ILIAS  trunk Revision v12.0_alpha-1540-g00f839d5fa1
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\User\Settings\NewAccountMail\Repository as NewAccountMailRepository;
22
23class ilAuthProviderSoap extends ilAuthProvider
24{
25 protected string $server_host = '';
26 protected string $server_port = '';
27 protected string $server_uri = '';
28 protected bool $server_https = false;
29 protected string $server_nms = '';
30 protected bool $use_dot_net = false;
31 protected string $uri = '';
32 protected nusoap_client $client;
33 protected ilLogger $logger;
34 protected ilSetting $settings;
35 protected ilLanguage $language;
36 protected ilRbacAdmin $rbacAdmin;
37 protected ilDBInterface $db;
38
39 public function __construct(ilAuthCredentials $credentials)
40 {
41 global $DIC;
42
43 $this->settings = $DIC->settings();
44 $this->logger = $DIC->logger()->auth();
45 $this->language = $DIC->language();
46 $this->rbacAdmin = $DIC->rbac()->admin();
47 $this->db = $DIC->database();
48
49 parent::__construct($credentials);
50 }
51
52 private function initClient(): void
53 {
54 $this->server_host = (string) $this->settings->get('soap_auth_server', '');
55 $this->server_port = (string) $this->settings->get('soap_auth_port', '');
56 $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
57 $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
58 $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
59 $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
60
61 $this->uri = $this->server_https ? 'https://' : 'http://';
62 $this->uri .= $this->server_host;
63
64 if ($this->server_port > 0) {
65 $this->uri .= (':' . $this->server_port);
66 }
67 if ($this->server_uri) {
68 $this->uri .= ('/' . $this->server_uri);
69 }
70
71 require_once __DIR__ . '/../../soap/lib/nusoap.php';
72 $this->client = new nusoap_client($this->uri);
73 }
74
78 public function doAuthentication(ilAuthStatus $status): bool
79 {
80 try {
81 $this->initClient();
82 $this->handleSoapAuth($status);
83 } catch (Exception $e) {
84 $this->getLogger()->error($e->getMessage());
85 $this->getLogger()->error($e->getTraceAsString());
86
87 $this->handleAuthenticationFail($status, 'err_wrong_login');
88
89 return false;
90 }
91
92 if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
93 $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
94 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
95 ilSession::set('used_external_auth_mode', ilAuthUtils::AUTH_SOAP);
96
97 return true;
98 }
99
100 $this->handleAuthenticationFail($status, 'err_wrong_login');
101
102 return false;
103 }
104
105 private function handleSoapAuth(ilAuthStatus $status): bool
106 {
107 $this->logger->debug(sprintf(
108 'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
109 $this->getCredentials()->getUsername(),
110 'soap'
111 ));
112 $this->logger->debug(sprintf(
113 'Trying to find ext_account "%s" for auth_mode "%s".',
114 $this->getCredentials()->getUsername(),
115 'soap'
116 ));
117
118 $internalLogin = ilObjUser::_checkExternalAuthAccount(
119 'soap',
120 $this->getCredentials()->getUsername()
121 );
122
123 $isNewUser = false;
124 if ('' === $internalLogin || null === $internalLogin) {
125 $isNewUser = true;
126 }
127
128 $soapAction = '';
129 $nspref = '';
130 if ($this->use_dot_net) {
131 $soapAction = $this->server_nms . '/isValidSession';
132 $nspref = 'ns1:';
133 }
134
135 $valid = $this->client->call(
136 'isValidSession',
137 [
138 $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
139 $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
140 $nspref . 'new_user' => $isNewUser
141 ],
142 $this->server_nms,
143 $soapAction
144 );
145
146 if (!is_array($valid)) {
147 $valid = ['valid' => false];
148 }
149
150 if ($valid['valid'] !== true) {
151 $valid['valid'] = false;
152 }
153
154 if (!$valid['valid']) {
155 $status->setReason('err_wrong_login');
156 return false;
157 }
158
159 if (!$isNewUser) {
160 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
161 return true;
162 }
163
164 if (!$this->settings->get('soap_auth_create_users')) {
165 // Translate the reasons, otherwise the default failure is displayed
166 $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
167 return false;
168 }
169
170 $userObj = new ilObjUser();
171 $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
172
173 $password = '';
174 $password_type = ilObjUser::PASSWD_CRYPTED;
175 if ($this->settings->get('soap_auth_allow_local')) {
176 $passwords = ilSecuritySettingsChecker::generatePasswords(1);
177 $password = $passwords[0];
178 $password_type = ilObjUser::PASSWD_PLAIN;
179 }
180
181 $userObj->setLogin($internalLogin);
182 $userObj->setFirstname($user->getFirstname());
183 $userObj->setLastname($user->getLastname());
184 $userObj->setTitle($userObj->getFullname());
185 $userObj->setDescription($userObj->getEmail());
186 $userObj->setEmail($user->getEmail());
187 $userObj->setPasswd($password, $password_type);
188 $userObj->setAuthMode('soap');
189 $userObj->setExternalAccount($this->getCredentials()->getUsername());
190 $userObj->setLanguage($this->language->getDefaultLanguage());
191 $userObj->setProfileIncomplete(true);
192
193 $userObj->setTimeLimitUnlimited(true);
194 $userObj->setTimeLimitFrom(time());
195 $userObj->setTimeLimitUntil(time());
196 $userObj->setOwner(0);
197 $userObj->create();
198 $userObj->setActive(true);
199 $userObj->updateOwner();
200 $userObj->saveAsNew();
201 $userObj->writePrefs();
202
203 $this->rbacAdmin->assignUser(
204 (int) $this->settings->get('soap_auth_user_default_role', '4'),
205 $userObj->getId()
206 );
207
208 if ($this->settings->get('soap_auth_account_mail', '0')) {
209 $registrationSettings = new ilRegistrationSettings();
210 $registrationSettings->setPasswordGenerationStatus(true);
211
212 $accountMail = new ilAccountRegistrationMail(
213 $registrationSettings,
214 $this->logger,
215 new NewAccountMailRepository($this->db)
216 );
217 $accountMail
218 ->withDirectRegistrationMode()
219 ->send($userObj, $password, false);
220 }
221
222 $status->setAuthenticatedUserId($userObj->getId());
223 return true;
224 }
225}
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:28
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:105
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
@inheritDoc
Definition: class.ilAuthProviderSoap.php:78
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:39
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:89
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:122
ilAuthUtils\AUTH_SOAP
const int AUTH_SOAP
Definition: class.ilAuthUtils.php:33
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjUser
User class.
Definition: class.ilObjUser.php:48
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:50
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:49
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2821
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2719
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:32
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7174
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
$valid
$valid
Definition: dummy_client.php:59
ilDBInterface
Interface ilDBInterface.
Definition: ilDBInterface.php:30
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
$DIC
global $DIC
Definition: shib_login.php:26