ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference
+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 
 getAuthSession ()
 
 getCredentials ()
 
 getProviders ()
 
 getStatus ()
 
 resetStatus ()
 
 migrateAccount (ilAuthSession $session)
 
 migrateAccountNew ()
 
 authenticate ()
 
 authenticate ()
 

Data Fields

const string MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const string MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const string MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 
 checkActivation (ilObjUser $user)
 
 checkExceededLoginAttempts (ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 
 checkIp (ilObjUser $user)
 
 checkSimultaneousLogins (ilObjUser $user)
 
 handleAuthenticationFail ()
 
 handleLoginAttempts ()
 

Private Attributes

ilLogger $logger
 
ilSetting $settings
 
ilLanguage $lng
 
ilAuthCredentials $credentials
 
ilAuthStatus $status
 
array $providers
 
ilAuthSession $auth_session
 
ilAppEventHandler $ilAppEventHandler
 
Profile $user_profile
 

Detailed Description

Definition at line 23 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)
Parameters
list<ilAuthProviderInterface>$providers

Reimplemented in ilAuthFrontendHTTP.

Definition at line 45 of file class.ilAuthFrontend.php.

46 {
47 global $DIC;
48 $this->logger = $DIC->logger()->auth();
49 $this->settings = $DIC->settings();
50 $this->lng = $DIC->language();
51 $this->ilAppEventHandler = $DIC->event();
52
53 $this->auth_session = $session;
54 $this->credentials = $credentials;
55 $this->status = $status;
56 $this->providers = $providers;
57
58 $this->user_profile = $DIC['user']->getProfile();
59 }
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:52
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:33
$DIC
global $DIC
Definition: shib_login.php:26

References $credentials, $DIC, $providers, $status, ILIAS\Repository\lng(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Implements ilAuthFrontendInterface.

Reimplemented in ilAuthFrontendHTTP.

Definition at line 143 of file class.ilAuthFrontend.php.

143 : bool
144 {
145 foreach ($this->getProviders() as $provider) {
146 $this->resetStatus();
147
148 $this->logger->debug('Trying authentication against: ' . get_class($provider));
149
150 $provider->doAuthentication($this->getStatus());
151
152 $this->logger->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
153
154 switch ($this->getStatus()->getStatus()) {
155 case ilAuthStatus::STATUS_AUTHENTICATED:
156 return $this->handleAuthenticationSuccess($provider);
157
158 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
159 $this->logger->notice('Account migration required.');
160 if ($provider instanceof ilAuthProviderAccountMigrationInterface) {
161 return $this->handleAccountMigration($provider);
162 }
163
164 $this->logger->error('Authentication migratittion required but provider does not support interface' . get_class($provider));
165 break;
166 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
167 default:
168 $this->logger->debug('Authentication failed against: ' . get_class($provider));
169 break;
170 }
171 }
172 return $this->handleAuthenticationFail();
173 }
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Definition: class.ilAuthFrontend.php:175
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Definition: class.ilAuthFrontend.php:193
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
$provider
$provider
Definition: ltitoken.php:80

References $provider, getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Definition at line 321 of file class.ilAuthFrontend.php.

321 : bool
322 {
323 return $user->getActive();
324 }

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( ilObjUser  $user)
protected

Definition at line 326 of file class.ilAuthFrontend.php.

326 : bool
327 {
328 if ($user->getId() === ANONYMOUS_USER_ID) {
329 return true;
330 }
331
332 $isInactive = !$user->getActive();
333 if (!$isInactive) {
334 return true;
335 }
336
337 $security = ilSecuritySettings::_getInstance();
338 $maxLoginAttempts = $security->getLoginMaxAttempts();
339
340 if (!$maxLoginAttempts) {
341 return true;
342 }
343
344 $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
345
346 return $numLoginAttempts < $maxLoginAttempts;
347 }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:2181
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ANONYMOUS_USER_ID, ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Reimplemented in ilAuthFrontendCLI.

Definition at line 354 of file class.ilAuthFrontend.php.

354 : bool
355 {
356 $clientip = $user->getClientIP();
357 if (trim($clientip) !== '') {
358 $clientip = preg_replace('/[^0-9.?*,:]+/', '', $clientip);
359 $clientip = str_replace(['.', '?', '*', ','], ["\\.", '[0-9]', '[0-9]*', '|'], $clientip);
360
361 ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
362
363 if (!preg_match('/^' . $clientip . '$/', $_SERVER['REMOTE_ADDR'])) {
364 return false;
365 }
366 }
367 return true;
368 }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Definition at line 370 of file class.ilAuthFrontend.php.

370 : bool
371 {
372 $this->logger->debug('Setting prevent simultaneous session is: ' . $this->settings->get('ps_prevent_simultaneous_logins'));
373 return !($this->settings->get('ps_prevent_simultaneous_logins') &&
374 ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId()));
375 }
ilObjUser\hasActiveSession
static hasActiveSession(int $a_user_id, string $a_session_id)
Definition: class.ilObjUser.php:2959

References ilObject\getId(), ilObjUser\hasActiveSession(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Definition at line 349 of file class.ilAuthFrontend.php.

349 : bool
350 {
351 return $user->checkTimeLimit();
352 }

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Definition at line 61 of file class.ilAuthFrontend.php.

61 : ilAuthSession
62 {
63 return $this->auth_session;
64 }
ilAuthFrontend\$auth_session
ilAuthSession $auth_session
Definition: class.ilAuthFrontend.php:37

References $auth_session.

Referenced by handleAuthenticationSuccess().

+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Definition at line 66 of file class.ilAuthFrontend.php.

66 : ilAuthCredentials
67 {
68 return $this->credentials;
69 }

References $credentials.

Referenced by handleLoginAttempts(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )
Returns
list<ilAuthProviderInterface>

Definition at line 74 of file class.ilAuthFrontend.php.

74 : array
75 {
76 return $this->providers;
77 }

References $providers.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), and migrateAccount().

+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )

Definition at line 79 of file class.ilAuthFrontend.php.

79 : ilAuthStatus
80 {
81 return $this->status;
82 }

References $status.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), handleAccountMigration(), handleAuthenticationSuccess(), handleLoginAttempts(), migrateAccount(), migrateAccountNew(), and resetStatus().

+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Definition at line 175 of file class.ilAuthFrontend.php.

175 : bool
176 {
177 $this->logger->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
178 $this->logger->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
179 $this->logger->debug('External account: ' . $provider->getExternalAccountName());
180
181 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
182 #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
183
184 ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
185 ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
186 ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
187
188 $this->logger->dump(ilSession::dumpToString(), ilLogLevel::DEBUG);
189
190 return true;
191 }
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:405
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

References $provider, ANONYMOUS_USER_ID, ilLogLevel\DEBUG, ilSession\dumpToString(), ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), ILIAS\Repository\logger(), and ilSession\set().

Referenced by authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Reimplemented in ilAuthFrontendHTTP.

Definition at line 377 of file class.ilAuthFrontend.php.

377 : bool
378 {
379 $this->logger->debug('Authentication failed for all authentication methods.');
380
381 $this->handleLoginAttempts();
382
383 return false;
384 }

References handleLoginAttempts(), and ILIAS\Repository\logger().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Definition at line 193 of file class.ilAuthFrontend.php.

193 : bool
194 {
195 $user = ilObjectFactory::getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(), false);
196
197 $this->getStatus()->setReason('auth_err_invalid_user_account');
198 // reset expired status
199 $this->getAuthSession()->setExpired(false);
200
201 if (!$user instanceof ilObjUser) {
202 $this->logger->error('Cannot instantiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
203 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
204 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
205 return false;
206 }
207
208 if (!$this->checkExceededLoginAttempts($user)) {
209 $this->logger->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
210 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
211 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
212 return false;
213 }
214
215 if (!$this->checkActivation($user)) {
216 $this->logger->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
217 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
218 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
219 return false;
220 }
221
222 // time limit
223 if (!$this->checkTimeLimit($user)) {
224 $this->logger->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
225
226 if ($this->settings->get('user_reactivate_code')) {
227 $this->logger->debug('Accout reactivation codes are active');
228 $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
229 } else {
230 $this->logger->debug('Accout reactivation codes are inactive');
231 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
232 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
233 }
234 return false;
235 }
236
237 // ip check
238 if (!$this->checkIp($user)) {
239 $this->logger->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
240 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
241 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
242 return false;
243 }
244
245 // check simultaneos logins
246 $this->logger->debug('Check simutaneous login');
247 if (!$this->checkSimultaneousLogins($user)) {
248 $this->logger->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
249 $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
250 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
251 return false;
252 }
253
254 // check if profile is complete
255 if ($this->user_profile->isProfileIncomplete($user)
256 && ilAuthFactory::getContext() !== ilAuthFactory::CONTEXT_ECS
257 && ilContext::getType() !== ilContext::CONTEXT_LTI_PROVIDER) {
258 ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
259 $user->setProfileIncomplete(true);
260 }
261
262 // redirects in case of error (session pool limit reached)
263 ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
264
265
266 // @todo move to event handling
267 ilOnlineTracking::addUser($user->getId());
268
269 $security_settings = ilSecuritySettings::_getInstance();
270
271 // determine first login of user for setting an indicator
272 // which still is available in PersonalDesktop, Repository, ...
273 // (last login date is set to current date in next step)
274 if (
275 $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
276 $user->getLastLogin() === ''
277 ) {
278 $user->resetLastPasswordChange();
279 }
280
281 if ($user->getLoginAttempts() > 0) {
282 $user->setLoginAttempts(0);
283 }
284 $user->refreshLogin();
285 $user->update();
286
287 $this->logger->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
288 $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
289
290 ilInitialisation::initUserAccount();
291
292 ilSession::set('orig_request_target', '');
293
294
295 // --- anonymous/registered user
296 if (PHP_SAPI !== 'cli') {
297 $this->logger->info(
298 'logged in as ' . $user->getLogin() .
299 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
300 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
301 );
302 } else {
303 $this->logger->info(
304 'logged in as ' . $user->getLogin() . ' from CLI'
305 );
306 }
307
308 // finally raise event
309 $this->ilAppEventHandler->raise(
310 'components/ILIAS/Authentication',
311 'afterLogin',
312 [
313 'username' => $user->getLogin()
314 ]
315 );
316
317 $this->getStatus()->setReason('');
318 return true;
319 }
ilAppEventHandler\raise
raise(string $a_component, string $a_event, array $a_parameter=[])
Raise an event.
Definition: class.ilAppEventHandler.php:86
ilAuthFactory\CONTEXT_ECS
const int CONTEXT_ECS
Calendar authentication with auth token.
Definition: class.ilAuthFactory.php:50
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Definition: class.ilAuthFrontend.php:321
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Definition: class.ilAuthFrontend.php:354
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(ilObjUser $user)
Definition: class.ilAuthFrontend.php:326
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Definition: class.ilAuthFrontend.php:349
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Definition: class.ilAuthFrontend.php:370
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilContext\CONTEXT_LTI_PROVIDER
const CONTEXT_LTI_PROVIDER
Definition: class.ilContext.php:46
ilInitialisation\initUserAccount
static initUserAccount()
Init user with current account id.
Definition: class.ilInitialisation.php:852
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:2729
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilOnlineTracking\addUser
static addUser(int $a_user_id)
Definition: class.ilOnlineTracking.php:51
ilSessionControl\handleLoginEvent
static handleLoginEvent(string $a_login, ilAuthSession $auth_session)
Definition: class.ilSessionControl.php:65

References $_SERVER, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilOnlineTracking\addUser(), ANONYMOUS_USER_ID, checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, ilContext\CONTEXT_LTI_PROVIDER, getAuthSession(), ilAuthFactory\getContext(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getStatus(), ilContext\getType(), ilSessionControl\handleLoginEvent(), ilInitialisation\initUserAccount(), ILIAS\Repository\logger(), ilAppEventHandler\raise(), ilSession\set(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by authenticate(), ilAuthFrontendHTTP\authenticate(), migrateAccount(), and migrateAccountNew().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLoginAttempts()

ilAuthFrontend::handleLoginAttempts ( )
protected

Definition at line 386 of file class.ilAuthFrontend.php.

386 : void
387 {
388 $security = ilSecuritySettings::_getInstance();
389 $max_attempts = $security->getLoginMaxAttempts();
390 if ($max_attempts < 1) {
391 return;
392 }
393
394 $auth_determination = ilAuthModeDetermination::_getInstance();
395 if ($this->getCredentials()->getAuthMode() !== '') {
396 $auth_modes = [
397 $this->getCredentials()->getAuthMode()
398 ];
399 } else {
400 $auth_modes = $auth_determination->getAuthModeSequence($this->getCredentials()->getUsername());
401 }
402
403 $usr_id_candidates = [];
404 foreach (array_filter($auth_modes) as $auth_mode) {
405 if ((int) $auth_mode === ilAuthUtils::AUTH_LOCAL) {
406 $usr_id_candidates[] = ilObjUser::_lookupId($this->getCredentials()->getUsername());
407 continue;
408 }
409
410 $login = ilObjUser::_checkExternalAuthAccount(
411 ilAuthUtils::_getAuthModeName($auth_mode),
412 $this->getCredentials()->getUsername(),
413 false
414 );
415 if (!is_string($login) || $login === '') {
416 continue;
417 }
418
419 $usr_id_candidates[] = ilObjUser::_lookupId($login);
420 }
421
422 $usr_id_candidates = array_values(array_unique(array_filter($usr_id_candidates, intval(...))));
423 $num_deacticated_accounts = 0;
424 foreach ($usr_id_candidates as $usr_id) {
425 if ($usr_id === ANONYMOUS_USER_ID) {
426 continue;
427 }
428
429 $num_login_attempts = ilObjUser::_getLoginAttempts($usr_id);
430
431 if ($num_login_attempts <= $max_attempts) {
432 ilObjUser::_incrementLoginAttempts($usr_id);
433 $this->logger->notice(
434 sprintf(
435 'Incremented login attempts for user %s with id %s.',
436 $this->getCredentials()->getUsername(),
437 $usr_id
438 )
439 );
440 }
441
442 if ($num_login_attempts >= $max_attempts) {
443 ilObjUser::_setUserInactive($usr_id);
444
445 ++$num_deacticated_accounts;
446 $this->logger->warning(
447 sprintf(
448 'User account %s with id %s set to inactive due to exceeded login attempts.',
449 $this->getCredentials()->getUsername(),
450 $usr_id
451 )
452 );
453 }
454 }
455
456 if ($num_deacticated_accounts > 0) {
457 $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
458 }
459 }
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:182
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:2193
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2813
ilObjUser\_setUserInactive
static _setUserInactive(int $a_usr_id)
Definition: class.ilObjUser.php:2209

References ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_getAuthModeName(), ilAuthModeDetermination\_getInstance(), ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), ANONYMOUS_USER_ID, ilAuthUtils\AUTH_LOCAL, getCredentials(), getStatus(), and ILIAS\Repository\logger().

Referenced by handleAuthenticationFail().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Definition at line 91 of file class.ilAuthFrontend.php.

91 : bool
92 {
93 if (!$session->isAuthenticated()) {
94 $this->logger->warning('Desired user account is not authenticated');
95 return false;
96 }
97 $user = ilObjectFactory::getInstanceByObjId($session->getUserId(), false);
98
99 if (!$user instanceof ilObjUser) {
100 $this->logger->info('Cannot instantiate user account for account migration: ' . $session->getUserId());
101 return false;
102 }
103
104 $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
105
106 $this->logger->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
107
108 $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
109 $user->update();
110
111 foreach ($this->getProviders() as $provider) {
112 if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
113 $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
114 throw new InvalidArgumentException('Invalid auth provider given.');
115 }
116 $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
117 $provider->migrateAccount($this->getStatus());
118 if ($this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
119 return $this->handleAuthenticationSuccess($provider);
120 }
121 }
122 return $this->handleAuthenticationFail();
123 }
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:170
ilAuthSession\isAuthenticated
isAuthenticated()
Check if session is authenticated.
Definition: class.ilAuthSession.php:122
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388

References $provider, ilSession\get(), getCredentials(), ilObjectFactory\getInstanceByObjId(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ilAuthSession\isAuthenticated(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Definition at line 125 of file class.ilAuthFrontend.php.

125 : bool
126 {
127 foreach ($this->providers as $provider) {
128 if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
129 $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
130 throw new InvalidArgumentException('Invalid auth provider given.');
131 }
132 $provider->createNewAccount($this->getStatus());
133
134 if ($provider instanceof ilAuthProviderInterface &&
135 $this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
136 return $this->handleAuthenticationSuccess($provider);
137 }
138 }
139 return $this->handleAuthenticationFail();
140 }

References $provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Definition at line 84 of file class.ilAuthFrontend.php.

84 : void
85 {
86 $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
87 $this->getStatus()->setReason('');
88 $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
89 }
ilAuthStatus\STATUS_UNDEFINED
const int STATUS_UNDEFINED
Definition: class.ilAuthStatus.php:27

References ANONYMOUS_USER_ID, getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by authenticate(), and ilAuthFrontendHTTP\authenticate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthSession ilAuthFrontend::$auth_session
private

Definition at line 37 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $credentials

ilAuthCredentials ilAuthFrontend::$credentials
private

Definition at line 33 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getCredentials().

◆ $ilAppEventHandler

ilAppEventHandler ilAuthFrontend::$ilAppEventHandler
private

Definition at line 38 of file class.ilAuthFrontend.php.

◆ $lng

ilLanguage ilAuthFrontend::$lng
private

Definition at line 31 of file class.ilAuthFrontend.php.

◆ $logger

ilLogger ilAuthFrontend::$logger
private

Definition at line 29 of file class.ilAuthFrontend.php.

◆ $providers

array ilAuthFrontend::$providers
private

Definition at line 36 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getProviders().

◆ $settings

ilSetting ilAuthFrontend::$settings
private

Definition at line 30 of file class.ilAuthFrontend.php.

◆ $status

ilAuthStatus ilAuthFrontend::$status
private

Definition at line 34 of file class.ilAuthFrontend.php.

Referenced by __construct(), ilAuthFrontendHTTP\__construct(), and getStatus().

◆ $user_profile

Profile ilAuthFrontend::$user_profile
private

Definition at line 40 of file class.ilAuthFrontend.php.

◆ MIG_DESIRED_AUTHMODE

const string ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 27 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const string ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 25 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const string ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 26 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: