d2/da7/AuthFrontendCredentialsApache_8php_source.html

<?php


declare(strict_types=1);


namespace ILIAS\AuthApache;


use Psr\Http\Message\ServerRequestInterface;

use ilAuthFrontendCredentials;

use ilUtil;

use ilSetting;

use ilContext;

use ilLogLevel;

use ilCtrlInterface;

use ILIAS\ApacheAuth\UsernameProvider\CollectUsernameProvidersObjective;

use ILIAS\ApacheAuth\UsernameProvider\UsernameProviderFactory;

use ILIAS\ApacheAuth\UsernameProvider\UsernameResolver;


class AuthFrontendCredentialsApache extends ilAuthFrontendCredentials

{

    private ServerRequestInterface $http_request;

    private ilCtrlInterface $ctrl;

    private ilSetting $settings;


    public function __construct(ServerRequestInterface $http_request, ilCtrlInterface $ctrl)

    {

        $this->http_request = $http_request;

        $this->ctrl = $ctrl;

        $this->settings = new ilSetting('apache_auth');

        parent::__construct();

    }


    public function tryAuthenticationOnLoginPage(): void

    {

        $cmd = (string) ($this->http_request->getQueryParams()['cmd'] ?? '');

        if ($cmd === '') {

            $cmd = (string) ($this->http_request->getParsedBody()['cmd'] ?? '');

        }


        if ($cmd === 'force_login') {

            return;

        }


        if (!$this->getSettings()->get('apache_enable_auth', '0')) {

            return;

        }


        if (!$this->getSettings()->get('apache_auth_authenticate_on_login_page', '0')) {

            return;

        }


        if ((\defined('IL_CERT_SSO') && \IL_CERT_SSO === true) ||

            !ilContext::supportsRedirects() ||

            isset($this->http_request->getQueryParams()['passed_sso'])) {

            return;

        }


        $path = (string) ($this->http_request->getServerParams()['REQUEST_URI'] ?? '');

        if (str_starts_with($path, '/')) {

            $path = substr($path, 1);

        }


        if (!str_starts_with($path, 'http')) {

            $parts = parse_url(ILIAS_HTTP_PATH);

            $path = $parts['scheme'] . '://' . $parts['host'] . '/' . $path;

        }


        $this->ctrl->redirectToURL(

            ilUtil::getHtmlPath(

                './sso/index.php?' . http_build_query([

                    'force_mode_apache' => 1,

                    'r' => $path,

                    'cookie_path' => IL_COOKIE_PATH,

                    'ilias_path' => ILIAS_HTTP_PATH,

                ])

            )

        );

    }


    protected function getSettings(): ilSetting

    {

        return $this->settings;

    }


    public function initFromRequest(): void

    {

        $mapping_field_name = $this->getSettings()->get('apache_auth_username_direct_mapping_fieldname', '');


        $this->logger->dump($this->http_request->getServerParams(), ilLogLevel::DEBUG);

        $this->logger->debug($mapping_field_name);


        switch ($this->getSettings()->get('apache_auth_username_config_type')) {

            case AuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING:

                if (isset($this->http_request->getServerParams()[$mapping_field_name])) {

                    $this->setUsername($this->http_request->getServerParams()[$mapping_field_name]);

                }

                break;


            case AuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION:

                $factory = new UsernameProviderFactory();

                $resolver = new UsernameResolver($factory->fromClassNames(

                    require CollectUsernameProvidersObjective::PATH()

                ), $this->logger);


                $this->setUsername($resolver->resolve($this->http_request)->asString());

                break;

        }

    }


    public function hasValidTargetUrl(): bool

    {

        $target_url = trim((string) ($this->http_request->getQueryParams()['r'] ?? ''));

        if ($target_url === '') {

            return false;

        }


        $valid_hosts = [];

        $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';

        if (file_exists($path) && is_readable($path)) {

            foreach (file($path) as $line) {

                if (trim($line)) {

                    $valid_hosts[] = trim($line);

                }

            }

        }


        return (new WhiteListUrlValidator($target_url, $valid_hosts))->isValid();

    }


    public function getTargetUrl(): string

    {

        return ilUtil::appendUrlParameterString(trim($this->http_request->getQueryParams()['r']), 'passed_sso=1');

    }

}

IL_CERT_SSO
const IL_CERT_SSO(isset($_GET['client_id']))
Definition: index.php:47

IL_COOKIE_PATH
const IL_COOKIE_PATH
Definition: index.php:48

$resolver
foreach($components as $component) $resolver
Definition: build_bootstrap.php:82

ILIAS\ApacheAuth\UsernameProvider\CollectUsernameProvidersObjective
Definition: CollectUsernameProvidersObjective.php:26

ILIAS\ApacheAuth\UsernameProvider\UsernameProviderFactory
Definition: UsernameProviderFactory.php:24

ILIAS\ApacheAuth\UsernameProvider\UsernameResolver
Resolves a username by selecting the first provider (by descending priority) that returns a non-empty...
Definition: UsernameResolver.php:30

ILIAS\AuthApache\AuthFrontendCredentialsApache
Definition: AuthFrontendCredentialsApache.php:35

ILIAS\AuthApache\AuthFrontendCredentialsApache\tryAuthenticationOnLoginPage
tryAuthenticationOnLoginPage()
Check if an authentication attempt should be done when login page has been called.
Definition: AuthFrontendCredentialsApache.php:52

ILIAS\AuthApache\AuthFrontendCredentialsApache\hasValidTargetUrl
hasValidTargetUrl()
Definition: AuthFrontendCredentialsApache.php:129

ILIAS\AuthApache\AuthFrontendCredentialsApache\getSettings
getSettings()
Definition: AuthFrontendCredentialsApache.php:99

ILIAS\AuthApache\AuthFrontendCredentialsApache\$ctrl
ilCtrlInterface $ctrl
Definition: AuthFrontendCredentialsApache.php:37

ILIAS\AuthApache\AuthFrontendCredentialsApache\getTargetUrl
getTargetUrl()
Definition: AuthFrontendCredentialsApache.php:149

ILIAS\AuthApache\AuthFrontendCredentialsApache\initFromRequest
initFromRequest()
Definition: AuthFrontendCredentialsApache.php:104

ILIAS\AuthApache\AuthFrontendCredentialsApache\$settings
ilSetting $settings
Definition: AuthFrontendCredentialsApache.php:38

ILIAS\AuthApache\AuthFrontendCredentialsApache\__construct
__construct(ServerRequestInterface $http_request, ilCtrlInterface $ctrl)
Definition: AuthFrontendCredentialsApache.php:40

ILIAS\AuthApache\AuthFrontendCredentialsApache\$http_request
ServerRequestInterface $http_request
Definition: AuthFrontendCredentialsApache.php:36

ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_DIRECT_MAPPING
const int APACHE_AUTH_TYPE_DIRECT_MAPPING
Definition: AuthProviderApache.php:39

ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_BY_FUNCTION
const int APACHE_AUTH_TYPE_BY_FUNCTION
Definition: AuthProviderApache.php:41

ILIAS\AuthApache\WhiteListUrlValidator
Definition: WhiteListUrlValidator.php:24

ilAuthFrontendCredentials
Definition: class.ilAuthFrontendCredentials.php:22

ilAuthFrontendCredentials\setUsername
setUsername(string $a_name)
Definition: class.ilAuthFrontendCredentials.php:34

ilContext
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilContext.php:26

ilContext\supportsRedirects
static supportsRedirects()
Are redirects supported?
Definition: class.ilContext.php:89

ilLogLevel
Logging factory.
Definition: class.ilLogLevel.php:31

ilLogLevel\DEBUG
const DEBUG
Definition: class.ilLogLevel.php:32

ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27

ilUtil
Util class various functions, usage as namespace.
Definition: class.ilUtil.php:39

ilUtil\getHtmlPath
static getHtmlPath(string $relative_path)
get url of path
Definition: class.ilUtil.php:111

ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:381

CLIENT_ID
const CLIENT_ID
Definition: constants.php:41

ILIAS_DATA_DIR
const ILIAS_DATA_DIR
Definition: constants.php:44

ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27

$path
$path
Definition: ltiservices.php:30

$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61

ILIAS\AuthApache
Definition: AuthFrontendCredentialsApache.php:21

ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38

ILIAS\Repository\logger
logger()
Definition: trait.GlobalDICDomainServices.php:71

ILIAS\Repository\settings
settings()
Definition: trait.GlobalDICDomainServices.php:96

ILIAS\Repository\ctrl
ctrl()
Definition: trait.GlobalDICGUIServices.php:62