ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\User\Settings\NewAccountMail\Repository as NewAccountMailRepository;
22
23class ilAuthProviderSoap extends ilAuthProvider
24{
25 protected string $server_host = '';
26 protected string $server_port = '';
27 protected string $server_uri = '';
28 protected bool $server_https = false;
29 protected string $server_nms = '';
30 protected bool $use_dot_net = false;
31 protected string $uri = '';
32 protected nusoap_client $client;
33 protected ilLogger $logger;
34 protected ilSetting $settings;
35 protected ilLanguage $language;
36 protected ilRbacAdmin $rbacAdmin;
37 protected ilDBInterface $db;
38
39 public function __construct(ilAuthCredentials $credentials)
40 {
41 global $DIC;
42
43 $this->settings = $DIC->settings();
44 $this->logger = $DIC->logger()->auth();
45 $this->language = $DIC->language();
46 $this->rbacAdmin = $DIC->rbac()->admin();
47 $this->db = $DIC->database();
48
49 parent::__construct($credentials);
50 }
51
52 private function initClient(): void
53 {
54 $this->server_host = (string) $this->settings->get('soap_auth_server', '');
55 $this->server_port = (string) $this->settings->get('soap_auth_port', '');
56 $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
57 $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
58 $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
59 $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
60
61 $this->uri = $this->server_https ? 'https://' : 'http://';
62 $this->uri .= $this->server_host;
63
64 if ($this->server_port > 0) {
65 $this->uri .= (':' . $this->server_port);
66 }
67 if ($this->server_uri) {
68 $this->uri .= ('/' . $this->server_uri);
69 }
70
71 require_once __DIR__ . '/../../soap/lib/nusoap.php';
72 $this->client = new nusoap_client($this->uri);
73 }
74
78 public function doAuthentication(ilAuthStatus $status): bool
79 {
80 try {
81 $this->initClient();
82 $this->handleSoapAuth($status);
83 } catch (Exception $e) {
84 $this->getLogger()->error($e->getMessage());
85 $this->getLogger()->error($e->getTraceAsString());
86 $status->setTranslatedReason($e->getMessage());
87 }
88
89 if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
90 $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
91 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
92 ilSession::set('used_external_auth_mode', ilAuthUtils::AUTH_SOAP);
93
94 return true;
95 }
96
97 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
98
99 return false;
100 }
101
102 private function handleSoapAuth(ilAuthStatus $status): bool
103 {
104 $this->logger->debug(sprintf(
105 'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
106 $this->getCredentials()->getUsername(),
107 'soap'
108 ));
109 $this->logger->debug(sprintf(
110 'Trying to find ext_account "%s" for auth_mode "%s".',
111 $this->getCredentials()->getUsername(),
112 'soap'
113 ));
114
115 $internalLogin = ilObjUser::_checkExternalAuthAccount(
116 'soap',
117 $this->getCredentials()->getUsername()
118 );
119
120 $isNewUser = false;
121 if ('' === $internalLogin || null === $internalLogin) {
122 $isNewUser = true;
123 }
124
125 $soapAction = '';
126 $nspref = '';
127 if ($this->use_dot_net) {
128 $soapAction = $this->server_nms . '/isValidSession';
129 $nspref = 'ns1:';
130 }
131
132 $valid = $this->client->call(
133 'isValidSession',
134 [
135 $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
136 $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
137 $nspref . 'new_user' => $isNewUser
138 ],
139 $this->server_nms,
140 $soapAction
141 );
142
143 if (!is_array($valid)) {
144 $valid = ['valid' => false];
145 }
146
147 if ($valid['valid'] !== true) {
148 $valid['valid'] = false;
149 }
150
151 if (!$valid['valid']) {
152 $status->setReason('err_wrong_login');
153 return false;
154 }
155
156 if (!$isNewUser) {
157 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
158 return true;
159 }
160
161 if (!$this->settings->get('soap_auth_create_users')) {
162 // Translate the reasons, otherwise the default failure is displayed
163 $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
164 return false;
165 }
166
167 $userObj = new ilObjUser();
168 $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
169
170 $password = '';
171 $password_type = ilObjUser::PASSWD_CRYPTED;
172 if ($this->settings->get('soap_auth_allow_local')) {
173 $passwords = ilSecuritySettingsChecker::generatePasswords(1);
174 $password = $passwords[0];
175 $password_type = ilObjUser::PASSWD_PLAIN;
176 }
177
178 $userObj->setLogin($internalLogin);
179 $userObj->setFirstname($user->getFirstname());
180 $userObj->setLastname($user->getLastname());
181 $userObj->setTitle($userObj->getFullname());
182 $userObj->setDescription($userObj->getEmail());
183 $userObj->setEmail($user->getEmail());
184 $userObj->setPasswd($password, $password_type);
185 $userObj->setAuthMode('soap');
186 $userObj->setExternalAccount($this->getCredentials()->getUsername());
187 $userObj->setLanguage($this->language->getDefaultLanguage());
188 $userObj->setProfileIncomplete(true);
189
190 $userObj->setTimeLimitUnlimited(true);
191 $userObj->setTimeLimitFrom(time());
192 $userObj->setTimeLimitUntil(time());
193 $userObj->setOwner(0);
194 $userObj->create();
195 $userObj->setActive(true);
196 $userObj->updateOwner();
197 $userObj->saveAsNew();
198 $userObj->writePrefs();
199
200 $this->rbacAdmin->assignUser(
201 (int) $this->settings->get('soap_auth_user_default_role', '4'),
202 $userObj->getId()
203 );
204
205 if ($this->settings->get('soap_auth_account_mail', '0')) {
206 $registrationSettings = new ilRegistrationSettings();
207 $registrationSettings->setPasswordGenerationStatus(true);
208
209 $accountMail = new ilAccountRegistrationMail(
210 $registrationSettings,
211 $this->logger,
212 new NewAccountMailRepository($this->db)
213 );
214 $accountMail
215 ->withDirectRegistrationMode()
216 ->send($userObj, $password, false);
217 }
218
219 $status->setAuthenticatedUserId($userObj->getId());
220 return true;
221 }
222}
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:28
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:102
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
@inheritDoc
Definition: class.ilAuthProviderSoap.php:78
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:39
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:89
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:122
ilAuthUtils\AUTH_SOAP
const int AUTH_SOAP
Definition: class.ilAuthUtils.php:33
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:48
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:47
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2813
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:32
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7179
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
$valid
$valid
Definition: dummy_client.php:59
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
$DIC
global $DIC
Definition: shib_login.php:26