ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilStartUpGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use Psr\Http\Message\ServerRequestInterface;
22 use ILIAS\UICore\PageContentProvider;
23 use ILIAS\Refinery\Factory as RefineryFactory;
24 use ILIAS\HTTP\Services as HTTPServices;
25 use ILIAS\TermsOfService\Consumer as TermsOfService;
26 use ILIAS\DataProtection\Consumer as DataProtection;
27 
32 class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
33 {
34  private const PROP_USERNAME = 'username';
35  private const PROP_PASSWORD = 'password';
36  private const PROP_AUTH_MODE = 'auth_mode';
37  private const PROP_CODE = 'code';
38  private const PROP_ACCOUNT_MIGRATION = 'account_migration';
39  private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
40  private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
41 
42  private ilCtrlInterface $ctrl;
43  private ilLanguage $lng;
44  private ilLogger $logger;
45  private ilGlobalTemplateInterface $mainTemplate;
46  private ilObjUser $user;
47  private ServerRequestInterface $httpRequest;
48  private ILIAS\DI\Container $dic;
49  private ilAuthSession $authSession;
50  private ilAppEventHandler $eventHandler;
51  private ilSetting $setting;
52  private ilAccessHandler $access;
53 
54  private RefineryFactory $refinery;
55  private HTTPServices $http;
56  private ilHelpGUI $help;
57  private ILIAS\UI\Factory $ui_factory;
58  private ILIAS\UI\Renderer $ui_renderer;
59 
60  public function __construct(
61  ilObjUser $user = null,
62  ilGlobalTemplateInterface $mainTemplate = null,
63  ServerRequestInterface $httpRequest = null
64  ) {
65  global $DIC;
66 
67  $this->dic = $DIC;
68 
69  $this->user = $user ?? $DIC->user();
70  $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
71  $this->httpRequest = $httpRequest ?? $DIC->http()->request();
72  $this->ctrl = $DIC->ctrl();
73  $this->lng = $DIC->language();
74  $this->lng->loadLanguageModule('auth');
75  $this->logger = ilLoggerFactory::getLogger('init');
76  $this->authSession = $DIC['ilAuthSession'];
77  $this->eventHandler = $DIC->event();
78  $this->setting = $DIC->settings();
79  $this->access = $DIC->access();
80  $this->help = $DIC->help();
81  $this->http = $DIC->http();
82  $this->refinery = $DIC->refinery();
83  $this->ui_factory = $DIC->ui()->factory();
84  $this->ui_renderer = $DIC->ui()->renderer();
85 
86  $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
87  $this->user->setLanguage($this->lng->getLangKey());
88  $this->help->setScreenIdComponent('init');
89  }
90 
91  private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
92  {
93  return $this->refinery->custom()->transformation(static function (array $values): array {
94  return array_merge(...$values);
95  });
96  }
97 
98  private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
99  {
100  return $this->refinery->custom()->transformation(static function (array $values): array {
101  $processed_values = array_merge(
102  ilArrayUtil::stripSlashesRecursive($values),
103  isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
104  );
105 
106  return $processed_values;
107  });
108  }
109 
110  private function initTargetFromQuery(): string
111  {
112  return $this->http->wrapper()->query()->retrieve(
113  'target',
114  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
115  );
116  }
117 
118  public function getUnsafeGetCommands(): array
119  {
120  return [
121  'doLogout'
122  ];
123  }
124 
125  public function getSafePostCommands(): array
126  {
127  return [
128  'doStandardAuthentication',
129  ];
130  }
131 
132  public function executeCommand(): void
133  {
134  $cmd = $this->ctrl->getCmd('processIndexPHP');
135  $next_class = $this->ctrl->getNextClass($this) ?? '';
136 
137  switch (strtolower($next_class)) {
138  case strtolower(ilLoginPageGUI::class):
139  break;
140 
141  case strtolower(ilAccountRegistrationGUI::class):
142  $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
143  return;
144 
145  case strtolower(ilPasswordAssistanceGUI::class):
146  $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
147  return;
148 
149  case strtolower(ilAccessibilityControlConceptGUI::class):
150  $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
151  return;
152 
153  default:
154  if (method_exists($this, $cmd)) {
155  $this->$cmd();
156  return;
157  }
158  }
159 
160  // because this class now implements ilCtrlSecurityInterface,
161  // it may occur that commands are null, therefore I added
162  // this as a fallback method.
163  $this->showLoginPageOrStartupPage();
164  }
165 
166  private function getLogger(): ilLogger
167  {
168  return $this->logger;
169  }
170 
171  private function jumpToRegistration(): void
172  {
173  $this->ctrl->setCmdClass(ilAccountRegistrationGUI::class);
174  $this->ctrl->setCmd('');
175  $this->executeCommand();
176  }
177 
178  private function jumpToPasswordAssistance(): void
179  {
180  $this->ctrl->setCmdClass(ilPasswordAssistanceGUI::class);
181  $this->ctrl->setCmd('');
182  $this->executeCommand();
183  }
184 
185  private function showLoginPageOrStartupPage(): void
186  {
187  $auth_session = $this->authSession;
188  $ilAppEventHandler = $this->eventHandler;
189 
190  $force_login = false;
191  $request_cmd = $this->http->wrapper()->query()->retrieve(
192  'cmd',
193  $this->refinery->byTrying([
194  $this->refinery->kindlyTo()->string(),
195  $this->refinery->always('')
196  ])
197  );
198  if ($request_cmd === 'force_login') {
199  $force_login = true;
200  }
201 
202  if ($force_login) {
203  $this->logger->debug('Force login');
204  if ($auth_session->isValid()) {
205  $messages = $this->retrieveMessagesFromSession();
206  $this->logger->debug('Valid session -> logout current user');
207  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
208  $auth_session->logout();
209 
210  $ilAppEventHandler->raise(
211  'Services/Authentication',
212  'afterLogout',
213  [
214  'username' => $this->user->getLogin(),
215  'is_explicit_logout' => false,
216  ]
217  );
218  }
219  $this->logger->debug('Show login page');
220  if (isset($messages) && count($messages) > 0) {
221  foreach ($messages as $type => $content) {
222  $this->mainTemplate->setOnScreenMessage($type, $content);
223  }
224  }
225 
226  $this->showLoginPage();
227  return;
228  }
229 
230  if ($auth_session->isValid()) {
231  $this->logger->debug('Valid session -> redirect to starting page');
232  ilInitialisation::redirectToStartingPage();
233  return;
234  }
235 
236  $this->logger->debug('No valid session -> show login');
237  $this->showLoginPage();
238  }
239 
240  private function showLoginPage(ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
241  {
242  global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
243 
244  $this->help->setSubScreenId('login');
245 
246  $this->getLogger()->debug('Showing login page');
247 
248  $extUid = $this->http->wrapper()->query()->retrieve(
249  'ext_uid',
250  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
251  );
252  $soapPw = $this->http->wrapper()->query()->retrieve(
253  'soap_pw',
254  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
255  );
256  $credentials = new ilAuthFrontendCredentialsSoap(
257  $GLOBALS['DIC']->http()->request(),
258  $this->ctrl,
259  $this->setting
260  );
261  $credentials->setUsername($extUid);
262  $credentials->setPassword($soapPw);
263  $credentials->tryAuthenticationOnLoginPage();
264 
265  $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
266  $frontend->tryAuthenticationOnLoginPage();
267 
268  $tpl = self::initStartUpTemplate('tpl.login.html');
269  $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
270  $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
271 
272  $page_editor_html = $this->getLoginPageEditorHTML();
273  $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
274  $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
275  $page_editor_html = $this->showLoginForm($page_editor_html, $form);
276  $page_editor_html = $this->showCASLoginForm($page_editor_html);
277  $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
278  $page_editor_html = $this->showSamlLoginForm($page_editor_html);
279  $page_editor_html = $this->showRegistrationLinks($page_editor_html);
280  $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
281  $page_editor_html = $this->purgePlaceholders($page_editor_html);
282 
283  // check expired session and send message
284  if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
285  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
286  } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
287  $this->lng->loadLanguageModule('registration');
288  $message_key = $this->http->wrapper()->query()->retrieve(
289  'reg_confirmation_msg',
290  $this->refinery->kindlyTo()->string()
291  );
292  $message_type = $message_key === 'reg_account_confirmation_successful' ?
293  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
294  $this->mainTemplate->setOnScreenMessage(
295  $message_type,
296  $this->lng->txt($message_key)
297  );
298  }
299  if ($page_editor_html !== '') {
300  $tpl->setVariable('LPE', $page_editor_html);
301  }
302 
303  if ($this->authSession->isExpired()) {
304  // The usr_id is is still the one of the former logged-in user, so we have to unset it
305  $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
306  $this->dic->user()->setId($this->authSession->getUserId());
307  $this->dic->user()->read();
308  }
309 
310  self::printToGlobalTemplate($tpl);
311  }
312 
316  public static function printToGlobalTemplate($tpl): void
317  {
318  global $DIC;
319  $gtpl = $DIC['tpl'];
320  $gtpl->setContent($tpl->get());
321  $gtpl->printToStdout('DEFAULT', false, true);
322  }
323 
327  private function retrieveMessagesFromSession(): array
328  {
329  $messages = [];
330  $message_types = [
331  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
332  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
333  ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
334  ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
335  ];
336 
337  foreach ($message_types as $message_type) {
338  if (ilSession::get($message_type)) {
339  $messages[$message_type] = ilSession::get($message_type);
340  }
341  }
342 
343  return $messages;
344  }
345 
346  private function showCodeForm(
347  string $username = null,
348  ILIAS\UI\Component\Input\Container\Form\Form $form = null
349  ): void {
350  $this->help->setSubScreenId('code_input');
351 
352  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
353 
354  $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
355  $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
356  self::printToGlobalTemplate($tpl);
357  }
358 
359  private function buildCodeForm(string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
360  {
361  $this->lng->loadLanguageModule('auth');
362 
363  $field_factory = $this->ui_factory->input()->field();
364 
365  $username_field = $field_factory
366  ->hidden()
367  ->withRequired(true);
368  if ($username !== null) {
369  $username_field = $username_field->withValue($username);
370  }
371 
372  return $this->ui_factory->input()
373  ->container()
374  ->form()
375  ->standard(
376  $this->ctrl->getFormAction($this, 'processCode'),
377  [
378  $field_factory->section(
379  [
380  self::PROP_CODE => $field_factory
381  ->text(
382  $this->lng->txt('auth_account_code'),
383  $this->lng->txt('auth_account_code_info')
384  )
385  ->withRequired(true),
386  // #11658
387  self::PROP_USERNAME => $username_field,
388  ],
389  $this->lng->txt('auth_account_code_title'),
390  ),
391  ]
392  )
393  ->withSubmitLabel($this->lng->txt('send'))
394  ->withAdditionalTransformation($this->mergeValuesTrafo())
395  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
396  }
397 
398  private function processCode(): void
399  {
400  $form = $this->buildCodeForm();
401  $form_valid = false;
402  $form_data = null;
403  if ($this->http->request()->getMethod() === 'POST') {
404  $form = $form->withRequest($this->http->request());
405  $form_data = $form->getData();
406  $form_valid = $form_data !== null;
407  }
408 
409  $uname = null;
410  if ($form_valid) {
411  $code = $form_data[self::PROP_CODE];
412  $uname = $form_data[self::PROP_USERNAME];
413  if (ilRegistrationCode::isUnusedCode($code)) {
414  $valid_until = ilRegistrationCode::getCodeValidUntil($code);
415  if (!$user_id = ilObjUser::_lookupId($uname)) {
416  $this->showLoginPage();
417  return;
418  }
419  $invalid_code = false;
420  $user = new ilObjUser($user_id);
421  if ($valid_until === '0') {
422  $user->setTimeLimitUnlimited(true);
423  } else {
424  if (is_numeric($valid_until)) {
425  $valid_until = strtotime('+' . $valid_until . 'days');
426  } else {
427  $valid_until = explode('-', $valid_until);
428  $valid_until = mktime(
429  23,
430  59,
431  59,
432  (int) $valid_until[1],
433  (int) $valid_until[2],
434  (int) $valid_until[0]
435  );
436  if ($valid_until < time()) {
437  $invalid_code = true;
438  }
439  }
440 
441  if (!$invalid_code) {
442  $user->setTimeLimitUnlimited(false);
443  $user->setTimeLimitUntil($valid_until);
444  }
445  }
446 
447  if (!$invalid_code) {
448  $user->setActive(true);
449  ilRegistrationCode::useCode($code);
450  // apply registration code role assignments
451  ilRegistrationCode::applyRoleAssignments($user, $code);
452  // apply registration code tie limits
453  ilRegistrationCode::applyAccessLimits($user, $code);
454 
455  $user->update();
456 
457  $this->ctrl->setParameter($this, 'cu', 1);
458  $this->lng->loadLanguageModule('auth');
459  $this->mainTemplate->setOnScreenMessage(
460  'success',
461  $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
462  true
463  );
464  $this->ctrl->redirect($this, 'showLoginPage');
465  }
466  }
467 
468  $this->lng->loadLanguageModule('user');
469  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
470  } else {
471  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
472  }
473 
474  $this->showCodeForm($uname, $form);
475  }
476 
477  private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
478  {
479  $field_factory = $this->ui_factory->input()->field();
480 
481  $fields = [];
482  $det = ilAuthModeDetermination::_getInstance();
483  if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
484  $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
485  $visible_auth_methods = [];
486  foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
487  if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
488  continue;
489  }
490 
491  $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
492 
493  if (isset($option['checked'])) {
494  $auth_mode = $auth_mode->withValue($key);
495  }
496  $visible_auth_methods[] = $key;
497  }
498 
499  if (count($visible_auth_methods) === 1) {
500  $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
501  }
502 
503  $fields[self::PROP_AUTH_MODE] = $auth_mode;
504  }
505 
506  $fields += [
507  self::PROP_USERNAME => $field_factory
508  ->text($this->lng->txt('username'))
509  ->withRequired(
510  true,
511  $this->refinery->custom()->constraint(
512  static function (string $value): bool {
513  return $value !== '';
514  },
515  static function (Closure $lng, string $value): string {
516  return $lng('auth_required_username');
517  }
518  )
519  ),
520  self::PROP_PASSWORD => $field_factory
521  ->password($this->lng->txt('password'))
522  ->withRevelation(true)
523  ->withRequired(
524  true,
525  $this->refinery->custom()->constraint(
526  static function (string $value): bool {
527  return $value !== '';
528  },
529  static function (Closure $lng, string $value): string {
530  return $lng('auth_required_password');
531  }
532  )
533  )
534  ->withAdditionalTransformation(
535  $this->refinery->custom()->transformation(
536  static function (ILIAS\Data\Password $value): string {
537  return $value->toString();
538  }
539  )
540  ),
541  ];
542 
543  $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias_via_login_form'))];
544 
545  return $this->ui_factory->input()
546  ->container()
547  ->form()
548  ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
549  ->withDedicatedName('login_form')
550  ->withSubmitLabel($this->lng->txt('log_in'))
551  ->withAdditionalTransformation($this->mergeValuesTrafo())
552  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
553  }
554 
555  private function doShibbolethAuthentication(): void
556  {
557  $this->getLogger()->debug('Trying shibboleth authentication');
558 
559  $credentials = new ilAuthFrontendCredentialsShibboleth();
560  $credentials->initFromRequest();
561 
562  $provider_factory = new ilAuthProviderFactory();
563  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_SHIBBOLETH);
564 
565  $status = ilAuthStatus::getInstance();
566 
567  $frontend_factory = new ilAuthFrontendFactory();
568  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
569  $frontend = $frontend_factory->getFrontend(
570  $this->authSession,
571  $status,
572  $credentials,
573  [$provider]
574  );
575  $frontend->authenticate();
576 
577  switch ($status->getStatus()) {
578  case ilAuthStatus::STATUS_AUTHENTICATED:
579  $this->logger->debug('Authentication successful; Redirecting to starting page.');
580  ilInitialisation::redirectToStartingPage();
581 
582  // no break
583  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
584  $this->ctrl->redirect($this, 'showAccountMigration');
585 
586  // no break
587  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
588  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
589  $this->ctrl->redirect($this, 'showLoginPage');
590  }
591 
592  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
593  $this->showLoginPage();
594  }
595 
596  private function doCasAuthentication(): void
597  {
598  $this->getLogger()->debug('Trying cas authentication');
599  $credentials = new ilAuthFrontendCredentialsCAS();
600 
601  $provider_factory = new ilAuthProviderFactory();
602  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_CAS);
603 
604  $status = ilAuthStatus::getInstance();
605 
606  $frontend_factory = new ilAuthFrontendFactory();
607  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
608  $frontend = $frontend_factory->getFrontend(
609  $this->authSession,
610  $status,
611  $credentials,
612  [$provider]
613  );
614  $frontend->authenticate();
615 
616  switch ($status->getStatus()) {
617  case ilAuthStatus::STATUS_AUTHENTICATED:
618  $this->getLogger()->debug('Authentication successful.');
619  ilInitialisation::redirectToStartingPage();
620 
621  // no break
622  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
623  default:
624  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()));
625  $this->showLoginPage();
626  }
627  }
628 
629  private function doLTIAuthentication(): void
630  {
631  $this->getLogger()->debug('Trying lti authentication');
632 
633  $credentials = new ilAuthFrontendCredentialsLTI();
634  $credentials->initFromRequest();
635 
636  $provider_factory = new ilAuthProviderFactory();
637  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
638 
639  $status = ilAuthStatus::getInstance();
640 
641  $frontend_factory = new ilAuthFrontendFactory();
642  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
643  $frontend = $frontend_factory->getFrontend(
644  $this->authSession,
645  $status,
646  $credentials,
647  [$provider]
648  );
649  $frontend->authenticate();
650 
651  switch ($status->getStatus()) {
652  case ilAuthStatus::STATUS_AUTHENTICATED:
653  ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
654  ilInitialisation::redirectToStartingPage();
655 
656  // no break
657  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
658  $this->ctrl->redirect($this, 'showAccountMigration');
659 
660  // no break
661  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
662  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
663  $this->ctrl->redirect($this, 'showLoginPage');
664  }
665 
666  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
667  $this->showLoginPage();
668  }
669 
670  private function doApacheAuthentication(): void
671  {
672  $this->getLogger()->debug('Trying apache authentication');
673 
674  $credentials = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
675  $credentials->initFromRequest();
676 
677  $provider_factory = new ilAuthProviderFactory();
678  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
679 
680  $status = ilAuthStatus::getInstance();
681 
682  $frontend_factory = new \ilAuthFrontendFactory();
683  $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
684  $frontend = $frontend_factory->getFrontend(
685  $this->authSession,
686  $status,
687  $credentials,
688  [$provider]
689  );
690  $frontend->authenticate();
691 
692  switch ($status->getStatus()) {
693  case ilAuthStatus::STATUS_AUTHENTICATED:
694  if ($credentials->hasValidTargetUrl()) {
695  $this->logger->debug(
696  sprintf(
697  'Authentication successful. Redirecting to starting page: %s',
698  $credentials->getTargetUrl()
699  )
700  );
701  $this->ctrl->redirectToURL($credentials->getTargetUrl());
702  }
703  $this->logger->debug(
704  'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
705  );
706  ilInitialisation::redirectToStartingPage();
707 
708  // no break
709  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
710  $this->ctrl->redirect($this, 'showAccountMigration');
711 
712  // no break
713  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
714  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
715  $this->ctrl->redirectToURL(
716  ilUtil::appendUrlParameterString(
717  $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
718  'passed_sso=1'
719  )
720  );
721  }
722 
723  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
724  $this->showLoginPage();
725  }
726 
727  private function doStandardAuthentication(): void
728  {
729  $form = $this->buildStandardLoginForm();
730  $form_valid = false;
731  $form_data = null;
732  if ($this->http->request()->getMethod() === 'POST') {
733  $form = $form->withRequest($this->http->request());
734  $form_data = $form->getData();
735  $form_valid = $form_data !== null;
736  }
737 
738  if (!$form_valid) {
739  $this->showLoginPage($form);
740  return;
741  }
742 
743  $this->getLogger()->debug('Trying to authenticate user.');
744 
745  $auth_callback = function () use ($form_data) {
746  $credentials = new ilAuthFrontendCredentials();
747  $credentials->setUsername($form_data[self::PROP_USERNAME]);
748  $credentials->setPassword($form_data[self::PROP_PASSWORD]);
749 
750  $det = ilAuthModeDetermination::_getInstance();
751  if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
752  $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
753  }
754 
755  $provider_factory = new ilAuthProviderFactory();
756  $providers = $provider_factory->getProviders($credentials);
757 
758  $status = ilAuthStatus::getInstance();
759 
760  $frontend_factory = new ilAuthFrontendFactory();
761  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
762  $frontend = $frontend_factory->getFrontend(
763  $this->authSession,
764  $status,
765  $credentials,
766  $providers
767  );
768  $frontend->authenticate();
769 
770  return $status;
771  };
772 
773  if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
774  $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
775  $status = $duration->stretch($auth_callback);
776  } else {
777  $status = $auth_callback();
778  }
779 
780  switch ($status->getStatus()) {
781  case ilAuthStatus::STATUS_AUTHENTICATED:
782  ilLoggerFactory::getLogger('auth')->debug(
783  'Authentication successful; Redirecting to starting page.'
784  );
785  ilInitialisation::redirectToStartingPage();
786 
787  // no break
788  case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
789  $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
790  $this->showLoginPage($this->buildCodeForm($uname));
791  return;
792 
793  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
794  $this->ctrl->redirect($this, 'showAccountMigration');
795 
796  // no break
797  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
798  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
799  $this->showLoginPage($form);
800  }
801  }
802 
803  private function showLoginForm(
804  string $page_editor_html,
805  ILIAS\UI\Component\Input\Container\Form\Form $form = null
806  ): string {
807  global $tpl;
808 
809  return $this->substituteLoginPageElements(
810  $tpl,
811  $page_editor_html,
812  $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
813  '[list-login-form]',
814  'LOGIN_FORM'
815  );
816  }
817 
818  private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
819  {
820  if ($page_editor_html !== '') {
821  return $page_editor_html;
822  }
823 
824  $loginSettings = new ilSetting('login_settings');
825  $information = trim($loginSettings->get('login_message_' . $this->lng->getLangKey()) ?? '');
826 
827  if ($information !== '') {
828  $tpl->setVariable('TXT_LOGIN_INFORMATION', $information);
829  }
830 
831  return $page_editor_html;
832  }
833 
834  private function showCASLoginForm(string $page_editor_html): string
835  {
836  if ($this->setting->get('cas_active')) {
837  $tpl = new ilTemplate('tpl.login_form_cas.html', true, true, 'Services/Init');
838  $tpl->setVariable('TXT_CAS_LOGIN', $this->lng->txt('login_to_ilias_via_cas'));
839  $tpl->setVariable('TXT_CAS_LOGIN_BUTTON', ilUtil::getImagePath('auth/cas_login_button.png'));
840  $tpl->setVariable('TXT_CAS_LOGIN_INSTRUCTIONS', $this->setting->get('cas_login_instructions'));
841  $this->ctrl->setParameter($this, 'forceCASLogin', '1');
842  $tpl->setVariable('TARGET_CAS_LOGIN', $this->ctrl->getLinkTarget($this, 'doCasAuthentication'));
843  $this->ctrl->setParameter($this, 'forceCASLogin', '');
844 
845  return $this->substituteLoginPageElements(
846  $GLOBALS['tpl'],
847  $page_editor_html,
848  $tpl->get(),
849  '[list-cas-login-form]',
850  'CAS_LOGIN_FORM'
851  );
852  }
853 
854  return $page_editor_html;
855  }
856 
857  private function showShibbolethLoginForm(string $page_editor_html): string
858  {
859  $target = $this->initTargetFromQuery();
860 
861  if ($this->setting->get('shib_active')) {
862  $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'Services/Init');
863 
864  $tpl->setVariable(
865  'SHIB_FORMACTION',
866  './shib_login.php'
867  ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
868  $federation_name = $this->setting->get('shib_federation_name');
869  $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
870  'administrator'
871  ) . '</a>.';
872  if ($this->setting->get('shib_hos_type') === 'external_wayf') {
873  $tpl->setCurrentBlock('shibboleth_login');
874  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
875  $tpl->setVariable('IL_TARGET', $target);
876  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
877  $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
878  $tpl->setVariable(
879  'TXT_SHIB_LOGIN_INSTRUCTIONS',
880  sprintf(
881  $this->lng->txt('shib_general_login_instructions'),
882  $federation_name,
883  $admin_mail
884  )
885  );
886  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
887  $tpl->parseCurrentBlock();
888  } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
889  $tpl->setCurrentBlock('shibboleth_custom_login');
890  $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
891  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
892  $tpl->parseCurrentBlock();
893  } else {
894  $tpl->setCurrentBlock('shibboleth_wayf_login');
895  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
896  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
897  $tpl->setVariable(
898  'TXT_SELECT_HOME_ORGANIZATION',
899  sprintf(
900  $this->lng->txt('shib_select_home_organization'),
901  $this->setting->get('shib_federation_name')
902  )
903  );
904  $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
905  $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
906  $tpl->setVariable(
907  'TXT_SHIB_LOGIN_INSTRUCTIONS',
908  sprintf(
909  $this->lng->txt('shib_general_wayf_login_instructions'),
910  $admin_mail
911  )
912  );
913  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
914 
915  $ilShibbolethWAYF = new ilShibbolethWAYF();
916 
917  $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
918  $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
919  $tpl->setVariable('ILW_TARGET', $target);
920  $tpl->parseCurrentBlock();
921  }
922 
923  return $this->substituteLoginPageElements(
924  $GLOBALS['tpl'],
925  $page_editor_html,
926  $tpl->get(),
927  '[list-shibboleth-login-form]',
928  'SHIB_LOGIN_FORM'
929  );
930  }
931 
932  return $page_editor_html;
933  }
934 
938  private function substituteLoginPageElements(
939  $tpl,
940  string $page_editor_html,
941  string $element_html,
942  string $placeholder,
943  string $fallback_tplvar
944  ): string {
945  if ($page_editor_html === '') {
946  $tpl->setVariable($fallback_tplvar, $element_html);
947  return $page_editor_html;
948  }
949 
950  if (stripos($page_editor_html, $placeholder) === false) {
951  $tpl->setVariable($fallback_tplvar, $element_html);
952  return $page_editor_html;
953  }
954 
955  return str_replace($placeholder, $element_html, $page_editor_html);
956  }
957 
958  private function getLoginPageEditorHTML(): string
959  {
960  $lpe = ilAuthLoginPageEditorSettings::getInstance();
961  $active_lang = $lpe->getIliasEditorLanguage($this->lng->getLangKey());
962 
963  if (!$active_lang) {
964  return '';
965  }
966 
967  // if page does not exist, return nothing
968  if (!ilPageUtil::_existsAndNotEmpty('auth', ilLanguage::lookupId($active_lang))) {
969  return '';
970  }
971 
972  // get page object
973  $page_gui = new ilLoginPageGUI(ilLanguage::lookupId($active_lang));
974 
975  $page_gui->setStyleId(0);
976 
977  $page_gui->setPresentationTitle('');
978  $page_gui->setTemplateOutput(false);
979  $page_gui->setHeader('');
980  $ret = $page_gui->showPage();
981 
982  return $ret;
983  }
984 
985  private function showRegistrationLinks(string $page_editor_html): string
986  {
987  global $tpl;
988 
989  $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'Services/Init');
990 
991  // allow new registrations?
992  if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
993  $rtpl->setCurrentBlock('new_registration');
994  $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
995  $rtpl->setVariable(
996  'CMD_REGISTER',
997  $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
998  );
999  $rtpl->parseCurrentBlock();
1000  }
1001  // allow password assistance? Surpress option if Authmode is not local database
1002  if ($this->setting->get('password_assistance')) {
1003  $rtpl->setCurrentBlock('password_assistance');
1004  $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
1005  $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
1006  $rtpl->setVariable(
1007  'CMD_FORGOT_PASSWORD',
1008  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
1009  );
1010  $rtpl->setVariable(
1011  'CMD_FORGOT_USERNAME',
1012  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
1013  );
1014  $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
1015  $rtpl->parseCurrentBlock();
1016  }
1017 
1018  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1019  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1020  $rtpl->setCurrentBlock('homelink');
1021  $rtpl->setVariable(
1022  'CLIENT_ID',
1023  '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
1024  );
1025  $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1026  $rtpl->parseCurrentBlock();
1027  }
1028 
1029  return $this->substituteLoginPageElements(
1030  $tpl,
1031  $page_editor_html,
1032  $rtpl->get(),
1033  '[list-registration-link]',
1034  'REG_PWD_CLIENT_LINKS'
1035  );
1036  }
1037 
1038  private function showLegalDocumentsLinks(string $page_editor_html): string
1039  {
1040  global $tpl;
1041  global $DIC;
1042 
1043  if (0 === $this->user->getId()) {
1044  $this->user->setId(ANONYMOUS_USER_ID);
1045  }
1046 
1047  $page_editor_html = $this->substituteLoginPageElements(
1048  $tpl,
1049  $page_editor_html,
1050  $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
1051  '[list-user-agreement]',
1052  'USER_AGREEMENT'
1053  );
1054  $page_editor_html = $this->substituteLoginPageElements(
1055  $tpl,
1056  $page_editor_html,
1057  $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
1058  '[list-dpro-agreement]',
1059  'DPRO_AGREEMENT'
1060  );
1061 
1062  return $page_editor_html;
1063  }
1064 
1065  private function purgePlaceholders(string $page_editor_html): string
1066  {
1067  return str_replace(
1068  [
1069  '[list-language-selection]',
1070  '[list-registration-link]',
1071  '[list-user-agreement]',
1072  '[list-dpro-agreement]',
1073  '[list-login-form]',
1074  '[list-cas-login-form]',
1075  '[list-saml-login]',
1076  '[list-shibboleth-login-form]',
1077  '[list-openid-connect-login]'
1078  ],
1079  '',
1080  $page_editor_html
1081  );
1082  }
1083 
1084  private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1085  {
1086  $field_factory = $this->ui_factory->input()->field();
1087 
1088  $keep = $field_factory->group(
1089  [
1090  self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1091  self::PROP_PASSWORD => $field_factory
1092  ->password($this->lng->txt('password'))
1093  ->withRequired(true)
1094  ->withRevelation(true)
1095  ->withAdditionalTransformation(
1096  $this->refinery->custom()->transformation(
1097  static function (ILIAS\Data\Password $value): string {
1098  return $value->toString();
1099  }
1100  )
1101  ),
1102  ],
1103  $this->lng->txt('auth_account_migration_keep'),
1104  $this->lng->txt('auth_info_migrate')
1105  );
1106 
1107  $new = $field_factory->group(
1108  [],
1109  $this->lng->txt('auth_account_migration_new'),
1110  $this->lng->txt('auth_info_add')
1111  );
1112 
1113  $fields = [
1114  self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1115  [
1116  self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1117  self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1118  ],
1119  $this->lng->txt('auth_account_migration_name')
1120  )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1121  ];
1122 
1123  $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1124 
1125  return $this->ui_factory->input()
1126  ->container()
1127  ->form()
1128  ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1129  ->withDedicatedName('login_form')
1130  ->withSubmitLabel($this->lng->txt('save'))
1131  ->withAdditionalTransformation($this->mergeValuesTrafo())
1132  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1133  }
1134 
1135  private function showAccountMigration(
1136  ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1137  string $message = ''
1138  ): void {
1139  $this->help->setSubScreenId('account_migration');
1140 
1141  $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1142  $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1143 
1144  if ($message !== '') {
1145  $this->mainTemplate->setOnScreenMessage('failure', $message);
1146  }
1147 
1148  self::printToGlobalTemplate($tpl);
1149  }
1150 
1151  private function migrateAccount(): void
1152  {
1153  $form = $this->buildAccountMigrationForm();
1154  $form_valid = false;
1155  $form_data = null;
1156  if ($this->http->request()->getMethod() === 'POST') {
1157  $form = $form->withRequest($this->http->request());
1158  $form_data = $form->getData();
1159  $form_valid = $form_data !== null;
1160  }
1161 
1162  if (!$form_valid) {
1163  $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1164  return;
1165  }
1166 
1167  $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1168  $account_migration_mode = $account_migration[0];
1169  if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1170  $this->doMigration($account_migration[1]);
1171  } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1172  $this->doMigrationNewAccount();
1173  } else {
1174  $this->showAccountMigration(
1175  $form,
1176  $this->lng->txt('form_input_not_valid')
1177  );
1178  }
1179  }
1180 
1181  private function doMigrationNewAccount(): void
1182  {
1183  $credentials = new ilAuthFrontendCredentials();
1184  $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1185 
1186  $provider_factory = new ilAuthProviderFactory();
1187  $provider = $provider_factory->getProviderByAuthMode(
1188  $credentials,
1189  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1190  );
1191 
1192  $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1193 
1194  $status = ilAuthStatus::getInstance();
1195 
1196  $frontend_factory = new ilAuthFrontendFactory();
1197  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1198  $frontend = $frontend_factory->getFrontend(
1199  $GLOBALS['DIC']['ilAuthSession'],
1200  $status,
1201  $credentials,
1202  [$provider]
1203  );
1204  if ($frontend->migrateAccountNew()) {
1205  ilInitialisation::redirectToStartingPage();
1206  }
1207 
1208  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1209  $this->ctrl->redirect($this, 'showAccountMigration');
1210  }
1211 
1215  private function doMigration(array $migration_request_data): void
1216  {
1217  $username = $migration_request_data[self::PROP_USERNAME];
1218  $password = $migration_request_data[self::PROP_PASSWORD];
1219 
1220  $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1221 
1222  $credentials = new ilAuthFrontendCredentials();
1223  $credentials->setUsername($username);
1224  $credentials->setPassword($password);
1225 
1226  $provider_factory = new ilAuthProviderFactory();
1227  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1228 
1229  $status = ilAuthStatus::getInstance();
1230 
1231  $frontend_factory = new ilAuthFrontendFactory();
1232  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1233  $frontend = $frontend_factory->getFrontend(
1234  $this->authSession,
1235  $status,
1236  $credentials,
1237  [$provider]
1238  );
1239  $frontend->authenticate();
1240 
1241  switch ($status->getStatus()) {
1242  case ilAuthStatus::STATUS_AUTHENTICATED:
1243  $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1244 
1245  $provider = $provider_factory->getProviderByAuthMode(
1246  $credentials,
1247  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1248  );
1249  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1250  $frontend = $frontend_factory->getFrontend(
1251  $GLOBALS['DIC']['ilAuthSession'],
1252  $status,
1253  $credentials,
1254  [$provider]
1255  );
1256  if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1257  ilInitialisation::redirectToStartingPage();
1258  }
1259 
1260  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1261  $this->ctrl->redirect($this, 'showAccountMigration');
1262 
1263  // no break
1264  default:
1265  $this->getLogger()->info('Account migration failed for user ' . $username);
1266  $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1267  }
1268  }
1269 
1270  private function showLogout(): void
1271  {
1272  $this->help->setSubScreenId('logout');
1273 
1274  $tpl = self::initStartUpTemplate('tpl.logout.html');
1275  $client_id = $this->http->wrapper()->query()->retrieve(
1276  'client_id',
1277  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1278  );
1279 
1280  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1281  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1282  $tpl->setCurrentBlock('homelink');
1283  $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1284  $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1285  $tpl->parseCurrentBlock();
1286  }
1287 
1288  $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1289  $tpl->setVariable(
1290  'TXT_LOGOUT_TEXT',
1291  $this->lng->txt('logout_text') . $this->dic['legalDocuments']->logoutText()
1292  );
1293  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1294  $tpl->setVariable(
1295  'CLIENT_ID',
1296  '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1297  );
1298 
1299  self::printToGlobalTemplate($tpl);
1300  }
1301 
1302  private function doLogout(): void
1303  {
1304  $this->eventHandler->raise(
1305  'Services/Authentication',
1306  'beforeLogout',
1307  [
1308  'user_id' => $this->user->getId()
1309  ]
1310  );
1311 
1312  $user_language = $this->user->getLanguage();
1313 
1314  $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1315 
1316  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1317  $this->authSession->logout();
1318  $this->eventHandler->raise(
1319  'Services/Authentication',
1320  'afterLogout',
1321  [
1322  'username' => $this->user->getLogin(),
1323  'is_explicit_logout' => true,
1324  'used_external_auth_mode' => $used_external_auth_mode,
1325  ]
1326  );
1327 
1328  // reset cookie
1329  ilUtil::setCookie("ilClientId", "");
1330 
1331  // redirect and show logout information
1332  $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1333  $this->ctrl->setParameter($this, 'lang', $user_language);
1334  $this->ctrl->redirect($this, 'showLogout');
1335  }
1336 
1337  protected function showLegalDocuments(): void
1338  {
1339  global $DIC;
1340  $tpl = self::initStartUpTemplate(['agreement.html', 'Services/LegalDocuments'], true, false);
1341  $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1342  self::printToGlobalTemplate($tpl);
1343  }
1344 
1345  private function processIndexPHP(): void
1346  {
1347  if ($this->authSession->isValid()) {
1348  if (!$this->user->isAnonymous() || (
1349  ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1350  $this->httpRequest->getServerParams()['SERVER_NAME']
1351  ) && $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)
1352  )) {
1353  ilInitialisation::redirectToStartingPage();
1354  return;
1355  }
1356  }
1357 
1358  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1359  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1360  ilInitialisation::goToPublicSection();
1361  }
1362 
1363  $this->showLoginPage();
1364  }
1365 
1369  public static function _checkGoto(string $a_target)
1370  {
1371  global $DIC;
1372 
1373  $component_factory = $DIC['component.factory'];
1374 
1375  $access = $DIC->access();
1376 
1377  foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1379  $gui_class = $ui_plugin->getUIClassInstance();
1380  $resp = $gui_class->checkGotoHook($a_target);
1381  if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1382  $a_target = $resp['target'];
1383  break;
1384  }
1385  }
1386 
1387  if ($a_target === '') {
1388  return false;
1389  }
1390 
1391  $t_arr = explode('_', $a_target);
1392  $type = $t_arr[0];
1393 
1394  if ($type === 'git') {
1395  $type = 'glo';
1396  }
1397 
1398  if ($type === 'pg' | $type === 'st') {
1399  $type = 'lm';
1400  }
1401 
1402  $class = $DIC['objDefinition']->getClassName($type);
1403  if ($class === '') {
1404  return false;
1405  }
1406 
1407  $location = $DIC['objDefinition']->getLocation($type);
1408  $full_class = 'ilObj' . $class . 'Access';
1409  include_once($location . '/class.' . $full_class . '.php');
1410 
1411  $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1412 
1413  // if no access and repository object => check for parent course/group
1414  if (!$ret &&
1415  isset($t_arr[1]) &&
1416  !str_contains($a_target, '_wsp') &&
1417  !$DIC->user()->isAnonymous() && // #10637
1418  !$DIC['objDefinition']->isAdministrationObject($type) &&
1419  $DIC['objDefinition']->isRBACObject($type)) {
1420  $ref_id = 0;
1421  // original type 'pg' => pg_<page_id>[_<ref_id>]
1422  if ($t_arr[0] === 'pg') {
1423  if (isset($t_arr[2])) {
1424  $ref_id = (int) $t_arr[2];
1425  } else {
1426  $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1427  $ref_ids = ilObject::_getAllReferences($lm_id);
1428  if ($ref_ids) {
1429  $ref_id = array_shift($ref_ids);
1430  }
1431  }
1432  } else {
1433  $ref_id = (int) $t_arr[1];
1434  }
1435 
1436  if ($ref_id < 1) {
1437  return false;
1438  }
1439 
1440  $block_obj = [];
1441 
1442  // walk path to find parent container
1443  $path = $DIC->repositoryTree()->getPathId($ref_id);
1444  array_pop($path);
1445  foreach ($path as $path_ref_id) {
1446  $redirect_infopage = false;
1447  $add_member_role = false;
1448 
1449  $ptype = ilObject::_lookupType($path_ref_id, true);
1450  $pobj_id = ilObject::_lookupObjId($path_ref_id);
1451 
1452  // core checks: timings/object-specific
1453  if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1454  !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1455  // object in path is inaccessible - aborting
1456  return false;
1457  } elseif ($ptype === 'crs') {
1458  // check if already participant
1459  $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1460  if (!$participants->isAssigned()) {
1461  // subscription currently possible?
1462  if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1463  $block_obj[] = $path_ref_id;
1464  $add_member_role = true;
1465  } else {
1466  $redirect_infopage = true;
1467  }
1468  }
1469  } elseif ($ptype === 'grp') {
1470  // check if already participant
1471  if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1472  // subscription currently possible?
1473  $group_obj = new ilObjGroup($path_ref_id);
1474  if ($group_obj->isRegistrationEnabled()) {
1475  $block_obj[] = $path_ref_id;
1476  $add_member_role = true;
1477  } else {
1478  $redirect_infopage = true;
1479  }
1480  }
1481  }
1482 
1483  // add members roles for all 'blocking' objects
1484  if ($add_member_role) {
1485  // cannot join? goto will never work, so redirect to current object
1486  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1487  if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1488  $redirect_infopage = true;
1489  } else {
1490  $DIC->rbac()->system()->addTemporaryRole(
1491  $DIC->user()->getId(),
1492  ilParticipants::getDefaultMemberRole($path_ref_id)
1493  );
1494  }
1495  }
1496 
1497  // redirect to infopage of 1st blocking object in path
1498  if ($redirect_infopage) {
1499  if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1500  ilUtil::redirect(
1501  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1502  );
1503  } else {
1504  return false;
1505  }
1506  }
1507  }
1508 
1509  // check if access will be possible with all (possible) member roles added
1510  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1511  if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1512  // this won't work with lm-pages (see above)
1513  // keep original target
1514  ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1515 
1516  // redirect to 1st non-member object in path
1517  ilUtil::redirect(
1518  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1519  );
1520  }
1521  }
1522 
1523  return $ret;
1524  }
1525 
1526  private function confirmRegistration(): void
1527  {
1528  $this->lng->loadLanguageModule('registration');
1529 
1530  ilUtil::setCookie('iltest', 'cookie', false);
1531  $regitration_hash = trim($this->http->wrapper()->query()->retrieve(
1532  'rh',
1533  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1534  ));
1535  if ($regitration_hash === '') {
1536  $this->mainTemplate->setOnScreenMessage(
1537  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1538  $this->lng->txt('reg_confirmation_hash_not_passed'),
1539  true
1540  );
1541  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1542  }
1543 
1544  try {
1545  $oRegSettings = new ilRegistrationSettings();
1546 
1547  $usr_id = ilObjUser::_verifyRegistrationHash(trim($regitration_hash));
1549  $user = ilObjectFactory::getInstanceByObjId($usr_id);
1550  $user->setActive(true);
1551  $password = '';
1552  if ($oRegSettings->passwordGenerationEnabled()) {
1553  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
1554  $password = $passwords[0];
1555  $user->setPasswd($password, ilObjUser::PASSWD_PLAIN);
1556  $user->setLastPasswordChangeTS(time());
1557  }
1558  $user->update();
1559 
1560  $accountMail = (new ilAccountRegistrationMail(
1561  $oRegSettings,
1562  $this->lng,
1563  ilLoggerFactory::getLogger('user')
1564  ))->withEmailConfirmationRegistrationMode();
1565 
1566  if ($user->getPref('reg_target') ?? '') {
1567  $accountMail = $accountMail->withPermanentLinkTarget($user->getPref('reg_target'));
1568  }
1569 
1570  $accountMail->send($user, $password);
1571 
1572  $this->mainTemplate->setOnScreenMessage(
1573  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
1574  $this->lng->txt('reg_account_confirmation_successful'),
1575  true
1576  );
1577  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1578  } catch (ilRegConfirmationLinkExpiredException $exception) {
1579  $soap_client = new ilSoapClient();
1580  $soap_client->setResponseTimeout(1);
1581  $soap_client->enableWSDL(true);
1582  $soap_client->init();
1583 
1584  $this->logger->info(
1585  'Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...'
1586  );
1587 
1588  $soap_client->call(
1589  'deleteExpiredDualOptInUserObjects',
1590  [
1591  $_COOKIE[session_name()] . '::' . CLIENT_ID,
1592  $exception->getCode() // user id
1593  ]
1594  );
1595 
1596  $this->mainTemplate->setOnScreenMessage(
1597  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1598  $this->lng->txt($exception->getMessage()),
1599  true
1600  );
1601  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1602  } catch (ilRegistrationHashNotFoundException $exception) {
1603  $this->mainTemplate->setOnScreenMessage(
1604  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1605  $this->lng->txt($exception->getMessage()),
1606  true
1607  );
1608  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1609  }
1610  }
1611 
1616  public static function initStartUpTemplate(
1617  $a_tmpl,
1618  bool $a_show_back = false,
1619  bool $a_show_logout = false
1620  ): ilGlobalTemplateInterface {
1621  global $DIC;
1622 
1623  $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1624 
1625  $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'Services/Init');
1626 
1627  $view_title = $DIC->language()->txt('login_to_ilias');
1628  if ($a_show_back) {
1629  // #13400
1630  $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1631 
1632  $tpl->setCurrentBlock('link_item_bl');
1633  $tpl->setVariable('LINK_TXT', $view_title);
1634  $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1635  $tpl->parseCurrentBlock();
1636 
1637  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1638  $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1639  $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1640  $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1641  $tpl->parseCurrentBlock();
1642  }
1643  } elseif ($a_show_logout) {
1644  $view_title = $DIC->language()->txt('logout');
1645  $tpl->setCurrentBlock('link_item_bl');
1646  $tpl->setVariable('LINK_TXT', $view_title);
1647  $tpl->setVariable('LINK_URL', self::logoutUrl());
1648  $tpl->parseCurrentBlock();
1649  }
1650 
1651  if (is_array($a_tmpl)) {
1652  $template_file = $a_tmpl[0];
1653  $template_dir = $a_tmpl[1];
1654  } else {
1655  $template_file = $a_tmpl;
1656  $template_dir = 'Services/Init';
1657  }
1658 
1659  $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1660 
1661  PageContentProvider::setViewTitle($view_title);
1662  $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1663  if ($short_title === '') {
1664  $short_title = 'ILIAS';
1665  }
1666  PageContentProvider::setShortTitle($short_title);
1667 
1668  $header_title = ilObjSystemFolder::_getHeaderTitle();
1669  PageContentProvider::setTitle($header_title);
1670 
1671  return $tpl;
1672  }
1673 
1674  private function showSamlLoginForm(string $page_editor_html): string
1675  {
1676  if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1677  $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'Services/Saml');
1678 
1679  $return = '';
1680  $target = $this->initTargetFromQuery();
1681  if ($target !== '') {
1682  $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1683  }
1684 
1685  $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1686  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1687  $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1688  $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1689  $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1690 
1691  return $this->substituteLoginPageElements(
1692  $GLOBALS['tpl'],
1693  $page_editor_html,
1694  $tpl->get(),
1695  '[list-saml-login]',
1696  'SAML_LOGIN_FORM'
1697  );
1698  }
1699 
1700  return $page_editor_html;
1701  }
1702 
1703  private function showOpenIdConnectLoginForm(string $page_editor_html): string
1704  {
1705  $oidc_settings = ilOpenIdConnectSettings::getInstance();
1706  if ($oidc_settings->getActive()) {
1707  $tpl = new ilTemplate('tpl.login_element.html', true, true, 'Services/OpenIdConnect');
1708 
1709  $this->lng->loadLanguageModule('auth');
1710  $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1711 
1712  $target = $this->initTargetFromQuery();
1713  $target_str = empty($target) ? '' : ('?target=' . $target);
1714  switch ($oidc_settings->getLoginElementType()) {
1715  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1716  $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1717  $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1718  break;
1719 
1720  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1721  $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1722  $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1723  break;
1724  }
1725 
1726  return $this->substituteLoginPageElements(
1727  $GLOBALS['tpl'],
1728  $page_editor_html,
1729  $tpl->get(),
1730  '[list-openid-connect-login]',
1731  'OPEN_ID_CONNECT_LOGIN_FORM'
1732  );
1733  }
1734 
1735  return $page_editor_html;
1736  }
1737 
1738  private function doOpenIdConnectAuthentication(): void
1739  {
1740  $this->getLogger()->debug('Trying openid connect authentication');
1741 
1742  $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1743  $credentials->initFromRequest();
1744 
1745  $provider_factory = new ilAuthProviderFactory();
1746  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1747 
1748  $status = ilAuthStatus::getInstance();
1749 
1750  $frontend_factory = new ilAuthFrontendFactory();
1751  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1752  $frontend = $frontend_factory->getFrontend(
1753  $this->authSession,
1754  $status,
1755  $credentials,
1756  [$provider]
1757  );
1758  $frontend->authenticate();
1759 
1760  switch ($status->getStatus()) {
1761  case ilAuthStatus::STATUS_AUTHENTICATED:
1762  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1763  if ($credentials->getRedirectionTarget()) {
1764  ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1765  }
1766  ilInitialisation::redirectToStartingPage();
1767 
1768  // no break
1769  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1770  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1771  $this->ctrl->redirect($this, 'showLoginPage');
1772  }
1773 
1774  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1775  $this->showLoginPage();
1776  }
1777 
1778  private function doSamlAuthentication(): void
1779  {
1780  $this->getLogger()->debug('Trying saml authentication');
1781  $request = $this->httpRequest;
1782  $params = $request->getQueryParams();
1783 
1784  $factory = new ilSamlAuthFactory();
1785  $auth = $factory->auth();
1786 
1787  if (isset($params['action']) && $params['action'] === 'logout') {
1788  $logout_url = $params['logout_url'] ?? '';
1789  $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1790  $auth->logout($logout_url);
1791  }
1792 
1793  if (isset($params['target']) && !isset($params['returnTo'])) {
1794  $params['returnTo'] = $params['target'];
1795  }
1796  if (isset($params['returnTo'])) {
1797  $auth->storeParam('target', $params['returnTo']);
1798  }
1799 
1800  $this->logger->debug('Started SAML authentication request');
1801  if (!$auth->isAuthenticated()) {
1802  ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1803  if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1804  $activeIdps = ilSamlIdp::getActiveIdpList();
1805  if (count($activeIdps) === 1) {
1806  $idp = current($activeIdps);
1807 
1808  ilLoggerFactory::getLogger('auth')->debug(
1809  sprintf(
1810  'Found exactly one active IDP with id %s: %s',
1811  $idp->getIdpId(),
1812  $idp->getEntityId()
1813  )
1814  );
1815 
1816  $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1817  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1818  $this->ctrl->setTargetScript('saml.php');
1819  $this->ctrl->redirect($this, 'doSamlAuthentication');
1820  } elseif ($activeIdps === []) {
1821  $this->logger->debug('Did not find any active IDP, skipp authentication process');
1822  $this->ctrl->redirect($this, 'showLoginPage');
1823  } else {
1824  $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1825  $this->showSamlIdpSelection($auth, $activeIdps);
1826  return;
1827  }
1828  }
1829 
1830  $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1831  $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1832  }
1833 
1834  $auth = $factory->auth();
1835 
1836  $this->logger->debug('Checking SAML authentication status...');
1837  $auth->protectResource();
1838  $this->logger->debug(
1839  'SAML authentication successful, continuing with ILIAS internal authentication process...'
1840  );
1841 
1842  $idpId = (int) $auth->getParam('idpId');
1843 
1844  $this->logger->debug(
1845  sprintf(
1846  'Internal SAML IDP id fetched from session: %s',
1847  $idpId
1848  )
1849  );
1850 
1851  if ($idpId < 1) {
1852  $this->logger->debug(
1853  'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1854  );
1855  $authData = $auth->getAuthDataArray();
1856  if (isset($authData['saml:sp:IdP'])) {
1857  $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1858  $this->logger->debug(
1859  sprintf(
1860  'Searching active ILIAS IDP by entity id "%s" results in: %s',
1861  $authData['saml:sp:IdP'],
1862  $idpId
1863  )
1864  );
1865  } else {
1866  $this->logger->debug(
1867  'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1868  );
1869  }
1870  }
1871 
1872  $target = $auth->popParam('target');
1873 
1874  $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1875 
1876  $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1877  $credentials->initFromRequest();
1878 
1879  $provider_factory = new ilAuthProviderFactory();
1880  $provider = $provider_factory->getProviderByAuthMode(
1881  $credentials,
1882  ilUtil::stripSlashes(
1883  ilAuthUtils::AUTH_SAML . '_' . $idpId
1884  )
1885  );
1886 
1887  if ($target) {
1888  $credentials->setReturnTo($target);
1889  } else {
1890  $target = $credentials->getReturnTo();
1891  }
1892 
1893  $status = ilAuthStatus::getInstance();
1894 
1895  $frontend_factory = new ilAuthFrontendFactory();
1896  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1897  $frontend = $frontend_factory->getFrontend(
1898  $this->authSession,
1899  $status,
1900  $credentials,
1901  [$provider]
1902  );
1903  $frontend->authenticate();
1904 
1905  switch ($status->getStatus()) {
1906  case ilAuthStatus::STATUS_AUTHENTICATED:
1907  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1908  ilInitialisation::redirectToStartingPage($target ?? '');
1909 
1910  // no break
1911  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1912  $this->ctrl->redirect($this, 'showAccountMigration');
1913 
1914  // no break
1915  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1916  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1917  $this->ctrl->redirect($this, 'showLoginPage');
1918  }
1919 
1920  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1921  $this->showLoginPage();
1922  }
1923 
1927  private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
1928  {
1929  $this->help->setSubScreenId('saml_idp_selection');
1930 
1931  self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'Services/Saml']);
1932 
1933  $this->ctrl->setTargetScript('saml.php');
1934  $items = [];
1935  $table = new ilSamlIdpSelectionTableGUI($this, 'doSamlAuthentication');
1936  foreach ($idps as $idp) {
1937  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1938  $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
1939 
1940  $items[] = [
1941  'idp_link' => $this->ui_renderer->render(
1942  $this->ui_factory->link()->standard(
1943  $idp->getEntityId(),
1944  $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
1945  )
1946  )
1947  ];
1948  }
1949 
1950  $table->setData($items);
1951  $this->mainTemplate->setVariable('CONTENT', $table->getHtml());
1952  $this->mainTemplate->printToStdout('DEFAULT', false);
1953  }
1954 
1960  public static function logoutUrl(array $parameters = []): string
1961  {
1962  global $DIC;
1963 
1964  $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
1965  $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
1966 
1967  $DIC->ctrl()->setTargetScript('logout.php');
1968  $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
1969  $DIC->ctrl()->setTargetScript('ilias.php');
1970 
1971  return $url;
1972  }
1973 }
ilStartUpGUI\showCodeForm
showCodeForm(string $username=null, ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:346
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:465
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:125
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $a_unlimited)
Definition: class.ilObjUser.php:1784
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:40
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:120
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection...
Definition: class.ilStartUpGUI.php:1616
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:23
ilLoginPageGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLoginPageGUI.php:30
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:380
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:61
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:818
ilStartUpGUI\buildCodeForm
buildCodeForm(string $username=null)
Definition: class.ilStartUpGUI.php:359
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:273
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:397
ilObjUser\_verifyRegistrationHash
static _verifyRegistrationHash(string $a_hash)
Verifies a registration hash.
Definition: class.ilObjUser.php:3747
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:29
ilAccountRegistrationGUI
Class ilAccountRegistrationGUI.
Definition: class.ilAccountRegistrationGUI.php:26
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:45
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:33
ilRegConfirmationLinkExpiredException
Class for user related exception handling in ILIAS.
Definition: class.ilRegConfirmationLinkExpiredException.php:25
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:539
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ILIAS
Class ChatMainBarProvider .
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:396
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:813
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:66
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:27
ilAuthFrontendFactory
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendFactory.php:27
ILIAS\UI\Component
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:35
ilStartUpGUI\showLoginPage
showLoginPage(ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:240
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:972
ilGlobalTemplateInterface\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
$duration
$duration
Definition: LOMStructure.php:38
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1774
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:316
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1065
ilAuthFrontendCredentialsOpenIdConnect
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentialsOpenIdConnect.php:24
$path
$path
Definition: ltiservices.php:32
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:55
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1258
ilAuthFrontendCredentialsLTI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentialsLTI.php:27
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:927
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:38
ilCtrlBaseClassInterface
Interface ilCtrlBaseClassInterface describes ilCtrl base classes.
Definition: interface.ilCtrlBaseClassInterface.php:23
$DIC
global $DIC
Definition: feed.php:28
$provider
$provider
Definition: ltitoken.php:83
ilAuthFrontendCredentialsSaml
Class ilAuthFrontendCredentialsSaml.
Definition: class.ilAuthFrontendCredentialsSaml.php:27
ilObjUser\setActive
setActive(bool $a_active, int $a_owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1681
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1703
$messages
$messages
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: xapiexit.php:22
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:857
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages) ...
Definition: class.ilPageUtil.php:31
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:52
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:1960
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1280
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:51
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:231
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilObjUser\getPref
getPref(string $a_keyword)
Definition: class.ilObjUser.php:1057
$param
$param
Definition: xapitoken.php:46
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:31
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:803
$url
$url
Definition: ltiregstart.php:35
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:340
ilSamlIdpSelectionTableGUI
Class ilSamlIdpSelectionTableGUI.
Definition: class.ilSamlIdpSelectionTableGUI.php:25
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:39
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1569
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:938
ilStartUpGUI\showAccountMigration
showAccountMigration(ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1135
ilStartUpGUI\__construct
__construct(ilObjUser $user=null, ilGlobalTemplateInterface $mainTemplate=null, ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:60
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:943
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilObjUser\setLastPasswordChangeTS
setLastPasswordChangeTS(int $a_last_password_change_ts)
Definition: class.ilObjUser.php:1517
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:547
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:37
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:42
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1215
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:286
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:985
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:49
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1944
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:493
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1038
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:57
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:50
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:1927
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:691
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:206
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:54
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:429
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:31
$client_id
$client_id
Definition: ltiauth.php:68
$message
$message
Definition: xapiexit.php:32
ilAuthLoginPageEditorSettings\getInstance
static getInstance()
Get singelton instance.
Definition: class.ilAuthLoginPageEditorSettings.php:54
ilRegistrationHashNotFoundException
Class for user related exception handling in ILIAS.
Definition: class.ilRegistrationHashNotFoundException.php:26
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:47
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:220
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:322
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1088
ilCtrlSecurityInterface
Interface ilCtrlSecurityInterface provides ilCtrl security information.
Definition: interface.ilCtrlSecurityInterface.php:15
ilAuthFrontendCredentials
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentials.php:24
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:118
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:457
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:58
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:355
ilAuthFrontendCredentialsCAS
Auth frontend credentials for CAS auth.
Definition: class.ilAuthFrontendCredentialsCAS.php:23
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1674
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
ilStartUpGUI\showCASLoginForm
showCASLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:834
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:680