ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1 <?php
2 
18 declare(strict_types=1);
19 
24 class ilAuthProviderSoap extends ilAuthProvider
25 {
26  protected string $server_host = '';
27  protected string $server_port = '';
28  protected string $server_uri = '';
29  protected bool $server_https = false;
30  protected string $server_nms = '';
31  protected bool $use_dot_net = false;
32  protected string $uri = '';
33  protected nusoap_client $client;
34  protected ilLogger $logger;
35  protected ilSetting $settings;
36  protected ilLanguage $language;
37  protected ilRbacAdmin $rbacAdmin;
38 
39  public function __construct(ilAuthCredentials $credentials)
40  {
41  global $DIC;
42 
43  $this->settings = $DIC->settings();
44  $this->logger = $DIC->logger()->auth();
45  $this->language = $DIC->language();
46  $this->rbacAdmin = $DIC->rbac()->admin();
47 
48  parent::__construct($credentials);
49  }
50 
51  private function initClient(): void
52  {
53  $this->server_host = (string) $this->settings->get('soap_auth_server', '');
54  $this->server_port = (string) $this->settings->get('soap_auth_port', '');
55  $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
56  $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
57  $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
58  $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
59 
60  $this->uri = $this->server_https ? 'https://' : 'http://';
61  $this->uri .= $this->server_host;
62 
63  if ($this->server_port > 0) {
64  $this->uri .= (':' . $this->server_port);
65  }
66  if ($this->server_uri) {
67  $this->uri .= ('/' . $this->server_uri);
68  }
69 
70  require_once './webservice/soap/lib/nusoap.php';
71  $this->client = new nusoap_client($this->uri);
72  }
73 
77  public function doAuthentication(ilAuthStatus $status): bool
78  {
79  try {
80  $this->initClient();
81  $this->handleSoapAuth($status);
82  } catch (Exception $e) {
83  $this->getLogger()->error($e->getMessage());
84  $this->getLogger()->error($e->getTraceAsString());
85  $status->setTranslatedReason($e->getMessage());
86  }
87 
88  if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
89  $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
90  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
91  ilSession::set('used_external_auth_mode', ilAuthUtils::AUTH_SOAP);
92 
93  return true;
94  }
95 
96  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
97 
98  return false;
99  }
100 
101  private function handleSoapAuth(ilAuthStatus $status): bool
102  {
103  $this->logger->debug(sprintf(
104  'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
105  $this->getCredentials()->getUsername(),
106  'soap'
107  ));
108  $this->logger->debug(sprintf(
109  'Trying to find ext_account "%s" for auth_mode "%s".',
110  $this->getCredentials()->getUsername(),
111  'soap'
112  ));
113 
114  $internalLogin = ilObjUser::_checkExternalAuthAccount(
115  'soap',
116  $this->getCredentials()->getUsername()
117  );
118 
119  $isNewUser = false;
120  if ('' === $internalLogin || null === $internalLogin) {
121  $isNewUser = true;
122  }
123 
124  $soapAction = '';
125  $nspref = '';
126  if ($this->use_dot_net) {
127  $soapAction = $this->server_nms . '/isValidSession';
128  $nspref = 'ns1:';
129  }
130 
131  $valid = $this->client->call(
132  'isValidSession',
133  [
134  $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
135  $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
136  $nspref . 'new_user' => $isNewUser
137  ],
138  $this->server_nms,
139  $soapAction
140  );
141 
142  if (!is_array($valid)) {
143  $valid = ['valid' => false];
144  }
145 
146  if ($valid['valid'] !== true) {
147  $valid['valid'] = false;
148  }
149 
150  if (!$valid['valid']) {
151  $status->setReason('err_wrong_login');
152  return false;
153  }
154 
155  if (!$isNewUser) {
156  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
157  return true;
158  }
159 
160  if (!$this->settings->get('soap_auth_create_users')) {
161  // Translate the reasons, otherwise the default failure is displayed
162  $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
163  return false;
164  }
165 
166  $userObj = new ilObjUser();
167  $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
168 
169  $usrData = [];
170  $usrData['firstname'] = $valid['firstname'];
171  $usrData['lastname'] = $valid['lastname'];
172  $usrData['email'] = $valid['email'];
173  $usrData['login'] = $internalLogin;
174  $usrData['passwd'] = '';
175  $usrData['passwd_type'] = ilObjUser::PASSWD_CRYPTED;
176 
177  $password = '';
178  if ($this->settings->get('soap_auth_allow_local')) {
179  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
180  $password = $passwords[0];
181  $usrData['passwd'] = $password;
182  $usrData['passwd_type'] = ilObjUser::PASSWD_PLAIN;
183  }
184 
185  $usrData['auth_mode'] = 'soap';
186  $usrData['ext_account'] = $this->getCredentials()->getUsername();
187  $usrData['profile_incomplete'] = 1;
188 
189  $userObj->assignData($usrData);
190  $userObj->setTitle($userObj->getFullname());
191  $userObj->setDescription($userObj->getEmail());
192  $userObj->setLanguage($this->language->getDefaultLanguage());
193 
194  $userObj->setTimeLimitOwner(USER_FOLDER_ID);
195  $userObj->setTimeLimitUnlimited(true);
196  $userObj->setTimeLimitFrom(time());
197  $userObj->setTimeLimitUntil(time());
198  $userObj->setOwner(0);
199  $userObj->create();
200  $userObj->setActive(true);
201  $userObj->updateOwner();
202  $userObj->saveAsNew();
203  $userObj->writePrefs();
204 
205  $this->rbacAdmin->assignUser(
206  (int) $this->settings->get('soap_auth_user_default_role', '4'),
207  $userObj->getId()
208  );
209 
210  if ($this->settings->get('soap_auth_account_mail', '0')) {
211  $registrationSettings = new ilRegistrationSettings();
212  $registrationSettings->setPasswordGenerationStatus(true);
213 
214  $accountMail = new ilAccountRegistrationMail(
215  $registrationSettings,
216  $this->language,
217  $this->logger
218  );
219  $accountMail
220  ->withDirectRegistrationMode()
221  ->send($userObj, $password, false);
222  }
223 
224  $status->setAuthenticatedUserId($userObj->getId());
225  return true;
226  }
227 }
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:373
ilAuthCredentials
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilAuthCredentials.php:27
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
$valid
$valid
Definition: dummy_client.php:57
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:101
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:35
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:39
ilAuthProviderSoap
Class ilAuthProviderSoap.
Definition: class.ilAuthProviderSoap.php:24
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2737
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:128
$DIC
global $DIC
Definition: feed.php:28
ilAuthProvider
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthProvider.php:27
ILIAS\MetaData\Repository\Validation\Data\__construct
__construct(VocabulariesInterface $vocabularies)
Definition: VocabularyBridge.php:31
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7203
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:77
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:36
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:95
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilAuthStatus
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthStatus.php:27
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:457