Inheritance diagram for ILIAS\AuthApache\AuthFrontendCredentialsApache:

Collaboration diagram for ILIAS\AuthApache\AuthFrontendCredentialsApache:

Public Member Functions
	__construct (private readonly GlobalHttpState $http, private readonly Factory $refinery, private readonly ilCtrlInterface $ctrl)

	tryAuthenticationOnLoginPage ()
	Check if an authentication attempt should be done when login page has been called. More...

	initFromRequest ()

	hasValidTargetUrl ()

	getTargetUrl ()

Public Member Functions inherited from ilAuthFrontendCredentials
	__construct ()

	setUsername (string $a_name)

	getUsername ()

	setPassword (string $a_password)

	getPassword ()

	setAuthMode (string $a_auth_mode)

	getAuthMode ()

	setUsername (string $a_name)

	getUsername ()

	setPassword (string $a_password)

	getPassword ()

	setAuthMode (string $a_auth_mode)

	getAuthMode ()

Protected Member Functions
	getSettings ()

Private Attributes
readonly ilSetting	$settings

Additional Inherited Members
Protected Attributes inherited from ilAuthFrontendCredentials
ilLogger	$logger

Detailed Description

Definition at line 35 of file AuthFrontendCredentialsApache.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\AuthApache\AuthFrontendCredentialsApache::__construct	(	private readonly GlobalHttpState	$http,
		private readonly Factory	$refinery,
		private readonly ilCtrlInterface	$ctrl
	)

Definition at line 39 of file AuthFrontendCredentialsApache.php.

      {
        $this->settings = new ilSetting('apache_auth');
        parent::__construct();
    }

References ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\settings().

Here is the call graph for this function:

Member Function Documentation

◆ getSettings()

ILIAS\AuthApache\AuthFrontendCredentialsApache::getSettings ( )

protected

Definition at line 96 of file AuthFrontendCredentialsApache.php.

                                    : ilSetting
    {
        return $this->settings;
    }

References ILIAS\AuthApache\AuthFrontendCredentialsApache\$settings.

Referenced by ILIAS\AuthApache\AuthFrontendCredentialsApache\initFromRequest(), and ILIAS\AuthApache\AuthFrontendCredentialsApache\tryAuthenticationOnLoginPage().

Here is the caller graph for this function:

◆ getTargetUrl()

ILIAS\AuthApache\AuthFrontendCredentialsApache::getTargetUrl ( )

Definition at line 151 of file AuthFrontendCredentialsApache.php.

                                  : string
    {
        $target_url = trim($this->http->wrapper()->query()->retrieve('r', $this->refinery->kindlyTo()->string()));
 
        return ilUtil::appendUrlParameterString($target_url, 'passed_sso=1');
    }

References ilUtil\appendUrlParameterString(), and ILIAS\FileDelivery\http().

Here is the call graph for this function:

◆ hasValidTargetUrl()

ILIAS\AuthApache\AuthFrontendCredentialsApache::hasValidTargetUrl ( )

Definition at line 126 of file AuthFrontendCredentialsApache.php.

                                       : bool
    {
        $target_url = trim(
            $this->http->wrapper()->query()->retrieve('r', $this->refinery->byTrying([
                $this->refinery->kindlyTo()->string(),
                $this->refinery->always(''),
            ]))
        );
        if ($target_url === '') {
            return false;
        }
 
        $valid_hosts = [];
        $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
        if (file_exists($path) && is_readable($path)) {
            foreach (file($path) as $line) {
                if (trim($line)) {
                    $valid_hosts[] = trim($line);
                }
            }
        }
 
        return (new WhiteListUrlValidator($target_url, $valid_hosts))->isValid();
    }

References $path, CLIENT_ID, ILIAS\FileDelivery\http(), and ILIAS_DATA_DIR.

Here is the call graph for this function:

◆ initFromRequest()

ILIAS\AuthApache\AuthFrontendCredentialsApache::initFromRequest ( )

Definition at line 101 of file AuthFrontendCredentialsApache.php.

                                     : void
    {
        $mapping_field_name = $this->getSettings()->get('apache_auth_username_direct_mapping_fieldname', '');
 
        $this->logger->dump($this->http->request()->getServerParams(), ilLogLevel::DEBUG);
        $this->logger->debug($mapping_field_name);
 
        switch ($this->getSettings()->get('apache_auth_username_config_type')) {
            case AuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING:
                if (isset($this->http->request()->getServerParams()[$mapping_field_name])) {
                    $this->setUsername($this->http->request()->getServerParams()[$mapping_field_name]);
                }
                break;
 
            case AuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION:
                $factory = new UsernameProviderFactory();
                $resolver = new UsernameResolver($factory->fromClassNames(
                    require CollectUsernameProvidersObjective::PATH()
                ), $this->logger);
 
                $this->setUsername($resolver->resolve($this->http->request())->asString());
                break;
        }
    }

References $resolver, ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_BY_FUNCTION, ILIAS\AuthApache\AuthProviderApache\APACHE_AUTH_TYPE_DIRECT_MAPPING, ilLogLevel\DEBUG, ILIAS\AuthApache\AuthFrontendCredentialsApache\getSettings(), ILIAS\FileDelivery\http(), ILIAS\Repository\logger(), and ilAuthFrontendCredentials\setUsername().

Here is the call graph for this function:

◆ tryAuthenticationOnLoginPage()

ILIAS\AuthApache\AuthFrontendCredentialsApache::tryAuthenticationOnLoginPage ( )

Check if an authentication attempt should be done when login page has been called.

Redirects in case no apache authentication has been tried before (GET['passed_sso'])

Definition at line 52 of file AuthFrontendCredentialsApache.php.

                                                  : void
    {
        if (!$this->getSettings()->get('apache_enable_auth', '0')) {
            return;
        }
 
        if (!$this->getSettings()->get('apache_auth_authenticate_on_login_page', '0')) {
            return;
        }
 
        if ((\defined('IL_CERT_SSO') && \IL_CERT_SSO === true) ||
            !ilContext::supportsRedirects() ||
            $this->http->wrapper()->query()->has('passed_sso')) {
            return;
        }
 
        $redirect_url = ilUtil::getHtmlPath('./sso/index.php?force_mode_apache=1');
 
        if ($this->http->wrapper()->query()->has('target')) {
            $url = (string) ($this->http->request()->getServerParams()['REQUEST_URI'] ?? '');
            if (str_starts_with($url, '/')) {
                $url = substr($url, 1);
            }
 
            if (!str_starts_with($url, 'http')) {
                $parts = parse_url(ILIAS_HTTP_PATH);
                $url = $parts['scheme'] . '://' . $parts['host'] . '/' . $url;
            }
 
            $uri = new \ILIAS\Data\URI($url);
            /*
             * If `tryAuthenticationOnLoginPage` is called and a permanent-link "target" is provided,
             * we ensure using `goto.php` as landing page after successful authentication
             */
            $uri = $uri->withPath(str_replace(['login.php', 'ilias.php'], 'goto.php', $uri->getPath()));
            $redirect_url = ilUtil::appendUrlParameterString(
                $redirect_url,
                'r=' . urlencode($this->refinery->uri()->toString()->transform($uri))
            );
        }
 
        $this->ctrl->redirectToURL($redirect_url);
    }