ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilAuthProviderSoap.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 class ilAuthProviderSoap extends ilAuthProvider
22 {
23  protected string $server_host = '';
24  protected string $server_port = '';
25  protected string $server_uri = '';
26  protected bool $server_https = false;
27  protected string $server_nms = '';
28  protected bool $use_dot_net = false;
29  protected string $uri = '';
30  protected nusoap_client $client;
31  protected ilLogger $logger;
32  protected ilSetting $settings;
33  protected ilLanguage $language;
34  protected ilRbacAdmin $rbacAdmin;
35 
36  public function __construct(ilAuthCredentials $credentials)
37  {
38  global $DIC;
39 
40  $this->settings = $DIC->settings();
41  $this->logger = $DIC->logger()->auth();
42  $this->language = $DIC->language();
43  $this->rbacAdmin = $DIC->rbac()->admin();
44 
45  parent::__construct($credentials);
46  }
47 
48  private function initClient(): void
49  {
50  $this->server_host = (string) $this->settings->get('soap_auth_server', '');
51  $this->server_port = (string) $this->settings->get('soap_auth_port', '');
52  $this->server_uri = (string) $this->settings->get('soap_auth_uri', '');
53  $this->server_nms = (string) $this->settings->get('soap_auth_namespace', '');
54  $this->server_https = (bool) $this->settings->get('soap_auth_use_https', '0');
55  $this->use_dot_net = (bool) $this->settings->get('use_dotnet', '0');
56 
57  $this->uri = $this->server_https ? 'https://' : 'http://';
58  $this->uri .= $this->server_host;
59 
60  if ($this->server_port > 0) {
61  $this->uri .= (':' . $this->server_port);
62  }
63  if ($this->server_uri) {
64  $this->uri .= ('/' . $this->server_uri);
65  }
66 
67  require_once __DIR__ . '/../../soap/lib/nusoap.php';
68  $this->client = new nusoap_client($this->uri);
69  }
70 
74  public function doAuthentication(ilAuthStatus $status): bool
75  {
76  try {
77  $this->initClient();
78  $this->handleSoapAuth($status);
79  } catch (Exception $e) {
80  $this->getLogger()->error($e->getMessage());
81  $this->getLogger()->error($e->getTraceAsString());
82  $status->setTranslatedReason($e->getMessage());
83  }
84 
85  if ($status->getAuthenticatedUserId() > 0 && $status->getAuthenticatedUserId() !== ANONYMOUS_USER_ID) {
86  $this->logger->info('Successfully authenticated user via SOAP: ' . $this->getCredentials()->getUsername());
87  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
88  ilSession::set('used_external_auth_mode', ilAuthUtils::AUTH_SOAP);
89 
90  return true;
91  }
92 
93  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
94 
95  return false;
96  }
97 
98  private function handleSoapAuth(ilAuthStatus $status): bool
99  {
100  $this->logger->debug(sprintf(
101  'Login observer called for SOAP authentication request of ext_account "%s" and auth_mode "%s".',
102  $this->getCredentials()->getUsername(),
103  'soap'
104  ));
105  $this->logger->debug(sprintf(
106  'Trying to find ext_account "%s" for auth_mode "%s".',
107  $this->getCredentials()->getUsername(),
108  'soap'
109  ));
110 
111  $internalLogin = ilObjUser::_checkExternalAuthAccount(
112  'soap',
113  $this->getCredentials()->getUsername()
114  );
115 
116  $isNewUser = false;
117  if ('' === $internalLogin || null === $internalLogin) {
118  $isNewUser = true;
119  }
120 
121  $soapAction = '';
122  $nspref = '';
123  if ($this->use_dot_net) {
124  $soapAction = $this->server_nms . '/isValidSession';
125  $nspref = 'ns1:';
126  }
127 
128  $valid = $this->client->call(
129  'isValidSession',
130  [
131  $nspref . 'ext_uid' => $this->getCredentials()->getUsername(),
132  $nspref . 'soap_pw' => $this->getCredentials()->getPassword(),
133  $nspref . 'new_user' => $isNewUser
134  ],
135  $this->server_nms,
136  $soapAction
137  );
138 
139  if (!is_array($valid)) {
140  $valid = ['valid' => false];
141  }
142 
143  if ($valid['valid'] !== true) {
144  $valid['valid'] = false;
145  }
146 
147  if (!$valid['valid']) {
148  $status->setReason('err_wrong_login');
149  return false;
150  }
151 
152  if (!$isNewUser) {
153  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internalLogin));
154  return true;
155  }
156 
157  if (!$this->settings->get('soap_auth_create_users')) {
158  // Translate the reasons, otherwise the default failure is displayed
159  $status->setTranslatedReason($this->language->txt('err_valid_login_account_creation_disabled'));
160  return false;
161  }
162 
163  $userObj = new ilObjUser();
164  $internalLogin = ilAuthUtils::_generateLogin($this->getCredentials()->getUsername());
165 
166  $usrData = [];
167  $usrData['firstname'] = $valid['firstname'];
168  $usrData['lastname'] = $valid['lastname'];
169  $usrData['email'] = $valid['email'];
170  $usrData['login'] = $internalLogin;
171  $usrData['passwd'] = '';
172  $usrData['passwd_type'] = ilObjUser::PASSWD_CRYPTED;
173 
174  $password = '';
175  if ($this->settings->get('soap_auth_allow_local')) {
176  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
177  $password = $passwords[0];
178  $usrData['passwd'] = $password;
179  $usrData['passwd_type'] = ilObjUser::PASSWD_PLAIN;
180  }
181 
182  $usrData['auth_mode'] = 'soap';
183  $usrData['ext_account'] = $this->getCredentials()->getUsername();
184  $usrData['profile_incomplete'] = 1;
185 
186  $userObj->assignData($usrData);
187  $userObj->setTitle($userObj->getFullname());
188  $userObj->setDescription($userObj->getEmail());
189  $userObj->setLanguage($this->language->getDefaultLanguage());
190 
191  $userObj->setTimeLimitOwner(USER_FOLDER_ID);
192  $userObj->setTimeLimitUnlimited(true);
193  $userObj->setTimeLimitFrom(time());
194  $userObj->setTimeLimitUntil(time());
195  $userObj->setOwner(0);
196  $userObj->create();
197  $userObj->setActive(true);
198  $userObj->updateOwner();
199  $userObj->saveAsNew();
200  $userObj->writePrefs();
201 
202  $this->rbacAdmin->assignUser(
203  (int) $this->settings->get('soap_auth_user_default_role', '4'),
204  $userObj->getId()
205  );
206 
207  if ($this->settings->get('soap_auth_account_mail', '0')) {
208  $registrationSettings = new ilRegistrationSettings();
209  $registrationSettings->setPasswordGenerationStatus(true);
210 
211  $accountMail = new ilAccountRegistrationMail(
212  $registrationSettings,
213  $this->language,
214  $this->logger
215  );
216  $accountMail
217  ->withDirectRegistrationMode()
218  ->send($userObj, $password, false);
219  }
220 
221  $status->setAuthenticatedUserId($userObj->getId());
222  return true;
223  }
224 }
ilAuthUtils\AUTH_SOAP
const int AUTH_SOAP
Definition: class.ilAuthUtils.php:31
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:337
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
$valid
$valid
Definition: dummy_client.php:59
ilAuthProviderSoap\handleSoapAuth
handleSoapAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:98
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:38
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilAuthProviderSoap\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderSoap.php:36
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
ilAuthStatus\getAuthenticatedUserId
getAuthenticatedUserId()
Get authenticated user id.
Definition: class.ilAuthStatus.php:122
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
$DIC
global $DIC
Definition: shib_login.php:26
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
nusoap_client
[nu]soapclient higher level class for easy usage.
Definition: nusoap.php:7182
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthProviderSoap\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderSoap.php:74
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:39
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ILIAS\UI\examples\Progress\Bar\client
client()
description: > This example shows how a Progress Bar can be rendered and used on the client...
Definition: client.php:37
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:89
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ILIAS\UI\examples\Symbol\Glyph\Language\language
language()
description: > Example for rendring a language glyph.
Definition: language.php:41
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:31
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380