {
                 return false;
             }
         }
 
         if (ilWACSecurePath::hasCheckingInstanceRegistered($this->getPathObject())) {
             // Maybe the path has been registered, lets check
             $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
             $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
             $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
             if ($canBeDelivered) {
                 $this->sendHeader('checked using fallback');
                 if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
                     $ilWACSignedPath->revalidatingFolderToken();
                 }
             }
             $this->setChecked(true);
             return $canBeDelivered;
         }
 
         // none of the checking mechanisms could have been applied. no access
         $this->setChecked(true);
         $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
         return !$this->getPathObject()->isInSecFolder();
     }

Here is the call graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )

protected

Exceptions

ilWACException

Definition at line 204 of file class.ilWebAccessChecker.php.

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, ANONYMOUS_USER_ID, and ILIAS\Repository\int().

Referenced by initILIAS().

                                            : void
     {
         global $DIC;
         $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
         $is_null_user = ($DIC->user()->getId() === 0);
         $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
         $isset = isset($DIC['ilSetting']);
         $instanceof = $DIC['ilSetting'] instanceof ilSetting;
 
         if (!$isset || !$instanceof) {
             throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
         }
 
         if ($pub_section_activated && ($is_null_user || $is_anonymous)) {
             // Request is initiated from an enabled public area
             return;
         }
 
         if ($is_anonymous || $is_null_user) {
             throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )

protected

Definition at line 227 of file class.ilWebAccessChecker.php.

References $DIC, ilWACException\ACCESS_DENIED_NO_LOGIN, and ILIAS\Repository\int().

Referenced by initILIAS().

                                   : void
     {
         global $DIC;
 
         $is_user = $DIC->user() instanceof ilObjUser;
         $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
         if (!$is_user || $user_id_is_zero) {
             throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )

Returns: int[]

Definition at line 321 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

                                                : array
     {
         return $this->applied_checking_methods;
     }

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )

Definition at line 258 of file class.ilWebAccessChecker.php.

References $disposition.

                                     : string
     {
         return $this->disposition;
     }

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )

Definition at line 268 of file class.ilWebAccessChecker.php.

References $override_mimetype.

                                          : string
     {
         return $this->override_mimetype;
     }

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

Definition at line 248 of file class.ilWebAccessChecker.php.

References $path_object.

Referenced by check(), and initILIAS().

                                    : ?\ilWACPath
     {
         return $this->path_object;
     }

Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )

Definition at line 154 of file class.ilWebAccessChecker.php.

References $DIC, Vendor\Package\$e, $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, ANONYMOUS_USER_ID, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check().

                                : void
     {
         global $DIC;
 
         if ($this->isInitialized()) {
             return;
         }
 
         $GLOBALS['COOKIE_PATH'] = '/';
 
         $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
                                       ->withPath('/')
                                       ->withExpires(0);
 
         $response = $this->http->cookieJar()
                                ->with($cookie)
                                ->renderIntoResponseHeader($this->http->response());
 
         $this->http->saveResponse($response);
 
         ilContext::init(ilContext::CONTEXT_WAC);
         try {
             ilInitialisation::initILIAS();
             $this->checkUser();
             $this->checkPublicSection();
         } catch (Exception $e) {
             if ($e instanceof ilWACException
                 && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
                 throw  $e;
             }
             if (($e instanceof Exception && $e->getMessage() === 'Authentication failed.')
                 || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
                 $this->initAnonymousSession();
                 $this->checkUser();
                 $this->checkPublicSection();
             }
         }
         $this->setInitialized(true);
 
         // This workaround is needed because these issues:
         // https://mantis.ilias.de/view.php?id=32284 and
         // https://mantis.ilias.de/view.php?id=32063
         if ($DIC->user()->getId() === 0) {
             $DIC->user()->setId(ANONYMOUS_USER_ID);
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )

Definition at line 238 of file class.ilWebAccessChecker.php.

References $checked.

                                : bool
     {
         return $this->checked;
     }

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )

Definition at line 278 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

                                    : bool
     {
         return $this->initialized;
     }

Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )

Definition at line 298 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

Referenced by check().

                                               : bool
     {
         return $this->revalidate_folder_tokens;
     }

Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )

Definition at line 288 of file class.ilWebAccessChecker.php.

References $send_status_code.

                                       : bool
     {
         return $this->send_status_code;
     }

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )

static

Definition at line 308 of file class.ilWebAccessChecker.php.

                                                  : bool
     {
         return self::$use_seperate_logfile;
     }

◆ sendHeader()

ilWebAccessChecker::sendHeader ( string $message )

protected

Definition at line 148 of file class.ilWebAccessChecker.php.

References $response, and ILIAS\FileDelivery\http().

Referenced by check().

                                                   : void
     {
         $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
         $this->http->saveResponse($response);
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array $applied_checking_methods )

Parameters

int[] $applied_checking_methods

Definition at line 329 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

                                                                               : void
     {
         $this->applied_checking_methods = $applied_checking_methods;
     }

◆ setChecked()

ilWebAccessChecker::setChecked ( bool $checked )

Definition at line 243 of file class.ilWebAccessChecker.php.

References $checked.

Referenced by check().

                                              : void
     {
         $this->checked = $checked;
     }

Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition ( string $disposition )

Definition at line 263 of file class.ilWebAccessChecker.php.

References $disposition.

                                                        : void
     {
         $this->disposition = $disposition;
     }

◆ setInitialized()

ilWebAccessChecker::setInitialized ( bool $initialized )

Definition at line 283 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

                                                      : void
     {
         $this->initialized = $initialized;
     }

Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype ( string $override_mimetype )

Definition at line 273 of file class.ilWebAccessChecker.php.

References $override_mimetype.

                                                                   : void
     {
         $this->override_mimetype = $override_mimetype;
     }

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath $path_object )

Definition at line 253 of file class.ilWebAccessChecker.php.

References $path_object.

Referenced by __construct().

                                                          : void
     {
         $this->path_object = $path_object;
     }

Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens ( bool $revalidate_folder_tokens )

Definition at line 303 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

                                                                              : void
     {
         $this->revalidate_folder_tokens = $revalidate_folder_tokens;
     }

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode ( bool $send_status_code )

Definition at line 293 of file class.ilWebAccessChecker.php.

References $send_status_code.

                                                              : void
     {
         $this->send_status_code = $send_status_code;
     }

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile ( bool $use_seperate_logfile )

static

Definition at line 313 of file class.ilWebAccessChecker.php.

References $use_seperate_logfile.

                                                                             : void
     {
         self::$use_seperate_logfile = $use_seperate_logfile;
     }