d2/da7/AuthFrontendCredentialsApache_8php_source.html

<?php


declare(strict_types=1);


namespace ILIAS\AuthApache;


use ilAuthFrontendCredentials;

use ILIAS\HTTP\GlobalHttpState;

use ILIAS\Refinery\Factory;

use ilUtil;

use ilSetting;

use ilContext;

use ilLogLevel;

use ilCtrlInterface;

use ILIAS\ApacheAuth\UsernameProvider\CollectUsernameProvidersObjective;

use ILIAS\ApacheAuth\UsernameProvider\UsernameProviderFactory;

use ILIAS\ApacheAuth\UsernameProvider\UsernameResolver;


class AuthFrontendCredentialsApache extends ilAuthFrontendCredentials

{

    private readonly ilSetting $settings;


    public function __construct(

        private readonly GlobalHttpState $http,

        private readonly Factory $refinery,

        private readonly ilCtrlInterface $ctrl

    ) {

        $this->settings = new ilSetting('apache_auth');

        parent::__construct();

    }


    public function tryAuthenticationOnLoginPage(): void

    {

        if (!$this->getSettings()->get('apache_enable_auth', '0')) {

            return;

        }


        if (!$this->getSettings()->get('apache_auth_authenticate_on_login_page', '0')) {

            return;

        }


        if ((\defined('IL_CERT_SSO') && \IL_CERT_SSO === true) ||

            !ilContext::supportsRedirects() ||

            $this->http->wrapper()->query()->has('passed_sso')) {

            return;

        }


        $redirect_url = ilUtil::getHtmlPath('./sso/index.php?force_mode_apache=1');


        if ($this->http->wrapper()->query()->has('target')) {

            $url = (string) ($this->http->request()->getServerParams()['REQUEST_URI'] ?? '');

            if (str_starts_with($url, '/')) {

                $url = substr($url, 1);

            }


            if (!str_starts_with($url, 'http')) {

                $parts = parse_url(ILIAS_HTTP_PATH);

                $url = $parts['scheme'] . '://' . $parts['host'] . '/' . $url;

            }


            $uri = new \ILIAS\Data\URI($url);

            /*

             * If `tryAuthenticationOnLoginPage` is called and a permanent-link "target" is provided,

             * we ensure using `goto.php` as landing page after successful authentication

             */

            $uri = $uri->withPath(str_replace(['login.php', 'ilias.php'], 'goto.php', $uri->getPath()));

            $redirect_url = ilUtil::appendUrlParameterString(

                $redirect_url,

                'r=' . urlencode($this->refinery->uri()->toString()->transform($uri))

            );

        }


        $this->ctrl->redirectToURL($redirect_url);

    }


    protected function getSettings(): ilSetting

    {

        return $this->settings;

    }


    public function initFromRequest(): void

    {

        $mapping_field_name = $this->getSettings()->get('apache_auth_username_direct_mapping_fieldname', '');


        $this->logger->dump($this->http->request()->getServerParams(), ilLogLevel::DEBUG);

        $this->logger->debug($mapping_field_name);


        switch ($this->getSettings()->get('apache_auth_username_config_type')) {

            case AuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING:

                if (isset($this->http->request()->getServerParams()[$mapping_field_name])) {

                    $this->setUsername($this->http->request()->getServerParams()[$mapping_field_name]);

                }

                break;


            case AuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION:

                $factory = new UsernameProviderFactory();

                $resolver = new UsernameResolver($factory->fromClassNames(

                    require CollectUsernameProvidersObjective::PATH()

                ), $this->logger);


                $this->setUsername($resolver->resolve($this->http->request())->asString());

                break;

        }

    }


    public function hasValidTargetUrl(): bool

    {

        $target_url = trim(

            $this->http->wrapper()->query()->retrieve('r', $this->refinery->byTrying([

                $this->refinery->kindlyTo()->string(),

                $this->refinery->always(''),

            ]))

        );

        if ($target_url === '') {

            return false;

        }


        $valid_hosts = [];

        $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';

        if (file_exists($path) && is_readable($path)) {

            foreach (file($path) as $line) {

                if (trim($line)) {

                    $valid_hosts[] = trim($line);

                }

            }

        }


        return (new WhiteListUrlValidator($target_url, $valid_hosts))->isValid();

    }


    public function getTargetUrl(): string

    {

        $target_url = trim($this->http->wrapper()->query()->retrieve('r', $this->refinery->kindlyTo()->string()));


        return ilUtil::appendUrlParameterString($target_url, 'passed_sso=1');

    }

}

IL_CERT_SSO
const IL_CERT_SSO(isset($_GET['client_id']))
Definition: index.php:47

$resolver
foreach($components as $component) $resolver
Definition: build_bootstrap.php:82

ILIAS\ApacheAuth\UsernameProvider\CollectUsernameProvidersObjective
Definition: CollectUsernameProvidersObjective.php:26

ILIAS\ApacheAuth\UsernameProvider\UsernameProviderFactory
Definition: UsernameProviderFactory.php:24

ILIAS\ApacheAuth\UsernameProvider\UsernameResolver
Resolves a username by selecting the first provider (by descending priority) that returns a non-empty...
Definition: UsernameResolver.php:30

ILIAS\AuthApache\AuthFrontendCredentialsApache
Definition: AuthFrontendCredentialsApache.php:36

ILIAS\AuthApache\AuthFrontendCredentialsApache\tryAuthenticationOnLoginPage
tryAuthenticationOnLoginPage()
Check if an authentication attempt should be done when login page has been called.
Definition: AuthFrontendCredentialsApache.php:52

ILIAS\AuthApache\AuthFrontendCredentialsApache\$settings
readonly ilSetting $settings
Definition: AuthFrontendCredentialsApache.php:37

ILIAS\AuthApache\AuthFrontendCredentialsApache\hasValidTargetUrl
hasValidTargetUrl()
Definition: AuthFrontendCredentialsApache.php:126

ILIAS\AuthApache\AuthFrontendCredentialsApache\getSettings
getSettings()
Definition: AuthFrontendCredentialsApache.php:96

ILIAS\AuthApache\AuthFrontendCredentialsApache\__construct
__construct(private readonly GlobalHttpState $http, private readonly Factory $refinery, private readonly ilCtrlInterface $ctrl)
Definition: AuthFrontendCredentialsApache.php:39

ILIAS\AuthApache\AuthFrontendCredentialsApache\getTargetUrl
getTargetUrl()
Definition: AuthFrontendCredentialsApache.php:151

ILIAS\AuthApache\AuthFrontendCredentialsApache\initFromRequest
initFromRequest()
Definition: AuthFrontendCredentialsApache.php:101

ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_DIRECT_MAPPING
const int APACHE_AUTH_TYPE_DIRECT_MAPPING
Definition: AuthProviderApache.php:39

ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_BY_FUNCTION
const int APACHE_AUTH_TYPE_BY_FUNCTION
Definition: AuthProviderApache.php:41

ILIAS\AuthApache\WhiteListUrlValidator
Definition: WhiteListUrlValidator.php:24

ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36

ILIAS\Refinery\Factory
Definition: Factory.php:26

ilAuthFrontendCredentials
Definition: class.ilAuthFrontendCredentials.php:22

ilAuthFrontendCredentials\setUsername
setUsername(string $a_name)
Definition: class.ilAuthFrontendCredentials.php:34

ilContext
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: ilContext.php:26

ilContext\supportsRedirects
static supportsRedirects()
Are redirects supported?
Definition: ilContext.php:89

ilLogLevel
Logging factory.
Definition: class.ilLogLevel.php:31

ilLogLevel\DEBUG
const DEBUG
Definition: class.ilLogLevel.php:32

ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27

ilUtil
Util class various functions, usage as namespace.
Definition: class.ilUtil.php:39

ilUtil\getHtmlPath
static getHtmlPath(string $relative_path)
get url of path
Definition: class.ilUtil.php:111

ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:381

CLIENT_ID
const CLIENT_ID
Definition: constants.php:41

ILIAS_DATA_DIR
const ILIAS_DATA_DIR
Definition: constants.php:44

$http
$http
Definition: deliver.php:30

ILIAS\HTTP\GlobalHttpState
Interface GlobalHttpState.
Definition: GlobalHttpState.php:43

ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27

$path
$path
Definition: ltiservices.php:30

$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61

ILIAS\AuthApache
Definition: AuthFrontendCredentialsApache.php:21

ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55

ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38

ILIAS\Repository\refinery
refinery()
Definition: trait.GlobalDICDomainServices.php:76

ILIAS\Repository\logger
logger()
Definition: trait.GlobalDICDomainServices.php:71

ILIAS\Repository\settings
settings()
Definition: trait.GlobalDICDomainServices.php:96

ILIAS\Repository\ctrl
ctrl()
Definition: trait.GlobalDICGUIServices.php:62

ILIAS\UI\examples\Layout\Page\Mail\$refinery
$refinery
Definition: base.php:57

$url
$url
Definition: shib_logout.php:70