ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilOpenIdConnectSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\FileUpload\FileUpload;
22 use ILIAS\UI\Factory;
23 use ILIAS\UI\Renderer;
24 use ILIAS\HTTP\Services;
25 use Psr\Http\Message\ServerRequestInterface;
26 use ILIAS\UI\Component\Input\Container\Form\FormInput;
27 use ILIAS\UI\Component\Input\Container\Form\Form;
28 
29 class ilOpenIdConnectSettingsGUI
30 {
31  private const STAB_SETTINGS = 'settings';
32  private const STAB_SCOPES = 'scopes';
33  private const STAB_PROFILE = 'profile';
34  private const STAB_ROLES = 'roles';
35  private const VALUE_STRING = '_value';
36  private const UPDATE_STRING = '_update';
37  private const UDF_STRING = 'udf_';
38  private const DEFAULT_CMD = 'settings';
39  private const DEFAULT_VALUES = 1;
40  private const SAVED_VALUES = 2;
41  private const POST_VALUE = 'Mode';
42  private const VIEW_TAB_PRE_FILED = 1;
43  private const VIEW_TAB_EFFECTIVE_MAPPING = 2;
44  private const URL_VALIDATION_PROVIDER_STRING = '/.well-known/openid-configuration';
45  private const EFFECTIVE_ATTRIBUTE_MAPPING_TAB = 2;
46 
47  private int $ref_id;
49  private $body;
50  private readonly ilOpenIdConnectSettings $settings;
51  private readonly ilLanguage $lng;
52  private readonly ilCtrl $ctrl;
53  private readonly ilLogger $logger;
54  private readonly ilAccessHandler $access;
55  private readonly ilRbacReview $review;
56  private readonly ilErrorHandling $error;
57  private readonly ilGlobalTemplateInterface $mainTemplate;
58  private readonly ilTabsGUI $tabs;
59  private readonly FileUpload $upload;
60  private ilToolbarGUI $toolbar;
61  private ?ilUserDefinedFields $udf = null;
62  private ilGlobalTemplateInterface $tpl;
63  private int $mapping_template = self::VIEW_TAB_EFFECTIVE_MAPPING;
64  private ServerRequestInterface $request;
65  private ilOpenIdAttributeMappingTemplate $attribute_mapping_template;
66  private Factory $ui;
67  private Renderer $renderer;
68  private Services $http;
69  private Factory $factory;
70  private \ILIAS\Refinery\Factory $refinery;
71  private string $failed_validation_messages = '';
72 
73  public function __construct(int $a_ref_id)
74  {
75  global $DIC;
76 
77  $this->ref_id = $a_ref_id;
78 
79  $this->lng = $DIC->language();
80  $this->lng->loadLanguageModule('auth');
81 
82  $this->mainTemplate = $DIC->ui()->mainTemplate();
83  $this->tabs = $DIC->tabs();
84  $this->ctrl = $DIC->ctrl();
85  $this->logger = $DIC->logger()->auth();
86  $this->access = $DIC->access();
87  $this->review = $DIC->rbac()->review();
88  $this->error = $DIC['ilErr'];
89  $this->upload = $DIC->upload();
90  $this->body = $DIC->http()->request()->getParsedBody();
91  $this->settings = ilOpenIdConnectSettings::getInstance();
92  $http_wrapper = $DIC->http()->wrapper();
93  $this->toolbar = $DIC->toolbar();
94  $refinery = $DIC->refinery();
95  $this->tpl = $DIC->ui()->mainTemplate();
96  $this->http = $DIC->http();
97  $this->ui = $DIC->ui()->factory();
98  $this->renderer = $DIC->ui()->renderer();
99  $this->refinery = $DIC->refinery();
100  $this->factory = $DIC->ui()->factory();
101  $this->request = $DIC->http()->request();
102  $this->attribute_mapping_template = new ilOpenIdAttributeMappingTemplate();
103 
104  if ($http_wrapper->query()->has(self::POST_VALUE) && $http_wrapper->query()->retrieve(
105  self::POST_VALUE,
106  $refinery->kindlyTo()->int()
107  )) {
108  $this->mapping_template = $http_wrapper->query()->retrieve(self::POST_VALUE, $refinery->kindlyTo()->int());
109  }
110  }
111 
112  private function checkAccess(string $a_permission): void
113  {
114  if (!$this->checkAccessBool($a_permission)) {
115  $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
116  }
117  }
118 
119  private function checkAccessBool(string $a_permission): bool
120  {
121  return $this->access->checkAccess($a_permission, '', $this->ref_id);
122  }
123 
124  public function executeCommand(): void
125  {
126  $this->checkAccess('read');
127 
128  switch ($this->ctrl->getNextClass()) {
129  default:
130  $cmd = $this->ctrl->getCmd(self::DEFAULT_CMD);
131  $this->$cmd();
132  break;
133  }
134  }
135 
136  private function settings(?ilPropertyFormGUI $form = null): void
137  {
138  $this->checkAccess('read');
139 
140  $this->setSubTabs(self::STAB_SETTINGS);
141 
142  if (!$form instanceof ilPropertyFormGUI) {
143  $form = $this->initSettingsForm();
144  }
145 
146  $this->mainTemplate->setContent($form->getHTML());
147  }
148 
149  private function initSettingsForm(): ilPropertyFormGUI
150  {
151  $form = new ilPropertyFormGUI();
152  $form->setTitle($this->lng->txt('auth_oidc_settings_title'));
153  $form->setFormAction($this->ctrl->getFormAction($this));
154 
155  $activation = new ilCheckboxInputGUI(
156  $this->lng->txt('auth_oidc_settings_activation'),
157  'activation'
158  );
159  $activation->setChecked($this->settings->getActive());
160  $form->addItem($activation);
161 
162  $provider = new ilTextInputGUI(
163  $this->lng->txt('auth_oidc_settings_provider'),
164  'provider'
165  );
166  $provider->setRequired(true);
167  $provider->setValue($this->settings->getProvider());
168  $form->addItem($provider);
169 
170  $client_id = new ilTextInputGUI(
171  $this->lng->txt('auth_oidc_settings_client_id'),
172  'client_id'
173  );
174  $client_id->setRequired(true);
175  $client_id->setValue($this->settings->getClientId());
176  $form->addItem($client_id);
177 
178  $secret = new ilPasswordInputGUI(
179  $this->lng->txt('auth_oidc_settings_secret'),
180  'secret'
181  );
182  $secret->setSkipSyntaxCheck(true);
183  $secret->setRetype(false);
184  $secret->setRequired(false);
185  if ($this->settings->getSecret() !== '') {
186  $secret->setValue('******');
187  }
188  $form->addItem($secret);
189 
190  $login_element = new ilRadioGroupInputGUI(
191  $this->lng->txt('auth_oidc_settings_le'),
192  'le'
193  );
194  $login_element->setRequired(true);
195  $login_element->setValue((string) $this->settings->getLoginElementType());
196  $form->addItem($login_element);
197 
198  $text_option = new ilRadioOption(
199  $this->lng->txt('auth_oidc_settings_txt'),
200  (string) ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT
201  );
202  $login_element->addOption($text_option);
203 
204  $text = new ilTextInputGUI(
205  '',
206  'le_text'
207  );
208  $text->setValue($this->settings->getLoginElemenText());
209  $text->setMaxLength(120);
210  $text->setInfo($this->lng->txt('auth_oidc_settings_txt_val_info'));
211  $text_option->addSubItem($text);
212 
213  $img_option = new ilRadioOption(
214  $this->lng->txt('auth_oidc_settings_img'),
215  (string) ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG
216  );
217  $login_element->addOption($img_option);
218 
219  $image = new ilImageFileInputGUI(
220  '',
221  'le_img'
222  );
223  $image->setAllowDeletion(false);
224 
225  if ($this->settings->hasImageFile()) {
226  $image->setImage($this->settings->getImageFilePath());
227  }
228  $image->setInfo($this->lng->txt('auth_oidc_settings_img_file_info'));
229  $img_option->addSubItem($image);
230 
231  $login_options = new ilRadioGroupInputGUI(
232  $this->lng->txt('auth_oidc_settings_login_options'),
233  'login_prompt'
234  );
235  $login_options->setValue((string) $this->settings->getLoginPromptType());
236 
237  $enforce = new ilRadioOption(
238  $this->lng->txt('auth_oidc_settings_login_option_enforce'),
239  (string) ilOpenIdConnectSettings::LOGIN_ENFORCE
240  );
241  $enforce->setInfo($this->lng->txt('auth_oidc_settings_login_option_enforce_info'));
242  $login_options->addOption($enforce);
243 
244  $default = new ilRadioOption(
245  $this->lng->txt('auth_oidc_settings_login_option_default'),
246  (string) ilOpenIdConnectSettings::LOGIN_STANDARD
247  );
248  $default->setInfo($this->lng->txt('auth_oidc_settings_login_option_default_info'));
249  $login_options->addOption($default);
250 
251  $form->addItem($login_options);
252 
253  $logout_scope = new ilRadioGroupInputGUI(
254  $this->lng->txt('auth_oidc_settings_logout_scope'),
255  'logout_scope'
256  );
257  $logout_scope->setValue((string) $this->settings->getLogoutScope());
258 
259  $global_scope = new ilRadioOption(
260  $this->lng->txt('auth_oidc_settings_logout_scope_global'),
261  (string) ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL
262  );
263  $global_scope->setInfo($this->lng->txt('auth_oidc_settings_logout_scope_global_info'));
264  $logout_scope->addOption($global_scope);
265 
266  $ilias_scope = new ilRadioOption(
267  $this->lng->txt('auth_oidc_settings_logout_scope_local'),
268  (string) ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL
269  );
270  $ilias_scope->setInfo($this->lng->txt('auth_oidc_settings_logout_scope_local_info'));
271  $logout_scope->addOption($ilias_scope);
272 
273  $form->addItem($logout_scope);
274 
275  $use_custom_session = new ilCheckboxInputGUI(
276  $this->lng->txt('auth_oidc_settings_custom_session_duration_type'),
277  'custom_session'
278  );
279  $use_custom_session->setOptionTitle(
280  $this->lng->txt('auth_oidc_settings_custom_session_duration_option')
281  );
282  $use_custom_session->setChecked($this->settings->isCustomSession());
283  $form->addItem($use_custom_session);
284 
285  $session = new ilNumberInputGUI(
286  $this->lng->txt('auth_oidc_settings_session_duration'),
287  'session_duration'
288  );
289  $session->setValue((string) $this->settings->getSessionDuration());
290  $session->setSuffix($this->lng->txt('minutes'));
291  $session->setMinValue(5);
292  $session->setMaxValue(1440);
293  $session->setRequired(true);
294  $use_custom_session->addSubItem($session);
295 
296  if ($this->checkAccessBool('write')) {
297  $form->addCommandButton('saveSettings', $this->lng->txt('save'));
298  }
299 
300  $user_sync = new ilFormSectionHeaderGUI();
301  $user_sync->setTitle($this->lng->txt('auth_oidc_settings_section_user_sync'));
302  $form->addItem($user_sync);
303 
304  $sync = new ilCheckboxInputGUI(
305  $this->lng->txt('auth_oidc_settings_user_sync'),
306  'sync'
307  );
308  $sync->setChecked($this->settings->isSyncAllowed());
309  $sync->setInfo($this->lng->txt('auth_oidc_settings_user_sync_info'));
310  $sync->setValue('1');
311  $form->addItem($sync);
312 
313  $roles = new ilSelectInputGUI(
314  $this->lng->txt('auth_oidc_settings_default_role'),
315  'role'
316  );
317  $roles->setValue((string) $this->settings->getRole());
318  $roles->setInfo($this->lng->txt('auth_oidc_settings_default_role_info'));
319  $roles->setOptions($this->prepareRoleSelection());
320  $roles->setRequired(true);
321  $sync->addSubItem($roles);
322 
323  $user_attr = new ilTextInputGUI(
324  $this->lng->txt('auth_oidc_settings_user_attr'),
325  'username'
326  );
327  $user_attr->setValue($this->settings->getUidField());
328  $user_attr->setRequired(true);
329  $form->addItem($user_attr);
330 
331  return $form;
332  }
333 
334  private function saveSettings(): void
335  {
336  $this->checkAccess('write');
337 
338  $form = $this->initSettingsForm();
339  if (!$form->checkInput()) {
340  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
341  $form->setValuesByPost();
342  $this->settings($form);
343  return;
344  }
345 
346  $this->settings->setActive((bool) $form->getInput('activation'));
347  $this->settings->setProvider((string) $form->getInput('provider'));
348  $this->settings->setClientId((string) $form->getInput('client_id'));
349  if ((string) $form->getInput('secret') !== '' && strcmp($form->getInput('secret'), '******') !== 0) {
350  $this->settings->setSecret((string) $form->getInput('secret'));
351  }
352 
353  $this->settings->setLoginElementType((int) $form->getInput('le'));
354  $this->settings->setLoginElementText((string) $form->getInput('le_text'));
355  $this->settings->setLoginPromptType((int) $form->getInput('login_prompt'));
356  $this->settings->setLogoutScope((int) $form->getInput('logout_scope'));
357  $this->settings->useCustomSession((bool) $form->getInput('custom_session'));
358  $this->settings->setSessionDuration((int) $form->getInput('session_duration'));
359  $this->settings->allowSync((bool) $form->getInput('sync'));
360  $this->settings->setRole((int) $form->getInput('role'));
361  $this->settings->setUidField((string) $form->getInput('username'));
362 
363  $fileData = (array) $form->getInput('le_img');
364 
365  if ((string) ($fileData['tmp_name'] ?? '') !== '') {
366  $this->saveImageFromHttpRequest();
367  }
368 
369  $this->settings->save();
370 
371  $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
372  $this->ctrl->redirect($this, 'settings');
373  }
374 
375  private function saveImageFromHttpRequest(): void
376  {
377  try {
378  if (!$this->upload->hasBeenProcessed()) {
379  $this->upload->process();
380  }
381 
382  foreach ($this->upload->getResults() as $single_file_upload) {
383  if ($single_file_upload->isOK()) {
384  $this->settings->deleteImageFile();
385  $this->upload->moveFilesTo(
386  ilOpenIdConnectSettings::FILE_STORAGE,
387  \ILIAS\FileUpload\Location::WEB
388  );
389  $this->settings->setLoginElementImage($single_file_upload->getName());
390  }
391  }
392  } catch (\ILIAS\Filesystem\Exception\IllegalStateException $e) {
393  $this->logger->warning('Upload failed with message: ' . $e->getMessage());
394  }
395  }
396 
400  private function prepareRoleSelection(bool $a_with_select_option = true): array
401  {
402  $global_roles = ilUtil::_sortIds(
403  $this->review->getGlobalRoles(),
404  'object_data',
405  'title',
406  'obj_id'
407  );
408 
409  $select = [];
410  if ($a_with_select_option) {
411  $select[0] = $this->lng->txt('links_select_one');
412  }
413  foreach ($global_roles as $role_id) {
414  if ($role_id === ANONYMOUS_ROLE_ID) {
415  continue;
416  }
417  $select[(string) $role_id] = ilObject::_lookupTitle((int) $role_id);
418  }
419 
420  return $select;
421  }
422 
423  private function profile(): void
424  {
425  $this->checkAccess('read');
426 
427  $this->redirectToSettingsScreenIfNoURLIsConfigured();
428 
429  $this->chooseMapping();
430  $this->userMapping();
431  }
432 
433  private function scopes(): void
434  {
435  $this->checkAccess('read');
436 
437  $this->redirectToSettingsScreenIfNoURLIsConfigured();
438 
439  $this->setSubTabs(self::STAB_SCOPES);
440  $url = $this->settings->getProvider();
441  if ($url !== '') {
442  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
443  $this->toolbar->addFormButton($this->lng->txt('auth_oidc_discover_scopes'), 'discoverScopesFromServer');
444  }
445 
446  $form = $this->initScopesForm();
447  $this->tpl->setContent($this->renderer->render($form));
448  }
449 
450  private function initScopesForm(): Form
451  {
452  $this->checkAccess('read');
453 
454  $ui_container = [];
455  $ui_container = $this->buildScopeSelection($ui_container);
456 
458  $form = $this->ui->input()->container()->form()->standard(
459  $this->ctrl->getFormAction($this, 'saveScopes'),
460  $ui_container
461  )->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
462 
463  return $form;
464  }
465 
466  private function discoverScopesFromServer(): void
467  {
468  $url = '';
469  $type = $this->settings->getValidateScopes();
470  if ($type === ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER) {
471  $url = $this->settings->getProvider() . self::URL_VALIDATION_PROVIDER_STRING;
472  } elseif ($type === ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM) {
473  $url = $this->settings->getCustomDiscoveryUrl();
474  }
475 
476  if ($url !== '') {
477  $found_scopes = $this->settings->getSupportedScopesFromUrl($url);
478  if ($found_scopes === true) {
479  $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('auth_oidc_discover_scopes_info'));
480  }
481  }
482 
483  $this->scopes();
484  }
485 
490  private function buildScopeSelection(array $ui_container): array
491  {
492  $disabled_input = $this->ui
493  ->input()
494  ->field()
495  ->text($this->lng->txt('auth_oidc_settings_default_scopes'), '')
496  ->withAdditionalTransformation($this->trimIfStringTrafo())
497  ->withValue(ilOpenIdConnectSettings::DEFAULT_SCOPE)
498  ->withDedicatedName('default_scope')
499  ->withDisabled(true);
500 
501  $scopeValues = $this->settings->getAdditionalScopes();
502 
503  $tag_input = $this->ui
504  ->input()
505  ->field()
506  ->tag(
507  $this->lng->txt('auth_oidc_settings_additional_scopes'),
508  $scopeValues
509  )->withValue($scopeValues)
510  ->withDedicatedName('custom_scope')
511  ->withByline($this->lng->txt('auth_oidc_settings_additional_scopes_info'));
512  $group1 = $this->ui->input()->field()->group(
513  [],
514  $this->lng->txt('auth_oidc_settings_validate_scope_default')
515  );
516  $group2 = $this->ui->input()->field()->group(
517  [
518  $this->lng->txt('auth_oidc_settings_discovery_url') => $this->ui
519  ->input()
520  ->field()
521  ->text(
522  $this->lng->txt('auth_oidc_settings_discovery_url')
523  )
524  ->withAdditionalTransformation($this->trimIfStringTrafo())
525  ->withValue(
526  $this->settings->getCustomDiscoveryUrl() ?? ''
527  )
528  ],
529  $this->lng->txt('auth_oidc_settings_validate_scope_custom')
530  );
531  $group3 = $this->ui->input()->field()->group(
532  [],
533  $this->lng->txt('auth_oidc_settings_validate_scope_none')
534  );
535  $url_validation = $this->ui->input()->field()->switchableGroup(
536  [
537  (string) ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER => $group1,
538  (string) ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM => $group2,
539  (string) ilOpenIdConnectSettings::URL_VALIDATION_NONE => $group3,
540  ],
541  $this->lng->txt('auth_oidc_settings_validate_scopes')
542  )->withDedicatedName('validate_scopes')->withValue($this->settings->getValidateScopes());
543  $group = $this->ui->input()->field()->group(
544  [$disabled_input, $tag_input, $url_validation]
545  );
546  $ui_container[] = $group;
547 
548  return $ui_container;
549  }
550 
551  private function saveScopes(): void
552  {
553  $this->checkAccess('write');
554 
555  $validation = false;
556  $type = null;
557  $url = null;
558  $custom_scopes = [];
559 
560  $form = $this->initScopesForm();
561  if ($this->request->getMethod() === 'POST') {
562  $request_form = $form->withRequest($this->request);
563  $result = $request_form->getData();
564  if ($result === null) {
565  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
566  $this->scopes();
567  return;
568  }
569 
570  foreach ($form->getInputs() as $group => $groups) {
571  foreach ($groups->getInputs() as $key => $input) {
572  $dedicated_name = $input->getDedicatedName();
573  $result_data = $result[$group][$key];
574  if ($dedicated_name === 'validate_scopes') {
575  $type = (int) $result_data[0];
576  $url = array_pop($result_data[1]);
577  } elseif ($dedicated_name === 'custom_scope') {
578  $custom_scopes = $result_data;
579  }
580  }
581  }
582 
583  if ($url === null && $type === ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER) {
584  $url = $this->settings->getProvider();
585  }
586  $validation = $this->validateDiscoveryUrl($type, $url, $custom_scopes);
587  }
588 
589  if ($validation) {
590  $this->settings->setAdditionalScopes((array) $custom_scopes);
591  $this->settings->setValidateScopes((int) $type);
592  if (ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM === $this->settings->getValidateScopes()) {
593  $this->settings->setCustomDiscoveryUrl($url);
594  }
595  $this->settings->save();
596  $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
597  $this->ctrl->redirect($this, 'scopes');
598  }
599 
600  if ($this->failed_validation_messages !== '') {
601  $this->failed_validation_messages = $this->lng->txt(
602  'err_check_input'
603  ) . '<br/>' . $this->failed_validation_messages;
604  } else {
605  $this->failed_validation_messages = $this->lng->txt('err_check_input');
606  }
607 
608  $this->mainTemplate->setOnScreenMessage('failure', $this->failed_validation_messages, true);
609  $this->ctrl->redirect($this, 'scopes');
610  }
611 
615  private function validateDiscoveryUrl(int $type, ?string $url, array $scopes): bool
616  {
617  try {
618  switch ($type) {
619  case ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER:
620  $discoveryURL = $url . self::URL_VALIDATION_PROVIDER_STRING;
621  break;
622  case ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM:
623  $discoveryURL = $url;
624  break;
625  default:
626  $discoveryURL = null;
627  break;
628  }
629 
630  $validation_result = $discoveryURL !== null ? $this->settings->validateScopes(
631  $discoveryURL,
632  $scopes
633  ) : [];
634  if (!empty($validation_result)) {
635  if (ilOpenIdConnectSettings::VALIDATION_ISSUE_INVALID_SCOPE === $validation_result[0]) {
636  $this->failed_validation_messages =
637  sprintf(
638  $this->lng->txt('auth_oidc_settings_invalid_scopes'),
639  implode(',', $validation_result[1])
640  );
641  } else {
642  $this->failed_validation_messages = sprintf(
643  $this->lng->txt('auth_oidc_settings_discovery_error'),
644  $validation_result[1]
645  );
646  }
647  $this->scopes();
648 
649  return false;
650  }
651  } catch (ilCurlConnectionException $e) {
652  $this->mainTemplate->setOnScreenMessage(
653  'failure',
654  $e->getMessage(),
655  true
656  );
657  $this->failed_validation_messages = $e->getMessage();
658  $this->scopes();
659 
660  return false;
661  }
662 
663  return true;
664  }
665 
666  private function saveProfileMapping(): void
667  {
668  $this->checkAccessBool('write');
669 
670  $form = $this->initUserMappingForm();
671  if ($this->request->getMethod() === 'POST' &&
672  $this->request->getQueryParams()['opic'] === 'opic_user_data_mapping') {
673  $request_form = $form->withRequest($this->request);
674  $result = $request_form->getData();
675  if ($result === null) {
676  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
677  $this->profile();
678  return;
679  }
680 
681  foreach ($this->settings->getProfileMappingFields() as $field => $lng_key) {
682  $this->updateProfileMappingFieldValue($field);
683  }
684 
685  foreach ($this->udf->getDefinitions() as $definition) {
686  $field = self::UDF_STRING . $definition['field_id'];
687  $this->updateProfileMappingFieldValue($field);
688  }
689  }
690 
691  $this->settings->save();
692 
693  $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
694  $this->ctrl->redirect($this, self::STAB_PROFILE);
695  }
696 
697  private function updateProfileMappingFieldValue(string $field): void
698  {
699  $form = $this->initUserMappingForm();
700  $request_form = $form->withRequest($this->request);
701  $result = $request_form->getData();
702  foreach ($form->getInputs() as $group => $groups) {
703  foreach ($groups->getInputs() as $key => $input) {
704  $dedicated_name = $input->getDedicatedName();
705  $result_data = $result[$group][$key];
706 
707  if ($dedicated_name === $field . self::VALUE_STRING) {
708  $this->settings->setProfileMappingFieldValue(
709  $field,
710  $result_data
711  );
712  } elseif ($dedicated_name === $field . self::UPDATE_STRING) {
713  $this->settings->setProfileMappingFieldUpdate(
714  $field,
715  (bool) $result_data
716  );
717  }
718  }
719  }
720  }
721 
722  private function roles(?ilPropertyFormGUI $form = null): void
723  {
724  $this->checkAccess('read');
725 
726  $this->redirectToSettingsScreenIfNoURLIsConfigured();
727 
728  $this->setSubTabs(self::STAB_ROLES);
729 
730  if (!$form instanceof ilPropertyFormGUI) {
731  $form = $this->initRolesForm();
732  }
733 
734  $this->mainTemplate->setContent($form->getHTML());
735  }
736 
737  private function initRolesForm(): ilPropertyFormGUI
738  {
739  $form = new ilPropertyFormGUI();
740  $form->setTitle($this->lng->txt('auth_oidc_role_mapping_table'));
741  $form->setFormAction($this->ctrl->getFormAction($this, self::STAB_ROLES));
742 
743  foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
744  $role_map = new ilTextInputGUI(
745  $role_title,
746  'role_map_' . $role_id
747  );
748  $role_map->setInfo($this->lng->txt('auth_oidc_role_info'));
749  $role_map->setValue($this->settings->getRoleMappingValueForId((int) $role_id));
750  $form->addItem($role_map);
751 
752  $update = new ilCheckboxInputGUI(
753  '',
754  'role_map_update_' . $role_id
755  );
756  $update->setOptionTitle($this->lng->txt('auth_oidc_update_role_info'));
757  $update->setValue('1');
758  $update->setChecked(!$this->settings->getRoleMappingUpdateForId((int) $role_id));
759  $form->addItem($update);
760  }
761 
762  if ($this->checkAccessBool('write')) {
763  $form->addCommandButton('saveRoles', $this->lng->txt('save'));
764  }
765 
766  return $form;
767  }
768 
769  private function saveRoles(): void
770  {
771  $this->checkAccess('write');
772 
773  $form = $this->initRolesForm();
774  if ($form->checkInput()) {
775  $this->logger->dump($this->body, ilLogLevel::DEBUG);
776 
777  $role_settings = [];
778  $role_valid = true;
779  foreach ($this->prepareRoleSelection(false) as $role_id => $role_title) {
780  $role_settings[(int) $role_id]['update'] = !$form->getInput('role_map_update_' . $role_id);
781  $role_settings[(int) $role_id]['value'] = '';
782 
783  $input_role = trim($form->getInput('role_map_' . $role_id));
784  if ($input_role === '') {
785  continue;
786  }
787 
788  $role_params = explode('::', $input_role);
789  $this->logger->dump($role_params, ilLogLevel::DEBUG);
790 
791  if (count($role_params) !== 2) {
792  if ($form->getItemByPostVar('role_map_' . $role_id)) {
793  $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
794  }
795  $role_valid = false;
796  continue;
797  }
798  $role_settings[(int) $role_id]['value'] = $input_role;
799  }
800 
801  if (!$role_valid) {
802  $form->setValuesByPost();
803  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
804  $this->roles($form);
805  return;
806  }
807 
808  $this->settings->setRoleMappings($role_settings);
809  $this->settings->save();
810  $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
811  $this->ctrl->redirect($this, 'roles');
812  }
813 
814  $form->setValuesByPost();
815 
816  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
817 
818  $this->roles($form);
819  }
820 
821  private function setSubTabs(string $active_tab): void
822  {
823  $this->tabs->addSubTab(
824  self::STAB_SETTINGS,
825  $this->lng->txt('auth_oidc_' . self::STAB_SETTINGS),
826  $this->ctrl->getLinkTarget($this, self::STAB_SETTINGS)
827  );
828 
829  $url = $this->settings->getProvider();
830  if ($url !== '') {
831  $this->tabs->addSubTab(
832  self::STAB_SCOPES,
833  $this->lng->txt('auth_oidc_' . self::STAB_SCOPES),
834  $this->ctrl->getLinkTarget($this, self::STAB_SCOPES)
835  );
836 
837  $this->tabs->addSubTab(
838  self::STAB_PROFILE,
839  $this->lng->txt('auth_oidc_' . self::STAB_PROFILE),
840  $this->ctrl->getLinkTarget($this, self::STAB_PROFILE)
841  );
842  $this->tabs->addSubTab(
843  self::STAB_ROLES,
844  $this->lng->txt('auth_oidc_' . self::STAB_ROLES),
845  $this->ctrl->getLinkTarget($this, self::STAB_ROLES)
846  );
847  }
848 
849  $this->tabs->activateSubTab($active_tab);
850  }
851 
852  private function chooseMapping(): void
853  {
854  $this->showInfoMessage();
855 
856  $this->setSubTabs(self::STAB_PROFILE);
857 
858  if ((int) $this->mapping_template === self::VIEW_TAB_EFFECTIVE_MAPPING) {
859  $this->userMapping();
860  return;
861  }
862 
863  $this->initAttributeMapping();
864  }
865 
866  private function showInfoMessage(): void
867  {
868  if ($this->mapping_template === self::VIEW_TAB_EFFECTIVE_MAPPING) {
869  $url = $this->renderer->render(
870  $this->factory->link()->standard(
871  $this->lng->txt('auth_oidc_here'),
872  'https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims'
873  )->withOpenInNewViewport(true)
874  );
875  $message = sprintf($this->lng->txt('auth_odic_scope_tab_info'), $url);
876  } else {
877  $url = $this->renderer->render(
878  $this->factory->link()->standard(
879  $this->lng->txt('auth_oidc_here'),
880  $this->ctrl->getLinkTarget($this, self::STAB_SCOPES)
881  )
882  );
883  $tab_name = $this->lng->txt('auth_oidc_configured_scopes');
884  $message = sprintf($this->lng->txt('auth_odic_scope_info'), $url, $tab_name);
885  }
886 
887  $this->mainTemplate->setOnScreenMessage('info', $message);
888  }
889 
890  private function initAttributeMapping(): void
891  {
892  $mapping = $this->attribute_mapping_template->getMappingRulesByAdditionalScopes(
893  $this->settings->getAdditionalScopes()
894  );
895 
896  if (count($mapping) > 0) {
897  $this->settings->clearProfileMaps();
898  }
899 
900  foreach ($mapping as $field => $item) {
901  $this->settings->setProfileMappingFieldValue(
902  $field,
903  $item
904  );
905  }
906 
907  $this->userMapping();
908  }
909 
910  private function initUserMappingForm(): Form
911  {
912  $this->initUserDefinedFields();
913 
914  $ui_container = [];
915  foreach ($this->settings->getProfileMappingFields() as $mapping => $lang) {
916  $ui_container = $this->buildUserMappingInputForUserData($lang, $mapping, $ui_container);
917  }
918 
919  foreach ($this->udf->getDefinitions() as $definition) {
920  $ui_container = $this->buildUserMappingInputFormUDF($definition, $ui_container);
921  }
922 
923  $this->ctrl->setParameter(
924  $this,
925  'opic',
926  'opic_user_data_mapping'
927  );
928 
930  $form = $this->ui
931  ->input()
932  ->container()
933  ->form()
934  ->standard(
935  $this->ctrl->getFormAction($this, 'saveProfileMapping'),
936  $ui_container
937  )->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
938 
939  return $form;
940  }
941 
947  private function buildUserMappingInputFormUDF($definition, array $ui_container): array
948  {
949  $value = $this->settings->getProfileMappingFieldValue(self::UDF_STRING . $definition['field_id']);
950  $update = $this->settings->getProfileMappingFieldUpdate(self::UDF_STRING . $definition['field_id']);
951 
952  $text_input = $this->ui
953  ->input()
954  ->field()
955  ->text($definition['field_name'], '')
956  ->withAdditionalTransformation($this->trimIfStringTrafo())
957  ->withValue($value)
958  ->withDedicatedName(self::UDF_STRING . $definition['field_id'] . self::VALUE_STRING);
959  $checkbox_input = $this->ui
960  ->input()
961  ->field()->checkbox('', $this->lng->txt('auth_oidc_update_field_info'))
962  ->withValue($update)
963  ->withDedicatedName(
964  self::UDF_STRING . $definition['field_id'] . self::UPDATE_STRING
965  );
966  $group = $this->ui->input()->field()->group(
967  [$text_input, $checkbox_input]
968  );
969  $ui_container[] = $group;
970 
971  return $ui_container;
972  }
973 
978  private function buildUserMappingInputForUserData(string $lang, string $mapping, array $ui_container): array
979  {
980  $value = $this->settings->getProfileMappingFieldValue($mapping);
981  $update = $this->settings->getProfileMappingFieldUpdate($mapping);
982 
983  $text_input = $this->ui
984  ->input()
985  ->field()
986  ->text($lang, '')
987  ->withAdditionalTransformation($this->trimIfStringTrafo())
988  ->withValue($value)
989  ->withDedicatedName($mapping . self::VALUE_STRING);
990  $checkbox_input = $this->ui
991  ->input()
992  ->field()
993  ->checkbox('', $this->lng->txt('auth_oidc_update_field_info'))
994  ->withValue($update)
995  ->withDedicatedName($mapping . self::UPDATE_STRING);
996  $group = $this->ui->input()->field()->group(
997  [
998  $text_input,
999  $checkbox_input
1000  ]
1001  );
1002  $ui_container[] = $group;
1003 
1004  return $ui_container;
1005  }
1006 
1007  private function initUserDefinedFields(): void
1008  {
1009  if ($this->udf === null) {
1010  $this->udf = ilUserDefinedFields::_getInstance();
1011  }
1012  }
1013 
1014  private function userMapping(): void
1015  {
1016  $form = $this->initUserMappingForm();
1017 
1018  $request_wrapper = $this->http->wrapper()->query();
1019  $active = self::EFFECTIVE_ATTRIBUTE_MAPPING_TAB;
1020 
1021  $target = $this->http->request()->getRequestTarget();
1022  if ($request_wrapper->has(self::POST_VALUE) && $request_wrapper->retrieve(
1023  self::POST_VALUE,
1024  $this->refinery->kindlyTo()->int()
1025  )) {
1026  $active = $request_wrapper->retrieve(self::POST_VALUE, $this->refinery->kindlyTo()->int());
1027  }
1028 
1029  $actions = [
1030  $this->lng->txt('auth_oidc_saved_values') => "$target&" . self::POST_VALUE . '=' . self::SAVED_VALUES,
1031  $this->lng->txt(
1032  ilOpenIdAttributeMappingTemplate::OPEN_ID_CONFIGURED_SCOPES
1033  ) => "$target&" . self::POST_VALUE . '=' . self::DEFAULT_VALUES,
1034  ];
1035 
1036  $aria_label = 'change_the_currently_displayed_mode';
1037  $active_label = $this->lng->txt('auth_oidc_saved_values');
1038  if ($active !== self::EFFECTIVE_ATTRIBUTE_MAPPING_TAB) {
1039  $active_label = $this->lng->txt(ilOpenIdAttributeMappingTemplate::OPEN_ID_CONFIGURED_SCOPES);
1040  }
1041  $view_control = $this->factory->viewControl()->mode($actions, $aria_label)->withActive($active_label);
1042 
1043  $this->tpl->setContent($this->renderer->render([$view_control, $form]));
1044  }
1045 
1046  private function redirectToSettingsScreenIfNoURLIsConfigured(): void
1047  {
1048  $url = $this->settings->getProvider();
1049  if ($url === '') {
1050  $this->tpl->setOnScreenMessage(
1051  $this->tpl::MESSAGE_TYPE_FAILURE,
1052  $this->lng->txt('permission_denied'),
1053  true
1054  );
1055  $this->ctrl->redirect($this, 'settings');
1056  }
1057  }
1058 
1059  private function saniziteArrayElementsTrafo(): \ILIAS\Refinery\Transformation
1060  {
1061  return $this->refinery->custom()->transformation(static function (array $values): array {
1062  return ilArrayUtil::stripSlashesRecursive($values);
1063  });
1064  }
1065 
1066  private function trimIfStringTrafo(): \ILIAS\Refinery\Transformation
1067  {
1068  return $this->refinery->custom()->transformation(static function ($value) {
1069  if (is_string($value)) {
1070  $value = trim($value);
1071  }
1072 
1073  return $value;
1074  });
1075  }
1076 }
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:26
ilCurlConnectionException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilCurlConnectionException.php:26
ILIAS\UI\Component\Input\Container\Form\Form
This describes commonalities between all forms.
Definition: Form.php:32
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:61
ilOpenIdConnectSettingsGUI\buildUserMappingInputFormUDF
buildUserMappingInputFormUDF($definition, array $ui_container)
Definition: class.ilOpenIdConnectSettingsGUI.php:947
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:25
ilOpenIdConnectSettingsGUI\prepareRoleSelection
prepareRoleSelection(bool $a_with_select_option=true)
Definition: class.ilOpenIdConnectSettingsGUI.php:400
ilUserDefinedFields
Additional user data fields definition.
Definition: class.ilUserDefinedFields.php:29
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
factory
factory()
Definition: UITestHelper.php:61
$scopes
$scopes
Definition: ltitoken.php:96
renderer
renderer()
Definition: UITestHelper.php:69
$url
$url
Definition: shib_logout.php:66
ilOpenIdConnectSettingsGUI\$attribute_mapping_template
ilOpenIdAttributeMappingTemplate $attribute_mapping_template
Definition: class.ilOpenIdConnectSettingsGUI.php:65
ilOpenIdConnectSettingsGUI\buildUserMappingInputForUserData
buildUserMappingInputForUserData(string $lang, string $mapping, array $ui_container)
Definition: class.ilOpenIdConnectSettingsGUI.php:978
ilOpenIdConnectSettingsGUI\$mainTemplate
readonly ilGlobalTemplateInterface $mainTemplate
Definition: class.ilOpenIdConnectSettingsGUI.php:57
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$provider
$provider
Definition: ltitoken.php:80
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ILIAS\UI\Factory
This is how the factory for UI elements looks.
Definition: Factory.php:37
ilSelectInputGUI\setValue
setValue($a_value)
Set Value.
Definition: class.ilSelectInputGUI.php:73
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:26
ilNumberInputGUI\setValue
setValue(?string $a_value)
Definition: class.ilNumberInputGUI.php:62
ilOpenIdConnectSettingsGUI\roles
roles(?ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:722
$DIC
global $DIC
Definition: shib_login.php:22
ilPasswordInputGUI
This class represents a password property in a property form.
Definition: class.ilPasswordInputGUI.php:26
ILIAS\FileUpload\FileUpload
Class FileUpload.
Definition: FileUpload.php:37
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:155
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:61
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1212
$lang
$lang
Definition: xapiexit.php:25
ilImageFileInputGUI
This class represents an image file property in a property form.
Definition: class.ilImageFileInputGUI.php:26
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
$client_id
$client_id
Definition: ltiauth.php:66
$message
$message
Definition: xapiexit.php:31
ilOpenIdConnectSettingsGUI\settings
settings(?ilPropertyFormGUI $form=null)
Definition: class.ilOpenIdConnectSettingsGUI.php:136
ilOpenIdConnectSettingsGUI\validateDiscoveryUrl
validateDiscoveryUrl(int $type, ?string $url, array $scopes)
Definition: class.ilOpenIdConnectSettingsGUI.php:615
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
ilOpenIdConnectSettingsGUI\$settings
readonly ilOpenIdConnectSettings $settings
Definition: class.ilOpenIdConnectSettingsGUI.php:50