ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
Public Member Functions | Data Fields | Private Member Functions | Private Attributes
ILIAS\AuthApache\AuthProviderApache Class Reference
+ Inheritance diagram for ILIAS\AuthApache\AuthProviderApache:
+ Collaboration diagram for ILIAS\AuthApache\AuthProviderApache:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 setExternalAccountName (string $name)
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 
 getLogger ()
 
 getCredentials ()
 
 doAuthentication (ilAuthStatus $status)
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 

Data Fields

const int APACHE_AUTH_TYPE_DIRECT_MAPPING = 1
 
const int APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2
 
const int APACHE_AUTH_TYPE_BY_FUNCTION = 3
 

Private Member Functions

 handleLDAPDataSource (ilAuthStatus $status)
 

Private Attributes

const string ENV_APACHE_AUTH_INDICATOR_NAME = 'apache_auth_indicator_name'
 
const string ENV_APACHE_AUTH_INDICATOR_VALUE = 'apache_auth_indicator_value'
 
const string ERR_WRONG_LOGIN = 'err_wrong_login'
 
const string APACHE_ENABLE_LDAP = 'apache_enable_ldap'
 
const string APACHE_LDAP_SID = 'apache_ldap_sid'
 
readonly ilSetting $settings
 
string $migration_account = ''
 
bool $force_new_account = false
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 

Detailed Description

Definition at line 37 of file AuthProviderApache.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\AuthApache\AuthProviderApache::__construct ( ilAuthCredentials  $credentials)

Reimplemented from ilAuthProvider.

Definition at line 55 of file AuthProviderApache.php.

56 {
57 parent::__construct($credentials);
58 $this->settings = new ilSetting('apache_auth');
59 }
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38

References ilAuthProvider\$credentials, ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ createNewAccount()

ILIAS\AuthApache\AuthProviderApache::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 135 of file AuthProviderApache.php.

135 : void
136 {
137 $this->force_new_account = true;
138 if ($this->settings->get(self::APACHE_ENABLE_LDAP, '0')) {
139 $this->handleLDAPDataSource($status);
140 }
141 }

References ILIAS\AuthApache\AuthProviderApache\handleLDAPDataSource(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ doAuthentication()

ILIAS\AuthApache\AuthProviderApache::doAuthentication ( ilAuthStatus  $status)

Implements ilAuthProviderInterface.

Definition at line 61 of file AuthProviderApache.php.

61 : bool
62 {
63 if (!$this->settings->get('apache_enable_auth', '0')) {
64 $this->getLogger()->info('Apache auth disabled.');
65 $this->handleAuthenticationFail($status, 'apache_auth_err_disabled');
66 return false;
67 }
68
69 if (!$this->settings->get(self::ENV_APACHE_AUTH_INDICATOR_NAME, '') ||
70 !$this->settings->get(self::ENV_APACHE_AUTH_INDICATOR_VALUE, '')) {
71 $this->getLogger()->warning('Apache auth indicator match failure.');
72 $this->handleAuthenticationFail($status, 'apache_auth_err_indicator_match_failure');
73 return false;
74 }
75
76 $validIndicatorValues = array_filter(
77 array_map(
78 'trim',
79 str_getcsv($this->settings->get(self::ENV_APACHE_AUTH_INDICATOR_VALUE, ''), ',', '"', '\\')
80 )
81 );
82
83 //TODO PHP8-REVIEW: $DIC->http()->request()->getServerParams()['apache_auth_indicator_name']
84 if (!isset($_SERVER[$this->settings->get(self::ENV_APACHE_AUTH_INDICATOR_NAME, '')]) ||
85 !\in_array(
86 $_SERVER[$this->settings->get(self::ENV_APACHE_AUTH_INDICATOR_NAME, '')],
87 $validIndicatorValues,
88 true
89 )) {
90 $this->getLogger()->warning('Apache authentication failed (indicator name <-> value');
91 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
92 return false;
93 }
94
95 if (!ilUtil::isLogin($this->getCredentials()->getUsername())) {
96 $this->getLogger()->warning('Invalid login name given: ' . $this->getCredentials()->getUsername());
97 $this->handleAuthenticationFail($status, 'apache_auth_err_invalid_login');
98 return false;
99 }
100
101 if ($this->getCredentials()->getUsername() === '') {
102 $this->getLogger()->info('No username given');
103 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
104 return false;
105 }
106
107 // Apache with ldap as data source
108 if ($this->settings->get(self::APACHE_ENABLE_LDAP, '0')) {
109 return $this->handleLDAPDataSource($status);
110 }
111
112 $login = ilObjUser::_checkExternalAuthAccount('apache', $this->getCredentials()->getUsername());
113 $usr_id = ilObjUser::_lookupId($login);
114 if (!$usr_id) {
115 $this->getLogger()->info(
116 'Cannot find user id for external account: ' . $this->getCredentials()->getUsername()
117 );
118 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
119 return false;
120 }
121
122 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
123 $status->setAuthenticatedUserId($usr_id);
124 return true;
125 }
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2823
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2721
ilUtil\isLogin
static isLogin(string $a_login)
Definition: class.ilUtil.php:299
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

References $_SERVER, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ILIAS\AuthApache\AuthProviderApache\handleLDAPDataSource(), ilUtil\isLogin(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), ILIAS\Repository\settings(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ getExternalAccountName()

ILIAS\AuthApache\AuthProviderApache::getExternalAccountName ( )

Get external account name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 143 of file AuthProviderApache.php.

143 : string
144 {
145 return $this->migration_account;
146 }

References ILIAS\AuthApache\AuthProviderApache\$migration_account.

◆ getTriggerAuthMode()

ILIAS\AuthApache\AuthProviderApache::getTriggerAuthMode ( )

Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth.

See also
ilAuthUtils

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 153 of file AuthProviderApache.php.

153 : string
154 {
155 return (string) ilAuthUtils::AUTH_APACHE;
156 }
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:36

References ilAuthUtils\AUTH_APACHE.

◆ getUserAuthModeName()

ILIAS\AuthApache\AuthProviderApache::getUserAuthModeName ( )

Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 158 of file AuthProviderApache.php.

158 : string
159 {
160 if ($this->settings->get(self::APACHE_LDAP_SID, '0')) {
161 return 'ldap_' . $this->settings->get(self::APACHE_LDAP_SID, '');
162 }
163
164 return 'apache';
165 }

References ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ILIAS\AuthApache\AuthProviderApache::handleLDAPDataSource ( ilAuthStatus  $status)
private

Definition at line 167 of file AuthProviderApache.php.

167 : bool
168 {
169 $server = ilLDAPServer::getInstanceByServerId(
170 (int) $this->settings->get(self::APACHE_LDAP_SID, '0')
171 );
172
173 $this->getLogger()->debug('Using ldap data source with server configuration: ' . $server->getName());
174
175 $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
176 $sync->setExternalAccount($this->getCredentials()->getUsername());
177 $sync->setUserData([]);
178 $sync->forceCreation($this->force_new_account);
179 $sync->forceReadLdapData(true);
180
181 try {
182 $internal_account = $sync->sync();
183 $this->getLogger()->debug('Internal account: ' . $internal_account);
184 } catch (\UnexpectedValueException $e) {
185 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
186 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
187 return false;
188 } catch (ilLDAPSynchronisationFailedException) {
189 $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
190 return false;
191 } catch (ilLDAPSynchronisationForbiddenException $e) {
192 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
193 $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
194 return false;
195 } catch (ilLDAPAccountMigrationRequiredException) {
196 $this->setExternalAccountName($this->getCredentials()->getUsername());
197 $this->getLogger()->info(\sprintf(
198 'Authentication failed: account migration required for external account: %s',
199 $this->getCredentials()->getUsername()
200 ));
201 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
202 return false;
203 }
204
205 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
206 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
207 return true;
208 }
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:27
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, ,...
Definition: class.ilLDAPUserSynchronisation.php:27
$server
$server
Definition: shib_login.php:28

References Vendor\Package\$e, $server, ilObjUser\_lookupId(), ilAuthProvider\getCredentials(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ILIAS\AuthApache\AuthProviderApache\setExternalAccountName(), ilAuthStatus\setStatus(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by ILIAS\AuthApache\AuthProviderApache\createNewAccount(), ILIAS\AuthApache\AuthProviderApache\doAuthentication(), and ILIAS\AuthApache\AuthProviderApache\migrateAccount().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ILIAS\AuthApache\AuthProviderApache::migrateAccount ( ilAuthStatus  $status)

Create new account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 127 of file AuthProviderApache.php.

127 : void
128 {
129 $this->force_new_account = true;
130 if ($this->settings->get(self::APACHE_ENABLE_LDAP, '0')) {
131 $this->handleLDAPDataSource($status);
132 }
133 }

References ILIAS\AuthApache\AuthProviderApache\handleLDAPDataSource(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ setExternalAccountName()

ILIAS\AuthApache\AuthProviderApache::setExternalAccountName ( string  $name)

Definition at line 148 of file AuthProviderApache.php.

148 : void
149 {
150 $this->migration_account = $name;
151 }

Referenced by ILIAS\AuthApache\AuthProviderApache\handleLDAPDataSource().

+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

bool ILIAS\AuthApache\AuthProviderApache::$force_new_account = false
private

Definition at line 53 of file AuthProviderApache.php.

◆ $migration_account

string ILIAS\AuthApache\AuthProviderApache::$migration_account = ''
private

Definition at line 52 of file AuthProviderApache.php.

Referenced by ILIAS\AuthApache\AuthProviderApache\getExternalAccountName().

◆ $settings

readonly ilSetting ILIAS\AuthApache\AuthProviderApache::$settings
private

Definition at line 51 of file AuthProviderApache.php.

◆ APACHE_AUTH_TYPE_BY_FUNCTION

const int ILIAS\AuthApache\AuthProviderApache::APACHE_AUTH_TYPE_BY_FUNCTION = 3

Definition at line 41 of file AuthProviderApache.php.

Referenced by ILIAS\AuthApache\AuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_DIRECT_MAPPING

const int ILIAS\AuthApache\AuthProviderApache::APACHE_AUTH_TYPE_DIRECT_MAPPING = 1

Definition at line 39 of file AuthProviderApache.php.

Referenced by ILIAS\AuthApache\AuthFrontendCredentialsApache\initFromRequest().

◆ APACHE_AUTH_TYPE_EXTENDED_MAPPING

const int ILIAS\AuthApache\AuthProviderApache::APACHE_AUTH_TYPE_EXTENDED_MAPPING = 2

Definition at line 40 of file AuthProviderApache.php.

◆ APACHE_ENABLE_LDAP

const string ILIAS\AuthApache\AuthProviderApache::APACHE_ENABLE_LDAP = 'apache_enable_ldap'
private

Definition at line 48 of file AuthProviderApache.php.

◆ APACHE_LDAP_SID

const string ILIAS\AuthApache\AuthProviderApache::APACHE_LDAP_SID = 'apache_ldap_sid'
private

Definition at line 49 of file AuthProviderApache.php.

◆ ENV_APACHE_AUTH_INDICATOR_NAME

const string ILIAS\AuthApache\AuthProviderApache::ENV_APACHE_AUTH_INDICATOR_NAME = 'apache_auth_indicator_name'
private

Definition at line 43 of file AuthProviderApache.php.

◆ ENV_APACHE_AUTH_INDICATOR_VALUE

const string ILIAS\AuthApache\AuthProviderApache::ENV_APACHE_AUTH_INDICATOR_VALUE = 'apache_auth_indicator_value'
private

Definition at line 44 of file AuthProviderApache.php.

◆ ERR_WRONG_LOGIN

const string ILIAS\AuthApache\AuthProviderApache::ERR_WRONG_LOGIN = 'err_wrong_login'
private

Definition at line 46 of file AuthProviderApache.php.

The documentation for this class was generated from the following file: