ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
Public Member Functions | Data Fields | Protected Member Functions | Private Attributes
ilAuthFrontend Class Reference
+ Inheritance diagram for ilAuthFrontend:
+ Collaboration diagram for ilAuthFrontend:

Public Member Functions

 __construct (ilAuthSession $session, ilAuthStatus $status, ilAuthCredentials $credentials, array $providers)
 
 getAuthSession ()
 
 getCredentials ()
 
 getProviders ()
 
 getStatus ()
 
 resetStatus ()
 
 migrateAccount (ilAuthSession $session)
 
 migrateAccountNew ()
 
 authenticate ()
 

Data Fields

const string MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'
 
const string MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'
 
const string MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'
 

Protected Member Functions

 handleAccountMigration (ilAuthProviderAccountMigrationInterface $provider)
 
 handleAuthenticationSuccess (ilAuthProviderInterface $provider)
 
 checkActivation (ilObjUser $user)
 
 checkExceededLoginAttempts (ilObjUser $user)
 
 checkTimeLimit (ilObjUser $user)
 
 checkIp (ilObjUser $user)
 
 checkSimultaneousLogins (ilObjUser $user)
 
 handleAuthenticationFail ()
 
 handleLoginAttempts ()
 

Private Attributes

ilLogger $logger
 
ilSetting $settings
 
ilLanguage $lng
 
ilAuthCredentials $credentials
 
ilAuthStatus $status
 
array $providers
 
ilAuthSession $auth_session
 
ilAppEventHandler $ilAppEventHandler
 
ilUserProfile $user_profile
 

Detailed Description

Definition at line 21 of file class.ilAuthFrontend.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthFrontend::__construct ( ilAuthSession  $session,
ilAuthStatus  $status,
ilAuthCredentials  $credentials,
array  $providers 
)
Parameters
list<ilAuthProviderInterface>$providers

Definition at line 43 of file class.ilAuthFrontend.php.

References $credentials, $DIC, $providers, $status, ILIAS\Repository\lng(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

44  {
45  global $DIC;
46  $this->logger = $DIC->logger()->auth();
47  $this->settings = $DIC->settings();
48  $this->lng = $DIC->language();
49  $this->ilAppEventHandler = $DIC->event();
50 
51  $this->auth_session = $session;
52  $this->credentials = $credentials;
53  $this->status = $status;
54  $this->providers = $providers;
55 
56  $this->user_profile = new ilUserProfile();
57  }
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilUserProfile
Class ilUserProfile.
Definition: class.ilUserProfile.php:28
$DIC
global $DIC
Definition: shib_login.php:26
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:31
+ Here is the call graph for this function:

Member Function Documentation

◆ authenticate()

ilAuthFrontend::authenticate ( )

Implements ilAuthFrontendInterface.

Definition at line 141 of file class.ilAuthFrontend.php.

References $provider, getProviders(), getStatus(), handleAccountMigration(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), resetStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

141  : bool
142  {
143  foreach ($this->getProviders() as $provider) {
144  $this->resetStatus();
145 
146  $this->logger->debug('Trying authentication against: ' . get_class($provider));
147 
148  $provider->doAuthentication($this->getStatus());
149 
150  $this->logger->debug('Authentication user id: ' . $this->getStatus()->getAuthenticatedUserId());
151 
152  switch ($this->getStatus()->getStatus()) {
153  case ilAuthStatus::STATUS_AUTHENTICATED:
154  return $this->handleAuthenticationSuccess($provider);
155 
156  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
157  $this->logger->notice('Account migration required.');
158  if ($provider instanceof ilAuthProviderAccountMigrationInterface) {
159  return $this->handleAccountMigration($provider);
160  }
161 
162  $this->logger->error('Authentication migratittion required but provider does not support interface' . get_class($provider));
163  break;
164  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
165  default:
166  $this->logger->debug('Authentication failed against: ' . get_class($provider));
167  break;
168  }
169  }
170  return $this->handleAuthenticationFail();
171  }
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Definition: class.ilAuthFrontend.php:191
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthFrontend\handleAccountMigration
handleAccountMigration(ilAuthProviderAccountMigrationInterface $provider)
Definition: class.ilAuthFrontend.php:173
$provider
$provider
Definition: ltitoken.php:80
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
+ Here is the call graph for this function:

◆ checkActivation()

ilAuthFrontend::checkActivation ( ilObjUser  $user)
protected

Definition at line 323 of file class.ilAuthFrontend.php.

References ilObjUser\getActive().

Referenced by handleAuthenticationSuccess().

323  : bool
324  {
325  return $user->getActive();
326  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkExceededLoginAttempts()

ilAuthFrontend::checkExceededLoginAttempts ( ilObjUser  $user)
protected

Definition at line 328 of file class.ilAuthFrontend.php.

References ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ANONYMOUS_USER_ID, ilObjUser\getActive(), and ilObject\getId().

Referenced by handleAuthenticationSuccess().

328  : bool
329  {
330  if ($user->getId() === ANONYMOUS_USER_ID) {
331  return true;
332  }
333 
334  $isInactive = !$user->getActive();
335  if (!$isInactive) {
336  return true;
337  }
338 
339  $security = ilSecuritySettings::_getInstance();
340  $maxLoginAttempts = $security->getLoginMaxAttempts();
341 
342  if (!$maxLoginAttempts) {
343  return true;
344  }
345 
346  $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
347 
348  return $numLoginAttempts < $maxLoginAttempts;
349  }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3539
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkIp()

ilAuthFrontend::checkIp ( ilObjUser  $user)
protected

Definition at line 356 of file class.ilAuthFrontend.php.

References $_SERVER, ilObjUser\getClientIP(), and ilLoggerFactory\getLogger().

Referenced by handleAuthenticationSuccess().

356  : bool
357  {
358  $clientip = $user->getClientIP();
359  if (trim($clientip) !== '') {
360  $clientip = preg_replace('/[^0-9.?*,:]+/', '', $clientip);
361  $clientip = str_replace(['.', '?', '*', ','], ["\\.", '[0-9]', '[0-9]*', '|'], $clientip);
362 
363  ilLoggerFactory::getLogger('auth')->debug('Check ip ' . $clientip . ' against ' . $_SERVER['REMOTE_ADDR']);
364 
365  if (!preg_match('/^' . $clientip . '$/', $_SERVER['REMOTE_ADDR'])) {
366  return false;
367  }
368  }
369  return true;
370  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkSimultaneousLogins()

ilAuthFrontend::checkSimultaneousLogins ( ilObjUser  $user)
protected

Definition at line 372 of file class.ilAuthFrontend.php.

References getAuthSession(), ilObject\getId(), ilObjUser\hasActiveSession(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Referenced by handleAuthenticationSuccess().

372  : bool
373  {
374  $this->logger->debug('Setting prevent simultaneous session is: ' . $this->settings->get('ps_prevent_simultaneous_logins'));
375  return !($this->settings->get('ps_prevent_simultaneous_logins') &&
376  ilObjUser::hasActiveSession($user->getId(), $this->getAuthSession()->getId()));
377  }
ilObjUser\hasActiveSession
static hasActiveSession(int $a_user_id, string $a_session_id)
Definition: class.ilObjUser.php:1989
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkTimeLimit()

ilAuthFrontend::checkTimeLimit ( ilObjUser  $user)
protected

Definition at line 351 of file class.ilAuthFrontend.php.

References ilObjUser\checkTimeLimit().

Referenced by handleAuthenticationSuccess().

351  : bool
352  {
353  return $user->checkTimeLimit();
354  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthSession()

ilAuthFrontend::getAuthSession ( )

Definition at line 59 of file class.ilAuthFrontend.php.

References $auth_session.

Referenced by checkSimultaneousLogins(), and handleAuthenticationSuccess().

59  : ilAuthSession
60  {
61  return $this->auth_session;
62  }
ilAuthFrontend\$auth_session
ilAuthSession $auth_session
Definition: class.ilAuthFrontend.php:35
+ Here is the caller graph for this function:

◆ getCredentials()

ilAuthFrontend::getCredentials ( )

Definition at line 64 of file class.ilAuthFrontend.php.

References $credentials.

Referenced by handleLoginAttempts(), and migrateAccount().

64  : ilAuthCredentials
65  {
66  return $this->credentials;
67  }
ilAuthFrontend\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthFrontend.php:31
+ Here is the caller graph for this function:

◆ getProviders()

ilAuthFrontend::getProviders ( )
Returns
list<ilAuthProviderInterface>

Definition at line 72 of file class.ilAuthFrontend.php.

References $providers.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), and migrateAccount().

72  : array
73  {
74  return $this->providers;
75  }
+ Here is the caller graph for this function:

◆ getStatus()

ilAuthFrontend::getStatus ( )

Definition at line 77 of file class.ilAuthFrontend.php.

References $status.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), handleAccountMigration(), handleAuthenticationSuccess(), handleLoginAttempts(), migrateAccount(), migrateAccountNew(), and resetStatus().

77  : ilAuthStatus
78  {
79  return $this->status;
80  }
+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilAuthFrontend::handleAccountMigration ( ilAuthProviderAccountMigrationInterface  $provider)
protected

Definition at line 173 of file class.ilAuthFrontend.php.

References ANONYMOUS_USER_ID, ilLogLevel\DEBUG, ilSession\dumpToString(), ilAuthProviderAccountMigrationInterface\getExternalAccountName(), getStatus(), ilAuthProviderAccountMigrationInterface\getTriggerAuthMode(), ilAuthProviderAccountMigrationInterface\getUserAuthModeName(), ILIAS\Repository\logger(), and ilSession\set().

Referenced by authenticate().

173  : bool
174  {
175  $this->logger->debug('Trigger auth mode: ' . $provider->getTriggerAuthMode());
176  $this->logger->debug('Desired auth mode: ' . $provider->getUserAuthModeName());
177  $this->logger->debug('External account: ' . $provider->getExternalAccountName());
178 
179  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
180  #$this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
181 
182  ilSession::set(static::MIG_TRIGGER_AUTHMODE, $provider->getTriggerAuthMode());
183  ilSession::set(static::MIG_DESIRED_AUTHMODE, $provider->getUserAuthModeName());
184  ilSession::set(static::MIG_EXTERNAL_ACCOUNT, $provider->getExternalAccountName());
185 
186  $this->logger->dump(ilSession::dumpToString(), ilLogLevel::DEBUG);
187 
188  return true;
189  }
ilSession\dumpToString
static dumpToString()
Definition: class.ilSession.php:405
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilAuthProviderAccountMigrationInterface\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
ilAuthProviderAccountMigrationInterface\getExternalAccountName
getExternalAccountName()
Get external account name.
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilAuthProviderAccountMigrationInterface\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth...
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationFail()

ilAuthFrontend::handleAuthenticationFail ( )
protected

Definition at line 379 of file class.ilAuthFrontend.php.

References handleLoginAttempts(), and ILIAS\Repository\logger().

Referenced by authenticate(), migrateAccount(), and migrateAccountNew().

379  : bool
380  {
381  $this->logger->debug('Authentication failed for all authentication methods.');
382 
383  $this->handleLoginAttempts();
384 
385  return false;
386  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleAuthenticationSuccess()

ilAuthFrontend::handleAuthenticationSuccess ( ilAuthProviderInterface  $provider)
protected

Definition at line 191 of file class.ilAuthFrontend.php.

References $_SERVER, ilSecuritySettings\_getInstance(), ilObjUser\_lookupLogin(), ilOnlineTracking\addUser(), ANONYMOUS_USER_ID, checkActivation(), checkExceededLoginAttempts(), checkIp(), checkSimultaneousLogins(), checkTimeLimit(), ilAuthFactory\CONTEXT_ECS, ilContext\CONTEXT_LTI_PROVIDER, getAuthSession(), ilAuthFactory\getContext(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getStatus(), ilContext\getType(), ilSessionControl\handleLoginEvent(), ilInitialisation\initUserAccount(), ILIAS\Repository\logger(), ilAppEventHandler\raise(), ilSession\set(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED.

Referenced by ilAuthFrontendHTTP\authenticate(), authenticate(), migrateAccount(), and migrateAccountNew().

191  : bool
192  {
193  $user = ilObjectFactory::getInstanceByObjId($this->getStatus()->getAuthenticatedUserId(), false);
194 
195  $this->getStatus()->setReason('auth_err_invalid_user_account');
196  // reset expired status
197  $this->getAuthSession()->setExpired(false);
198 
199  if (!$user instanceof ilObjUser) {
200  $this->logger->error('Cannot instantiate user account with id: ' . $this->getStatus()->getAuthenticatedUserId());
201  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
202  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
203  return false;
204  }
205 
206  if (!$this->checkExceededLoginAttempts($user)) {
207  $this->logger->info('Authentication failed for inactive user with id and too may login attempts: ' . $this->getStatus()->getAuthenticatedUserId());
208  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
209  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
210  return false;
211  }
212 
213  if (!$this->checkActivation($user)) {
214  $this->logger->info('Authentication failed for inactive user with id: ' . $this->getStatus()->getAuthenticatedUserId());
215  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
216  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
217  return false;
218  }
219 
220  // time limit
221  if (!$this->checkTimeLimit($user)) {
222  $this->logger->info('Authentication failed (time limit restriction) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
223 
224  if ($this->settings->get('user_reactivate_code')) {
225  $this->logger->debug('Accout reactivation codes are active');
226  $this->getStatus()->setStatus(ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED);
227  } else {
228  $this->logger->debug('Accout reactivation codes are inactive');
229  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
230  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
231  }
232  return false;
233  }
234 
235  // ip check
236  if (!$this->checkIp($user)) {
237  $this->logger->info('Authentication failed (wrong ip) for user with id: ' . $this->getStatus()->getAuthenticatedUserId());
238  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
239  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
240  return false;
241  }
242 
243  // check simultaneos logins
244  $this->logger->debug('Check simutaneous login');
245  if (!$this->checkSimultaneousLogins($user)) {
246  $this->logger->info('Authentication failed: simultaneous logins forbidden for user: ' . $this->getStatus()->getAuthenticatedUserId());
247  $this->getStatus()->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
248  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
249  return false;
250  }
251 
252  // check if profile is complete
253  if (
254  $this->user_profile->isProfileIncomplete($user) &&
255  ilAuthFactory::getContext() !== ilAuthFactory::CONTEXT_ECS &&
256  ilContext::getType() !== ilContext::CONTEXT_LTI_PROVIDER
257  ) {
258  ilLoggerFactory::getLogger('auth')->info('User profile is incomplete.');
259  $user->setProfileIncomplete(true);
260  $user->update();
261  }
262 
263  // redirects in case of error (session pool limit reached)
264  ilSessionControl::handleLoginEvent($user->getLogin(), $this->getAuthSession());
265 
266 
267  // @todo move to event handling
268  ilOnlineTracking::addUser($user->getId());
269 
270  $security_settings = ilSecuritySettings::_getInstance();
271 
272  // determine first login of user for setting an indicator
273  // which still is available in PersonalDesktop, Repository, ...
274  // (last login date is set to current date in next step)
275  if (
276  $security_settings->isPasswordChangeOnFirstLoginEnabled() &&
277  $user->getLastLogin() === ''
278  ) {
279  $user->resetLastPasswordChange();
280  }
281  $user->refreshLogin();
282 
283  if ($user->getLoginAttempts() > 0) {
284  $user->setLoginAttempts(0);
285  $user->update();
286  }
287 
288 
289  $this->logger->info('Successfully authenticated: ' . ilObjUser::_lookupLogin($this->getStatus()->getAuthenticatedUserId()));
290  $this->getAuthSession()->setAuthenticated(true, $this->getStatus()->getAuthenticatedUserId());
291 
292  ilInitialisation::initUserAccount();
293 
294  ilSession::set('orig_request_target', '');
295 
296 
297  // --- anonymous/registered user
298  if (PHP_SAPI !== 'cli') {
299  $this->logger->info(
300  'logged in as ' . $user->getLogin() .
301  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
302  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
303  );
304  } else {
305  $this->logger->info(
306  'logged in as ' . $user->getLogin() . ' from CLI'
307  );
308  }
309 
310  // finally raise event
311  $this->ilAppEventHandler->raise(
312  'components/ILIAS/Authentication',
313  'afterLogin',
314  [
315  'username' => $user->getLogin()
316  ]
317  );
318 
319  $this->getStatus()->setReason('');
320  return true;
321  }
ilAuthFactory\CONTEXT_ECS
const int CONTEXT_ECS
Calendar authentication with auth token.
Definition: class.ilAuthFactory.php:50
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilAuthFrontend\checkIp
checkIp(ilObjUser $user)
Definition: class.ilAuthFrontend.php:356
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilAuthFrontend\checkSimultaneousLogins
checkSimultaneousLogins(ilObjUser $user)
Definition: class.ilAuthFrontend.php:372
ilContext\CONTEXT_LTI_PROVIDER
const CONTEXT_LTI_PROVIDER
Definition: class.ilContext.php:46
ilAuthFrontend\checkExceededLoginAttempts
checkExceededLoginAttempts(ilObjUser $user)
Definition: class.ilAuthFrontend.php:328
ilOnlineTracking\addUser
static addUser(int $a_user_id)
Definition: class.ilOnlineTracking.php:51
ilAuthFrontend\checkTimeLimit
checkTimeLimit(ilObjUser $user)
Definition: class.ilAuthFrontend.php:351
ilAuthFrontend\checkActivation
checkActivation(ilObjUser $user)
Definition: class.ilAuthFrontend.php:323
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilSessionControl\handleLoginEvent
static handleLoginEvent(string $a_login, ilAuthSession $auth_session)
Definition: class.ilSessionControl.php:65
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilContext\getType
static getType()
Get context type.
Definition: class.ilContext.php:165
ilInitialisation\initUserAccount
static initUserAccount()
Init user with current account id.
Definition: class.ilInitialisation.php:853
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilAppEventHandler\raise
raise(string $a_component, string $a_event, array $a_parameter=[])
Raise an event.
Definition: class.ilAppEventHandler.php:86
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:680
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLoginAttempts()

ilAuthFrontend::handleLoginAttempts ( )
protected

Definition at line 388 of file class.ilAuthFrontend.php.

References ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_getAuthModeName(), ilAuthModeDetermination\_getInstance(), ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), ANONYMOUS_USER_ID, ilAuthUtils\AUTH_LOCAL, getCredentials(), getStatus(), and ILIAS\Repository\logger().

Referenced by handleAuthenticationFail().

388  : void
389  {
390  $security = ilSecuritySettings::_getInstance();
391  $max_attempts = $security->getLoginMaxAttempts();
392  if ($max_attempts < 1) {
393  return;
394  }
395 
396  $auth_determination = ilAuthModeDetermination::_getInstance();
397  if ($this->getCredentials()->getAuthMode() !== '') {
398  $auth_modes = [
399  $this->getCredentials()->getAuthMode()
400  ];
401  } else {
402  $auth_modes = $auth_determination->getAuthModeSequence($this->getCredentials()->getUsername());
403  }
404 
405  $usr_id_candidates = [];
406  foreach (array_filter($auth_modes) as $auth_mode) {
407  if ((int) $auth_mode === ilAuthUtils::AUTH_LOCAL) {
408  $usr_id_candidates[] = ilObjUser::_lookupId($this->getCredentials()->getUsername());
409  continue;
410  }
411 
412  $login = ilObjUser::_checkExternalAuthAccount(
413  ilAuthUtils::_getAuthModeName($auth_mode),
414  $this->getCredentials()->getUsername(),
415  false
416  );
417  if (!is_string($login) || $login === '') {
418  continue;
419  }
420 
421  $usr_id_candidates[] = ilObjUser::_lookupId($login);
422  }
423 
424  $usr_id_candidates = array_values(array_unique(array_filter($usr_id_candidates, intval(...))));
425  $num_deacticated_accounts = 0;
426  foreach ($usr_id_candidates as $usr_id) {
427  if ($usr_id === ANONYMOUS_USER_ID) {
428  continue;
429  }
430 
431  $num_login_attempts = ilObjUser::_getLoginAttempts($usr_id);
432 
433  if ($num_login_attempts <= $max_attempts) {
434  ilObjUser::_incrementLoginAttempts($usr_id);
435  $this->logger->notice(
436  sprintf(
437  'Incremented login attempts for user %s with id %s.',
438  $this->getCredentials()->getUsername(),
439  $usr_id
440  )
441  );
442  }
443 
444  if ($num_login_attempts >= $max_attempts) {
445  ilObjUser::_setUserInactive($usr_id);
446 
447  ++$num_deacticated_accounts;
448  $this->logger->warning(
449  sprintf(
450  'User account %s with id %s set to inactive due to exceeded login attempts.',
451  $this->getCredentials()->getUsername(),
452  $usr_id
453  )
454  );
455  }
456  }
457 
458  if ($num_deacticated_accounts > 0) {
459  $this->getStatus()->setReason('auth_err_login_attempts_deactivation');
460  }
461  }
ilObjUser\_getLoginAttempts
static _getLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3539
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:180
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:27
ilObjUser\_setUserInactive
static _setUserInactive(int $a_usr_id)
Definition: class.ilObjUser.php:3569
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts(int $a_usr_id)
Definition: class.ilObjUser.php:3552
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthFrontend::migrateAccount ( ilAuthSession  $session)

Definition at line 89 of file class.ilAuthFrontend.php.

References $provider, ilSession\get(), getCredentials(), ilObjectFactory\getInstanceByObjId(), getProviders(), getStatus(), ilAuthSession\getUserId(), handleAuthenticationFail(), handleAuthenticationSuccess(), ilAuthSession\isAuthenticated(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

89  : bool
90  {
91  if (!$session->isAuthenticated()) {
92  $this->logger->warning('Desired user account is not authenticated');
93  return false;
94  }
95  $user = ilObjectFactory::getInstanceByObjId($session->getUserId(), false);
96 
97  if (!$user instanceof ilObjUser) {
98  $this->logger->info('Cannot instantiate user account for account migration: ' . $session->getUserId());
99  return false;
100  }
101 
102  $user->setAuthMode(ilSession::get(static::MIG_DESIRED_AUTHMODE));
103 
104  $this->logger->debug('new auth mode is: ' . ilSession::get(self::MIG_DESIRED_AUTHMODE));
105 
106  $user->setExternalAccount(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
107  $user->update();
108 
109  foreach ($this->getProviders() as $provider) {
110  if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
111  $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
112  throw new InvalidArgumentException('Invalid auth provider given.');
113  }
114  $this->getCredentials()->setUsername(ilSession::get(static::MIG_EXTERNAL_ACCOUNT));
115  $provider->migrateAccount($this->getStatus());
116  if ($this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
117  return $this->handleAuthenticationSuccess($provider);
118  }
119  }
120  return $this->handleAuthenticationFail();
121  }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Definition: class.ilAuthFrontend.php:191
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthSession\isAuthenticated
isAuthenticated()
Check if session is authenticated.
Definition: class.ilAuthSession.php:122
ilAuthSession\getUserId
getUserId()
Get authenticated user id.
Definition: class.ilAuthSession.php:170
$provider
$provider
Definition: ltitoken.php:80
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ migrateAccountNew()

ilAuthFrontend::migrateAccountNew ( )

Definition at line 123 of file class.ilAuthFrontend.php.

References $provider, getStatus(), handleAuthenticationFail(), handleAuthenticationSuccess(), ILIAS\Repository\logger(), and ilAuthStatus\STATUS_AUTHENTICATED.

123  : bool
124  {
125  foreach ($this->providers as $provider) {
126  if (!$provider instanceof ilAuthProviderAccountMigrationInterface) {
127  $this->logger->warning('Provider: ' . get_class($provider) . ' does not support account migration.');
128  throw new InvalidArgumentException('Invalid auth provider given.');
129  }
130  $provider->createNewAccount($this->getStatus());
131 
132  if ($provider instanceof ilAuthProviderInterface &&
133  $this->getStatus()->getStatus() === ilAuthStatus::STATUS_AUTHENTICATED) {
134  return $this->handleAuthenticationSuccess($provider);
135  }
136  }
137  return $this->handleAuthenticationFail();
138  }
ilAuthFrontend\handleAuthenticationSuccess
handleAuthenticationSuccess(ilAuthProviderInterface $provider)
Definition: class.ilAuthFrontend.php:191
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
$provider
$provider
Definition: ltitoken.php:80
+ Here is the call graph for this function:

◆ resetStatus()

ilAuthFrontend::resetStatus ( )

Definition at line 82 of file class.ilAuthFrontend.php.

References ANONYMOUS_USER_ID, getStatus(), and ilAuthStatus\STATUS_UNDEFINED.

Referenced by ilAuthFrontendHTTP\authenticate(), and authenticate().

82  : void
83  {
84  $this->getStatus()->setStatus(ilAuthStatus::STATUS_UNDEFINED);
85  $this->getStatus()->setReason('');
86  $this->getStatus()->setAuthenticatedUserId(ANONYMOUS_USER_ID);
87  }
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilAuthStatus\STATUS_UNDEFINED
const int STATUS_UNDEFINED
Definition: class.ilAuthStatus.php:27
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth_session

ilAuthSession ilAuthFrontend::$auth_session
private

Definition at line 35 of file class.ilAuthFrontend.php.

Referenced by getAuthSession().

◆ $credentials

ilAuthCredentials ilAuthFrontend::$credentials
private

Definition at line 31 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getCredentials().

◆ $ilAppEventHandler

ilAppEventHandler ilAuthFrontend::$ilAppEventHandler
private

Definition at line 36 of file class.ilAuthFrontend.php.

◆ $lng

ilLanguage ilAuthFrontend::$lng
private

Definition at line 29 of file class.ilAuthFrontend.php.

◆ $logger

ilLogger ilAuthFrontend::$logger
private

Definition at line 27 of file class.ilAuthFrontend.php.

◆ $providers

array ilAuthFrontend::$providers
private

Definition at line 34 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getProviders().

◆ $settings

ilSetting ilAuthFrontend::$settings
private

Definition at line 28 of file class.ilAuthFrontend.php.

◆ $status

ilAuthStatus ilAuthFrontend::$status
private

Definition at line 32 of file class.ilAuthFrontend.php.

Referenced by __construct(), and getStatus().

◆ $user_profile

ilUserProfile ilAuthFrontend::$user_profile
private

Definition at line 38 of file class.ilAuthFrontend.php.

◆ MIG_DESIRED_AUTHMODE

const string ilAuthFrontend::MIG_DESIRED_AUTHMODE = 'mig_desired_auth_mode'

Definition at line 25 of file class.ilAuthFrontend.php.

◆ MIG_EXTERNAL_ACCOUNT

const string ilAuthFrontend::MIG_EXTERNAL_ACCOUNT = 'mig_ext_account'

Definition at line 23 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigrationNewAccount().

◆ MIG_TRIGGER_AUTHMODE

const string ilAuthFrontend::MIG_TRIGGER_AUTHMODE = 'mig_trigger_auth_mode'

Definition at line 24 of file class.ilAuthFrontend.php.

Referenced by ilStartUpGUI\doMigration(), and ilStartUpGUI\doMigrationNewAccount().

The documentation for this class was generated from the following file: