ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilAuthProviderLTI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
27class ilAuthProviderLTI extends \ilAuthProvider implements \ilAuthProviderInterface
28{
29 public const AUTH_MODE_PREFIX = 'lti';
30 private ?ilLTIDataConnector $dataConnector = null;
31 private string $lti_context_id = "";
32 private int $ref_id = 0;
33 private ?ilLTITool $provider = null;
34 private ?array $messageParameters = null;
35
36 protected string $launchReturnUrl = "";
37
38 private ?ilLogger $logger = null;
39
43 public function __construct(ilAuthCredentials $credentials)
44 {
45 parent::__construct($credentials);
46 $this->logger = ilLoggerFactory::getLogger('ltis');
47 }
48
54 public static function getAuthModeByKey(string $a_auth_key): string
55 {
56 $auth_arr = explode('_', $a_auth_key);
57 if (count($auth_arr) > 1) {
58 return 'lti_' . $auth_arr[1];
59 }
60 return 'lti';
61 }
62
68 public static function getKeyByAuthMode(string $a_auth_mode)
69 {
70 $auth_arr = explode('_', $a_auth_mode);
71 if (count($auth_arr) > 1) {
72 return ilAuthUtils::AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
73 }
74 return ilAuthUtils::AUTH_PROVIDER_LTI;
75 }
76
81 public static function getActiveAuthModes(): array
82 {
83 global $ilDB;
84
85 // move to connector
86 $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
87 $res = $ilDB->query($query);
88
89 $sids = array();
90 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
91 $sids[] = $row->consumer_pk;
92 }
93 return $sids;
94 }
95
99 public static function getAuthModes(): array
100 {
101 global $ilDB;
102
103 // move to connector
104 $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
105 $res = $ilDB->query($query);
106
107 $sids = array();
108 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
109 $sids[] = $row->consumer_pk;
110 }
111 return $sids;
112 }
113
119 public static function lookupConsumer(int $a_sid): string
120 {
121 $connector = new ilLTIDataConnector();
122 $consumer = ilLTIPlatform::fromRecordId($a_sid, $connector);
123 return $consumer->getTitle();
124 }
125
131 public static function getServerIdByAuthMode(string $a_auth_mode): ?int
132 {
133 if (self::isAuthModeLTI($a_auth_mode)) {
134 $auth_arr = explode('_', $a_auth_mode);
135 return (int) $auth_arr[1];
136 }
137 return null;
138 }
139
145 public static function isAuthModeLTI(string $a_auth_mode): bool
146 {
147 if (!$a_auth_mode) {
148 ilLoggerFactory::getLogger('ltis')->warning('No auth mode given.');
149 return false;
150 }
151 $auth_arr = explode('_', $a_auth_mode);
152 return ($auth_arr[0] == ilAuthUtils::AUTH_PROVIDER_LTI) and $auth_arr[1];
153 }
154
160 protected function findAuthKeyId(string $a_oauth_consumer_key): int
161 {
162 global $ilDB;
163
164 $query = 'SELECT consumer_pk from lti2_consumer where consumer_key = ' . $ilDB->quote(
165 $a_oauth_consumer_key,
166 'text'
167 );
168 // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
169 $this->getLogger()->debug($query);
170 $res = $ilDB->query($query);
171
172 $lti_id = 0;
173 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
174 $lti_id = $row->consumer_pk;
175 // $lti_id = $row->id;
176 }
177 $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
178 return $lti_id;
179 }
180
186 protected function findAuthPrefix(int $a_lti_id): string
187 {
188 global $ilDB;
189
190 $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
191 $this->getLogger()->debug($query);
192 $res = $ilDB->query($query);
193
194 // $prefix = 'lti'.$a_lti_id.'_';
195 $prefix = '';
196 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
197 $prefix = $row->prefix;
198 }
199 $this->getLogger()->debug('LTI prefix: ' . $prefix);
200 return $prefix;
201 }
202
208 protected function findGlobalRole(int $a_lti_id): ?int
209 {
210 global $ilDB;
211
212 $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
213 $this->getLogger()->debug($query);
214 $res = $ilDB->query($query);
215
216 $role = null;
217 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
218 $role = (int) $row->role;
219 }
220 $this->getLogger()->debug('LTI role: ' . $role);
221 return $role;
222 }
223
231 public function doAuthentication(\ilAuthStatus $status): bool
232 {
233 global $DIC;
234 $post = [];
235
236 $lti_provider = new ilLTITool(new ilLTIDataConnector());
237
238 if ($DIC->http()->wrapper()->post()->has('launch_presentation_return_url')) {
239 $this->launchReturnUrl = $DIC->http()->wrapper()->post()->retrieve('launch_presentation_return_url', $DIC->refinery()->kindlyTo()->string());
240 setcookie("launch_presentation_return_url", $this->launchReturnUrl, time() + 86400, "/", "", true, true);
241 $this->logger->info("Setting launch_presentation_return_url in cookie storage " . $this->launchReturnUrl);
242 }
243 $lti_provider->handleRequest();
244 $this->provider = $lti_provider;
245 $this->messageParameters = $this->provider->getMessageParameters();
246
247 if (!$DIC->http()->wrapper()->post()->has('launch_presentation_return_url')) {
248 $this->launchReturnUrl = $_COOKIE['launch_presentation_return_url'] ?? "";
249 $this->logger->info("Catching launch_presentation_return_url from cookies" . $this->launchReturnUrl);
250 $post["launch_presentation_return_url"] = $this->launchReturnUrl;
251 }
252
253 if (!$lti_provider->ok) {
254 $this->getLogger()->info('LTI authentication failed with message: ' . $lti_provider->reason);
255 $status->setReason($lti_provider->reason);
256 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
257 return false;
258 } else {
259 $this->getLogger()->debug('LTI authentication success');
260 }
261
262 if (empty($this->messageParameters)) {
263 $status->setReason('empty_lti_message_parameters');
264 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
265 return false;
266 }
267
268 $platform = ilLTIPlatform::fromConsumerKey($this->provider->platform->getKey(), $this->provider->platform->getDataConnector());
269 ilSession::clear("lti_context_ids");
270 $this->ref_id = $platform->getRefId();
271
272 $lti_context_ids = ilSession::get('lti_context_ids');
273
274 if (isset($lti_context_ids) && is_array($lti_context_ids)) {
275 if (!in_array($this->ref_id, $lti_context_ids)) {
276 $this->getLogger()->debug("push new lti ref_id: " . $this->ref_id);
277 $lti_context_ids[] = $this->ref_id;
278 ilSession::set('lti_context_ids', $lti_context_ids);
279 $this->getLogger()->debug((string) var_export(ilSession::get('lti_context_ids'), true));
280 }
281 } else {
282 $this->getLogger()->debug("lti_context_ids is not set. Create new array...");
283 ilSession::set('lti_context_ids', [$this->ref_id]);
284 $this->getLogger()->debug((string) var_export(ilSession::get('lti_context_ids'), true));
285 }
286
287 if (!empty($this->messageParameters['launch_presentation_return_url'])) {
288 $post['launch_presentation_return_url'] = $this->messageParameters['launch_presentation_return_url'];
289 }
290 if (!empty($this->messageParameters['launch_presentation_css_url'])) {
291 $post['launch_presentation_css_url'] = $this->messageParameters['launch_presentation_css_url'];
292 }
293 if (!empty($this->messageParameters['resource_link_title'])) {
294 $post['resource_link_title'] = $this->messageParameters['resource_link_title'];
295 }
296
297 ilSession::set('lti_' . $this->ref_id . '_post_data', $post);
298
300 $obj_definition = $DIC["objDefinition"];
301
302 ilSession::set('lti_init_target', $obj_definition->getClassName(ilObject::_lookupType($this->ref_id, true)) . '_' . $this->ref_id);
303
304 if (!$platform->enabled) {
305 $this->getLogger()->warning('Consumer is not enabled');
306 $status->setReason('lti_consumer_inactive');
307 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
308 return false;
309 }
310
311 if (!$platform->getActive()) {
312 $this->getLogger()->warning('Consumer is not active');
313 $status->setReason('lti_consumer_inactive');
314 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
315 return false;
316 }
317
318 $lti_id = $platform->getExtConsumerId();
319 if (!$lti_id) {
320 $status->setReason('lti_auth_failed_invalid_key');
321 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
322 return false;
323 }
324
325 $this->getLogger()->debug('Using prefix:' . $platform->getPrefix());
326
327 $this->getCredentials()->setUsername($this->messageParameters['user_id']);
328
329 $internal_account = $this->findUserId(
330 $this->getCredentials()->getUsername(),
331 (string) $lti_id,
332 $platform->getPrefix()
333 );
334
335 if ($internal_account) {
336 $this->updateUser($internal_account, $platform);
337 } else {
338 $internal_account = $this->createUser($platform);
339 }
340
341 $this->handleLocalRoleAssignments($internal_account, $platform, $this->ref_id);
342
343 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
344 $status->setAuthenticatedUserId($internal_account);
345
346 return true;
347 }
348
356 protected function findUserId(string $a_oauth_user, string $a_oauth_id, string $a_user_prefix): int
357 {
358 $user_name = ilObjUser::_checkExternalAuthAccount(
359 self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
360 $a_oauth_user
361 );
362 $user_id = 0;
363 if ($user_name) {
364 $user_id = ilObjUser::_lookupId($user_name);
365 }
366 $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
367 return $user_id;
368 }
369
377 protected function updateUser(int $a_local_user_id, ilLTIPlatform $consumer): int
378 {
379 global $ilClientIniFile, $DIC;
380 // if (empty($this->messageParameters)) {
381 // $status->setReason('empty_lti_message_parameters');
382 // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
383 // return false;
384 // }
385 $user_obj = new ilObjUser($a_local_user_id);
386 if (isset($this->messageParameters['lis_person_name_given'])) {
387 $user_obj->setFirstname($this->messageParameters['lis_person_name_given']);
388 } else {
389 $user_obj->setFirstname('-');
390 }
391 if (isset($this->messageParameters['lis_person_name_family'])) {
392 $user_obj->setLastname($this->messageParameters['lis_person_name_family']);
393 } else {
394 $user_obj->setLastname('-');
395 }
396 $user_obj->setEmail($this->messageParameters['lis_person_contact_email_primary']);
397
398 $user_obj->setActive(true);
399
400 $until = $user_obj->getTimeLimitUntil();
401
402 if ($until < (time() + (int) $ilClientIniFile->readVariable('session', 'expire'))) {
403 $user_obj->setTimeLimitFrom(time() - 60);
404 $user_obj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
405 }
406 $user_obj->update();
407 $user_obj->refreshLogin();
408
409 $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
410 $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
411
412 $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
413 return $user_obj->getId();
414 }
415
424 protected function createUser(ilLTIPlatform $consumer): int
425 {
426 global $ilClientIniFile, $DIC;
427 // if (empty($this->messageParameters)) {
428 // $status->setReason('empty_lti_message_parameters');
429 // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
430 // return false;
431 // }
432 $userObj = new ilObjUser();
433 $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
434
435 $newUser["login"] = $local_user;
436 if (isset($this->messageParameters['lis_person_name_given'])) {
437 $newUser["firstname"] = $this->messageParameters['lis_person_name_given'];
438 } else {
439 $newUser["firstname"] = '-';
440 }
441 if (isset($this->messageParameters['lis_person_name_family'])) {
442 $newUser["lastname"] = $this->messageParameters['lis_person_name_family'];
443 } else {
444 $newUser["lastname"] = '-';
445 }
446 $newUser['email'] = $this->messageParameters['lis_person_contact_email_primary'];
447
448 // set "plain md5" password (= no valid password)
449 // $newUser["passwd"] = "";
450 $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
451
452 $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
453 $newUser['ext_account'] = $this->getCredentials()->getUsername();
454 $newUser["profile_incomplete"] = 0;
455
456 // ILIAS 8
457 //check
458 $newUser["gender"] = 'n';
459 $newUser["title"] = null;
460 $newUser["birthday"] = null;
461 $newUser["institution"] = null;
462 $newUser["department"] = null;
463 $newUser["street"] = null;
464 $newUser["city"] = null;
465 $newUser["zipcode"] = null;
466 $newUser["country"] = null;
467 $newUser["sel_country"] = null;
468 $newUser["phone_office"] = null;
469 $newUser["phone_home"] = null;
470 $newUser["phone_mobile"] = null;
471 $newUser["fax"] = null;
472 $newUser["matriculation"] = null;
473 $newUser["second_email"] = null;
474 $newUser["hobby"] = null;
475 $newUser["client_ip"] = null;
476 $newUser["passwd_salt"] = null;//$newUser->getPasswordSalt();
477 $newUser["latitude"] = null;
478 $newUser["longitude"] = null;
479 $newUser["loc_zoom"] = null;
480 $newUser["last_login"] = null;
481 $newUser["first_login"] = null;
482 $newUser["last_profile_prompt"] = null;
483 $newUser["last_update"] = ilUtil::now();
484 $newUser["create_date"] = ilUtil::now();
485 $newUser["referral_comment"] = null;
486 $newUser["approve_date"] = null;
487 $newUser["agree_date"] = null;
488 $newUser["inactivation_date"] = null;
489 $newUser["time_limit_from"] = null;
490 $newUser["time_limit_until"] = null;
491 $newUser["is_self_registered"] = null;
492 //end to check
493
494 $newUser["passwd_enc_type"] = "";
495 $newUser["active"] = true;
496 $newUser["time_limit_owner"] = 7;
497 $newUser["time_limit_unlimited"] = 0;
498 $newUser["time_limit_message"] = 0;
499 $newUser["passwd"] = " ";
500 // $newUser["last_update"]
501
502 // system data
503 $userObj->assignData($newUser);
504 $userObj->setTitle($userObj->getFullname());
505 $userObj->setDescription($userObj->getEmail());
506
507 // set user language
508 $userObj->setLanguage($consumer->getLanguage());
509
510 // Time limit
511 $userObj->setTimeLimitOwner(7);
512 $userObj->setTimeLimitUnlimited(false);
513 $userObj->setTimeLimitFrom(time() - 5);
514 // todo ?
515 $userObj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
516
517 // Create user in DB
518 $userObj->setOwner(6);
519 $userObj->create();
520 $userObj->setActive(true);
521 // $userObj->updateOwner();
522 $userObj->setLastPasswordChangeTS(time());
523 $userObj->saveAsNew();
524 $userObj->writePrefs();
525
526 $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
527
528 $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
529 return $userObj->getId();
530 }
531
532 protected function handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id = null): bool
533 {
534 global $DIC;
535 $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
536 if (!$target_ref_id) {
537 $this->getLogger()->warning('No target id given');
538 return false;
539 }
540
541 $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
542
543 $roles = $this->messageParameters['roles'] ?? '';
544
545 if (!is_string($roles) || empty($roles)) {
546 $this->getLogger()->warning('No role information given or invalid role format.');
547 return false;
548 }
549
550 $this->getLogger()->info("Deassigning all roles for user: " . $user_id);
551 $DIC->rbac()->admin()->deassignUser($obj_settings->getTutorRole(), $user_id);
552 $DIC->rbac()->admin()->deassignUser($obj_settings->getMemberRole(), $user_id);
553 $DIC->rbac()->admin()->deassignUser($obj_settings->getAdminRole(), $user_id);
554
555 $role_arr = is_array($roles) ? $roles : explode(',', $roles);
556
557 $this->getLogger()->info('Recieved roles: ' . implode(', ', $role_arr));
558
559 $tree = $DIC->repositoryTree();
560 $parent = $tree->getParentId($target_ref_id);
561 if ($parent != 1) {
562 $this->handleLocalRoleAssignments($user_id, $consumer, $parent, $obj_settings->getMemberRole());
563 }
564 foreach ($role_arr as $role) {
565 $role = trim($role);
566 $local_role_id = $this->mapLTIRoleToLocalRole($role, $obj_settings) == 0 && $default_rol_id != null ? $default_rol_id : $this->mapLTIRoleToLocalRole($role, $obj_settings);
567 if (isset($local_role_id)) {
568 $this->getLogger()->info('Assigning local role ID: ' . $local_role_id . ' for LTI role: ' . $role . ' to user ID: ' . $user_id);
569 $DIC->rbac()->admin()->assignUser($local_role_id, $user_id);
570 } else {
571 $this->getLogger()->info('No local role mapping found for LTI role: ' . $role);
572 }
573 }
574
575 return true;
576 }
577
585 protected function mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings): ?int
586 {
587 // Prioritize more specific roles (sub-roles)
588 $role_map = [
589 // System Roles
590 'http://purl.imsglobal.org/vocab/lti/system/person#TestUser' => null, // Example: No mapping for TestUser
591 'http://purl.imsglobal.org/vocab/lis/v2/system/person#Administrator' => $settings->getAdminRole(),
592 'http://purl.imsglobal.org/vocab/lis/v2/system/person#None' => null,
593 'http://purl.imsglobal.org/vocab/lis/v2/system/person#AccountAdmin' => null, // No direct mapping
594 'http://purl.imsglobal.org/vocab/lis/v2/system/person#Creator' => null, // No direct mapping
595 'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysAdmin' => null, // No direct mapping
596 'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysSupport' => null, // No direct mapping
597 'http://purl.imsglobal.org/vocab/lis/v2/system/person#User' => null, // No direct mapping
598
599 // Institution Roles
600 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' => $settings->getAdminRole(),
601 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Faculty' => $settings->getTutorRole(),
602 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Guest' => null, // No direct mapping
603 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#None' => null,
604 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other' => null, // No direct mapping
605 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Staff' => null, // No direct mapping
606 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Student' => $settings->getMemberRole(),
607 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Alumni' => null, // No direct mapping
608 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor' => $settings->getTutorRole(),
609 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Learner' => $settings->getMemberRole(),
610 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Member' => $settings->getMemberRole(),
611 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Mentor' => null, // No direct mapping
612 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Observer' => null, // No direct mapping
613 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#ProspectiveStudent' => null, // No direct mapping
614
615 // Context Roles (Main)
616 'http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator' => $settings->getAdminRole(),
617 'http://purl.imsglobal.org/vocab/lis/v2/membership#ContentDeveloper' => null, // No direct mapping
618 'http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor' => $settings->getTutorRole(),
619 'http://purl.imsglobal.org/vocab/lis/v2/membership#Learner' => $settings->getMemberRole(),
620 'http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor' => null, // No direct mapping
621 'http://purl.imsglobal.org/vocab/lis/v2/membership#Manager' => $settings->getAdminRole(), // Potentially map to admin
622 'http://purl.imsglobal.org/vocab/lis/v2/membership#Member' => $settings->getMemberRole(),
623 'http://purl.imsglobal.org/vocab/lis/v2/membership#Officer' => null, // No direct mapping
624
625 // Context Sub-Roles (TeachingAssistant)
626 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistant' => $settings->getTutorRole(),
627 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantGroup' => $settings->getTutorRole(),
628 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantOffering' => $settings->getTutorRole(),
629 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSection' => $settings->getTutorRole(),
630 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSectionAssociation' => $settings->getTutorRole(),
631 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantTemplate' => $settings->getTutorRole(),
632 // Context Sub-Roles (Grader)
633 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Grader' => $settings->getTutorRole(), // Map Grader to Tutor
634 // Context Sub-Roles (GuestInstructor, Lecturer, PrimaryInstructor, SecondaryInstructor)
635 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#GuestInstructor' => $settings->getTutorRole(),
636 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Lecturer' => $settings->getTutorRole(),
637 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#PrimaryInstructor' => $settings->getTutorRole(),
638 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#SecondaryInstructor' => $settings->getTutorRole(),
639 // Context Sub-Roles (ExternalInstructor)
640 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#ExternalInstructor' => $settings->getTutorRole(),
641
642 // Context Sub-Roles (ExternalLearner, GuestLearner, Learner, NonCreditLearner)
643 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#ExternalLearner' => $settings->getMemberRole(),
644 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#GuestLearner' => $settings->getMemberRole(),
645 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#Learner' => $settings->getMemberRole(),
646 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#NonCreditLearner' => $settings->getMemberRole(),
647
648 // Context Sub-Roles (AreaManager, CourseCoordinator, ExternalObserver, Manager, Observer)
649 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#AreaManager' => $settings->getAdminRole(),
650 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#CourseCoordinator' => null,
651 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#ExternalObserver' => null,
652 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Manager' => $settings->getAdminRole(),
653 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Observer' => null,
654
655 // Context Sub-Roles (Advisor, Auditor, ExternalAdvisor, ExternalAuditor, ExternalLearningFacilitator, ExternalMentor, ExternalReviewer, ExternalTutor, LearningFacilitator, Mentor, Reviewer, Tutor)
656 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Advisor' => null,
657 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Auditor' => null,
658 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAdvisor' => null,
659 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAuditor' => null,
660 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalLearningFacilitator' => null,
661 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor' => null,
662 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalReviewer' => null,
663 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalTutor' => null,
664 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#LearningFacilitator' => null,
665 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Mentor' => null,
666 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Reviewer' => null,
667 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Tutor' => $settings->getTutorRole(), // Map Tutor to Tutor
668
669 // Context Sub-Roles (Chair, Communications, Secretary, Treasurer, Vice-Chair)
670 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Chair' => null,
671 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Communications' => null,
672 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Secretary' => null,
673 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Treasurer' => null,
674 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Vice-Chair' => null,
675
676 // Context Sub-Roles (ContentDeveloper, ContentExpert, ExternalContentExpert, Librarian)
677 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentDeveloper' => null,
678 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentExpert' => null,
679 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ExternalContentExpert' => null,
680 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#Librarian' => null,
681
682 // Context Sub-Roles (Member)
683 'http://purl.imsglobal.org/vocab/lis/v2/membership/Member#Member' => $settings->getMemberRole(),
684
685 // Context Sub-Roles (Administrator, Developer, ExternalDeveloper, ExternalSupport, ExternalSystemAdministrator, Support, SystemAdministrator)
686 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Administrator' => $settings->getAdminRole(),
687 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Developer' => null,
688 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalDeveloper' => null,
689 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSupport' => null,
690 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSystemAdministrator' => null,
691 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support' => null,
692 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#SystemAdministrator' => null,
693 ];
694
695 // LTI 1.0/1.1 simple names (supported for backward compatibility)
696 $simple_name_map = [
697 'Instructor' => $settings->getTutorRole(),
698 'Learner' => $settings->getMemberRole(),
699 'ContentDeveloper' => null,
700 'Administrator' => $settings->getAdminRole(),
701 'Mentor' => null,
702 'Manager' => $settings->getAdminRole(),
703 'Member' => $settings->getMemberRole(),
704 'Officer' => null,
705 ];
706
707
708 if (isset($role_map[$lti_role])) {
709 return $role_map[$lti_role];
710 } elseif (isset($simple_name_map[$lti_role])) {
711 // Check for simple names
712 return $simple_name_map[$lti_role];
713 }
714
715 return null;
716 }
717
718}
ilAuthProviderLTI
OAuth based lti authentication.
Definition: class.ilAuthProviderLTI.php:28
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:131
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:81
ilAuthProviderLTI\findAuthKeyId
findAuthKeyId(string $a_oauth_consumer_key)
find consumer key id
Definition: class.ilAuthProviderLTI.php:160
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:68
ilAuthProviderLTI\__construct
__construct(ilAuthCredentials $credentials)
Constructor.
Definition: class.ilAuthProviderLTI.php:43
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:119
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:54
ilAuthProviderLTI\createUser
createUser(ilLTIPlatform $consumer)
create new user @access protected
Definition: class.ilAuthProviderLTI.php:424
ilAuthProviderLTI\handleLocalRoleAssignments
handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
Definition: class.ilAuthProviderLTI.php:532
ilAuthProviderLTI\findAuthPrefix
findAuthPrefix(int $a_lti_id)
find lti id
Definition: class.ilAuthProviderLTI.php:186
ilAuthProviderLTI\$dataConnector
ilLTIDataConnector $dataConnector
Definition: class.ilAuthProviderLTI.php:30
ilAuthProviderLTI\mapLTIRoleToLocalRole
mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings)
Maps an LTI role (URI or simple name) to a local ILIAS role ID.
Definition: class.ilAuthProviderLTI.php:585
ilAuthProviderLTI\findUserId
findUserId(string $a_oauth_user, string $a_oauth_id, string $a_user_prefix)
Find user by auth mode and lti id.
Definition: class.ilAuthProviderLTI.php:356
ilAuthProviderLTI\updateUser
updateUser(int $a_local_user_id, ilLTIPlatform $consumer)
update existing user @access protected
Definition: class.ilAuthProviderLTI.php:377
ilAuthProviderLTI\isAuthModeLTI
static isAuthModeLTI(string $a_auth_mode)
Check if user auth mode is LTI.
Definition: class.ilAuthProviderLTI.php:145
ilAuthProviderLTI\findGlobalRole
findGlobalRole(int $a_lti_id)
find global role of consumer
Definition: class.ilAuthProviderLTI.php:208
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:45
ilLTIPlatform
LTI provider for LTI launch.
Definition: class.ilLTIPlatform.php:33
ilLTIPlatform\fromRecordId
static fromRecordId(int|string $id, DataConnector $dataConnector)
Load the platform from the database by its record ID.
Definition: class.ilLTIPlatform.php:315
ilLTIPlatform\fromConsumerKey
static fromConsumerKey(?string $key=null, $dataConnector=null, bool $autoEnable=false)
Load the platform from the database by its consumer key.
Definition: class.ilLTIPlatform.php:298
ilLTITool
LTI provider for LTI launch.
Definition: class.ilLTITool.php:33
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjUser\PASSWD_CRYPTED
const PASSWD_CRYPTED
Definition: class.ilObjUser.php:48
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2813
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\clear
static clear(string $a_var)
Definition: class.ilSession.php:398
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilUtil\now
static now()
Return current timestamp in Y-m-d H:i:s format.
Definition: class.ilUtil.php:1022
ilAuthProviderInterface\doAuthentication
doAuthentication(ilAuthStatus $status)
$res
$res
Definition: ltiservices.php:69
$post
$post
Definition: ltitoken.php:46
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
$DIC
global $DIC
Definition: shib_login.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54