ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Protected Attributes
ilWebAccessChecker Class Reference

Class ilWebAccessChecker. More...

+ Collaboration diagram for ilWebAccessChecker:

Public Member Functions

 __construct (private Services $http, private CookieFactory $cookieFactory)
 ilWebAccessChecker constructor. More...
 
 check ()
 
 initILIAS ()
 
 isChecked ()
 
 setChecked (bool $checked)
 
 getPathObject ()
 
 setPathObject (ilWACPath $path_object)
 
 getDisposition ()
 
 setDisposition (string $disposition)
 
 getOverrideMimetype ()
 
 setOverrideMimetype (string $override_mimetype)
 
 isInitialized ()
 
 setInitialized (bool $initialized)
 
 isSendStatusCode ()
 
 setSendStatusCode (bool $send_status_code)
 
 isRevalidateFolderTokens ()
 
 setRevalidateFolderTokens (bool $revalidate_folder_tokens)
 
 getAppliedCheckingMethods ()
 
 setAppliedCheckingMethods (array $applied_checking_methods)
 

Static Public Member Functions

static isUseSeperateLogfile ()
 
static setUseSeperateLogfile (bool $use_seperate_logfile)
 

Data Fields

const DISPOSITION = 'disposition'
 
const STATUS_CODE = 'status_code'
 
const REVALIDATE = 'revalidate'
 
const CM_FILE_TOKEN = 1
 
const CM_FOLDER_TOKEN = 2
 
const CM_CHECKINGINSTANCE = 3
 
const CM_SECFOLDER = 4
 

Protected Member Functions

 sendHeader (string $message)
 
 checkPublicSection ()
 
 checkUser ()
 
 addAppliedCheckingMethod (int $method)
 

Protected Attributes

ilWACPath $path_object = null
 
bool $checked = false
 
string $disposition = ilFileDelivery::DISP_INLINE
 
string $override_mimetype = ''
 
bool $send_status_code = false
 
bool $initialized = false
 
bool $revalidate_folder_tokens = true
 
array $applied_checking_methods = []
 

Static Protected Attributes

static bool $use_seperate_logfile = false
 

Detailed Description

Class ilWebAccessChecker.

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch
Version
1.0.0

Definition at line 28 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct ( private Services  $http,
private CookieFactory  $cookieFactory 
)

ilWebAccessChecker constructor.

Definition at line 54 of file class.ilWebAccessChecker.php.

55 {
56 }

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod ( int  $method)
protected

Definition at line 315 of file class.ilWebAccessChecker.php.

315 : void
316 {
317 $this->applied_checking_methods[] = $method;
318 }

Referenced by check().

+ Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )
Exceptions
ilWACException

Definition at line 61 of file class.ilWebAccessChecker.php.

61 : bool
62 {
63 $path_object = new ilWACPath($this->http->request()->getRequestTarget());
64 $this->setPathObject($path_object);
65
66 // Check if Path has been signed with a token
67 $ilWACSignedPath = new ilWACSignedPath($path_object, $this->http, $this->cookieFactory);
68 if ($ilWACSignedPath->isSignedPath()) {
69 $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
70 if ($ilWACSignedPath->isSignedPathValid()) {
71 $this->setChecked(true);
72 $this->sendHeader('checked using token');
73
74 return true;
75 }
76 }
77
78 // Check if the whole secured folder has been signed
79 if ($ilWACSignedPath->isFolderSigned()) {
80 $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
81 if ($ilWACSignedPath->isFolderTokenValid()) {
82 if ($this->isRevalidateFolderTokens()) {
83 $ilWACSignedPath->revalidatingFolderToken();
84 }
85 $this->setChecked(true);
86 $this->sendHeader('checked using secure folder');
87
88 return true;
89 }
90 }
91
92 // Fallback, have to initiate ILIAS
93 $this->initILIAS();
94
95 // Check if Path is within accepted paths
96 if ($path_object->getModuleType() !== 'rs') {
97 $clean_path = $path_object->getCleanURLdecodedPath();
98 $path = realpath(__DIR__ . '/../../../../public/' . $clean_path);
99 $data_dir = realpath(CLIENT_WEB_DIR);
100 if (!str_starts_with($path, $data_dir)) {
101 return false;
102 }
103 if (dirname($path) === $data_dir && is_file($path)) {
104 return false;
105 }
106 }
107
108 if (ilWACSecurePath::hasCheckingInstanceRegistered($path_object)) {
109 // Maybe the path has been registered, lets check
110 $checkingInstance = ilWACSecurePath::getCheckingInstance($path_object);
111 $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
112 $canBeDelivered = $checkingInstance->canBeDelivered($path_object);
113 if ($canBeDelivered) {
114 $this->sendHeader('checked using fallback');
115 if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
116 $ilWACSignedPath->revalidatingFolderToken();
117 }
118 }
119 $this->setChecked(true);
120 return $canBeDelivered;
121 }
122
123 // none of the checking mechanisms could have been applied. no access
124 $this->setChecked(true);
125 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
126 return !$path_object->isInSecFolder();
127 }
ilWACPath
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACPath.php:27
ilWACPath\getCleanURLdecodedPath
getCleanURLdecodedPath()
Returns a clean (everything behind ? is removed and rawurldecoded path.
Definition: class.ilWACPath.php:424
ilWACSecurePath\hasCheckingInstanceRegistered
static hasCheckingInstanceRegistered(ilWACPath $ilWACPath)
Searches a checking instance for the given wac path.
Definition: class.ilWACSecurePath.php:79
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:32
ilWebAccessChecker\setPathObject
setPathObject(ilWACPath $path_object)
Definition: class.ilWebAccessChecker.php:234
CLIENT_WEB_DIR
const CLIENT_WEB_DIR
Definition: constants.php:47
$data_dir
$data_dir
Definition: invalid_class_map.php:21
$path
$path
Definition: ltiservices.php:30
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55

References $data_dir, $path, $path_object, addAppliedCheckingMethod(), CLIENT_WEB_DIR, ilWACPath\getCleanURLdecodedPath(), ilWACPath\getModuleType(), ilWACSecurePath\hasCheckingInstanceRegistered(), ILIAS\FileDelivery\http(), initILIAS(), ilWACPath\isInSecFolder(), isRevalidateFolderTokens(), sendHeader(), setChecked(), and setPathObject().

+ Here is the call graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )
protected
Exceptions
ilWACException

Definition at line 185 of file class.ilWebAccessChecker.php.

185 : void
186 {
187 global $DIC;
188 $is_anonymous = ((int) $DIC->user()->getId() === (int) ANONYMOUS_USER_ID);
189 $is_null_user = ($DIC->user()->getId() === 0);
190 $pub_section_activated = (bool) $DIC['ilSetting']->get('pub_section');
191 $isset = isset($DIC['ilSetting']);
192 $instanceof = $DIC['ilSetting'] instanceof ilSetting;
193
194 if (!$isset || !$instanceof) {
195 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
196 }
197
198 if ($pub_section_activated && ($is_null_user || $is_anonymous)) {
199 // Request is initiated from an enabled public area
200 return;
201 }
202
203 if ($is_anonymous || $is_null_user) {
204 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
205 }
206 }
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilWACException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACException.php:26
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
$DIC
global $DIC
Definition: shib_login.php:26

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, ANONYMOUS_USER_ID, and ILIAS\Repository\int().

Referenced by initILIAS().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )
protected

Definition at line 208 of file class.ilWebAccessChecker.php.

208 : void
209 {
210 global $DIC;
211
212 $is_user = $DIC->user() instanceof ilObjUser;
213 $user_id_is_zero = ((int) $DIC->user()->getId() === 0);
214 if (!$is_user || $user_id_is_zero) {
215 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
216 }
217 }
ilObjUser
User class.
Definition: class.ilObjUser.php:46

References $DIC, ilWACException\ACCESS_DENIED_NO_LOGIN, and ILIAS\Repository\int().

Referenced by initILIAS().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )
Returns
int[]

Definition at line 302 of file class.ilWebAccessChecker.php.

302 : array
303 {
304 return $this->applied_checking_methods;
305 }

References $applied_checking_methods.

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )

Definition at line 239 of file class.ilWebAccessChecker.php.

239 : string
240 {
241 return $this->disposition;
242 }

References $disposition.

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )

Definition at line 249 of file class.ilWebAccessChecker.php.

249 : string
250 {
251 return $this->override_mimetype;
252 }

References $override_mimetype.

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

Definition at line 229 of file class.ilWebAccessChecker.php.

229 : ?\ilWACPath
230 {
231 return $this->path_object;
232 }

References $path_object.

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )

Definition at line 135 of file class.ilWebAccessChecker.php.

135 : void
136 {
137 global $DIC;
138
139 if ($this->isInitialized()) {
140 return;
141 }
142
143 $GLOBALS['COOKIE_PATH'] = '/';
144
145 $cookie = $this->cookieFactory->create('ilClientId', $this->getPathObject()->getClient())
146 ->withPath('/')
147 ->withExpires(0);
148
149 $response = $this->http->cookieJar()
150 ->with($cookie)
151 ->renderIntoResponseHeader($this->http->response());
152
153 $this->http->saveResponse($response);
154
155 ilContext::init(ilContext::CONTEXT_WAC);
156 try {
157 ilInitialisation::initILIAS();
158 $this->checkUser();
159 $this->checkPublicSection();
160 } catch (Exception $e) {
161 if ($e instanceof ilWACException
162 && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
163 throw $e;
164 }
165 if (($e instanceof Exception && $e->getMessage() === 'Authentication failed.')
166 || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
167 $this->initAnonymousSession();
168 $this->checkUser();
169 $this->checkPublicSection();
170 }
171 }
172 $this->setInitialized(true);
173
174 // This workaround is needed because these issues:
175 // https://mantis.ilias.de/view.php?id=32284 and
176 // https://mantis.ilias.de/view.php?id=32063
177 if ($DIC->user()->getId() === 0) {
178 $DIC->user()->setId(ANONYMOUS_USER_ID);
179 }
180 }
ilContext\init
static init(string $a_type)
Init context by type.
Definition: class.ilContext.php:52
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:43
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1144
ilWebAccessChecker\setInitialized
setInitialized(bool $initialized)
Definition: class.ilWebAccessChecker.php:264
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$response
$response
Definition: xapitoken.php:93

References $DIC, Vendor\Package\$e, $GLOBALS, $response, ilWACException\ACCESS_DENIED_NO_LOGIN, ANONYMOUS_USER_ID, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, getPathObject(), ILIAS\FileDelivery\http(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )

Definition at line 219 of file class.ilWebAccessChecker.php.

219 : bool
220 {
221 return $this->checked;
222 }

References $checked.

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )

Definition at line 259 of file class.ilWebAccessChecker.php.

259 : bool
260 {
261 return $this->initialized;
262 }

References $initialized.

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )

Definition at line 279 of file class.ilWebAccessChecker.php.

279 : bool
280 {
281 return $this->revalidate_folder_tokens;
282 }

References $revalidate_folder_tokens.

Referenced by check().

+ Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )

Definition at line 269 of file class.ilWebAccessChecker.php.

269 : bool
270 {
271 return $this->send_status_code;
272 }

References $send_status_code.

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )
static

Definition at line 289 of file class.ilWebAccessChecker.php.

289 : bool
290 {
291 return self::$use_seperate_logfile;
292 }

References $use_seperate_logfile.

◆ sendHeader()

ilWebAccessChecker::sendHeader ( string  $message)
protected

Definition at line 129 of file class.ilWebAccessChecker.php.

129 : void
130 {
131 $response = $this->http->response()->withHeader('X-ILIAS-WebAccessChecker', $message);
132 $this->http->saveResponse($response);
133 }
$message
$message
Definition: xapiexit.php:31

References $response, and ILIAS\FileDelivery\http().

Referenced by check().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( array  $applied_checking_methods)
Parameters
int[]$applied_checking_methods

Definition at line 310 of file class.ilWebAccessChecker.php.

310 : void
311 {
312 $this->applied_checking_methods = $applied_checking_methods;
313 }

References $applied_checking_methods.

◆ setChecked()

ilWebAccessChecker::setChecked ( bool  $checked)

Definition at line 224 of file class.ilWebAccessChecker.php.

224 : void
225 {
226 $this->checked = $checked;
227 }

References $checked, and ILIAS\UI\examples\Symbol\Glyph\Checked\checked().

Referenced by check().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition ( string  $disposition)

Definition at line 244 of file class.ilWebAccessChecker.php.

244 : void
245 {
246 $this->disposition = $disposition;
247 }

References $disposition.

◆ setInitialized()

ilWebAccessChecker::setInitialized ( bool  $initialized)

Definition at line 264 of file class.ilWebAccessChecker.php.

264 : void
265 {
266 $this->initialized = $initialized;
267 }

References $initialized.

Referenced by initILIAS().

+ Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype ( string  $override_mimetype)

Definition at line 254 of file class.ilWebAccessChecker.php.

254 : void
255 {
256 $this->override_mimetype = $override_mimetype;
257 }

References $override_mimetype.

◆ setPathObject()

ilWebAccessChecker::setPathObject ( ilWACPath  $path_object)

Definition at line 234 of file class.ilWebAccessChecker.php.

234 : void
235 {
236 $this->path_object = $path_object;
237 }

References $path_object.

Referenced by check().

+ Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens ( bool  $revalidate_folder_tokens)

Definition at line 284 of file class.ilWebAccessChecker.php.

284 : void
285 {
286 $this->revalidate_folder_tokens = $revalidate_folder_tokens;
287 }

References $revalidate_folder_tokens.

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode ( bool  $send_status_code)

Definition at line 274 of file class.ilWebAccessChecker.php.

274 : void
275 {
276 $this->send_status_code = $send_status_code;
277 }

References $send_status_code.

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile ( bool  $use_seperate_logfile)
static

Definition at line 294 of file class.ilWebAccessChecker.php.

294 : void
295 {
296 self::$use_seperate_logfile = $use_seperate_logfile;
297 }

References $use_seperate_logfile.

Field Documentation

◆ $applied_checking_methods

array ilWebAccessChecker::$applied_checking_methods = []
protected

Definition at line 49 of file class.ilWebAccessChecker.php.

Referenced by getAppliedCheckingMethods(), and setAppliedCheckingMethods().

◆ $checked

bool ilWebAccessChecker::$checked = false
protected

Definition at line 39 of file class.ilWebAccessChecker.php.

Referenced by isChecked(), and setChecked().

◆ $disposition

string ilWebAccessChecker::$disposition = ilFileDelivery::DISP_INLINE
protected

Definition at line 40 of file class.ilWebAccessChecker.php.

Referenced by getDisposition(), and setDisposition().

◆ $initialized

bool ilWebAccessChecker::$initialized = false
protected

Definition at line 43 of file class.ilWebAccessChecker.php.

Referenced by isInitialized(), and setInitialized().

◆ $override_mimetype

string ilWebAccessChecker::$override_mimetype = ''
protected

Definition at line 41 of file class.ilWebAccessChecker.php.

Referenced by getOverrideMimetype(), and setOverrideMimetype().

◆ $path_object

ilWACPath ilWebAccessChecker::$path_object = null
protected

Definition at line 38 of file class.ilWebAccessChecker.php.

Referenced by check(), getPathObject(), and setPathObject().

◆ $revalidate_folder_tokens

bool ilWebAccessChecker::$revalidate_folder_tokens = true
protected

Definition at line 44 of file class.ilWebAccessChecker.php.

Referenced by isRevalidateFolderTokens(), and setRevalidateFolderTokens().

◆ $send_status_code

bool ilWebAccessChecker::$send_status_code = false
protected

Definition at line 42 of file class.ilWebAccessChecker.php.

Referenced by isSendStatusCode(), and setSendStatusCode().

◆ $use_seperate_logfile

bool ilWebAccessChecker::$use_seperate_logfile = false
staticprotected

Definition at line 45 of file class.ilWebAccessChecker.php.

Referenced by isUseSeperateLogfile(), and setUseSeperateLogfile().

◆ CM_CHECKINGINSTANCE

const ilWebAccessChecker::CM_CHECKINGINSTANCE = 3

Definition at line 35 of file class.ilWebAccessChecker.php.

◆ CM_FILE_TOKEN

const ilWebAccessChecker::CM_FILE_TOKEN = 1

Definition at line 33 of file class.ilWebAccessChecker.php.

◆ CM_FOLDER_TOKEN

const ilWebAccessChecker::CM_FOLDER_TOKEN = 2

Definition at line 34 of file class.ilWebAccessChecker.php.

◆ CM_SECFOLDER

const ilWebAccessChecker::CM_SECFOLDER = 4

Definition at line 36 of file class.ilWebAccessChecker.php.

◆ DISPOSITION

const ilWebAccessChecker::DISPOSITION = 'disposition'

Definition at line 30 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ REVALIDATE

const ilWebAccessChecker::REVALIDATE = 'revalidate'

Definition at line 32 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

◆ STATUS_CODE

const ilWebAccessChecker::STATUS_CODE = 'status_code'

Definition at line 31 of file class.ilWebAccessChecker.php.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

The documentation for this class was generated from the following file: