ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilStartUpGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use Psr\Http\Message\ServerRequestInterface;
22 use ILIAS\UICore\PageContentProvider;
23 use ILIAS\Refinery\Factory as RefineryFactory;
24 use ILIAS\HTTP\Services as HTTPServices;
25 use ILIAS\TermsOfService\Consumer as TermsOfService;
26 use ILIAS\DataProtection\Consumer as DataProtection;
27 use ILIAS\components\Authentication\Logout\ConfigurableLogoutTarget;
28 use ILIAS\LegalDocuments\Conductor;
29 use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
30 
36 class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
37 {
38  private const PROP_USERNAME = 'username';
39  private const PROP_PASSWORD = 'password';
40  private const PROP_AUTH_MODE = 'auth_mode';
41  private const PROP_CODE = 'code';
42  private const PROP_ACCOUNT_MIGRATION = 'account_migration';
43  private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
44  private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
45 
46  private static string $forced_cmd = '';
47 
48  private ilCtrlInterface $ctrl;
49  private ilLanguage $lng;
50  private ilLogger $logger;
51  private ilGlobalTemplateInterface $mainTemplate;
52  private ilObjUser $user;
53  private ServerRequestInterface $httpRequest;
54  private ILIAS\DI\Container $dic;
55  private ilAuthSession $authSession;
56  private ilAppEventHandler $eventHandler;
57  private ilSetting $setting;
58  private ilAccessHandler $access;
59 
60  private RefineryFactory $refinery;
61  private HTTPServices $http;
62  private ilHelpGUI $help;
63  private ILIAS\UI\Factory $ui_factory;
64  private ILIAS\UI\Renderer $ui_renderer;
65 
66  public function __construct(
67  ?ilObjUser $user = null,
68  ?ilGlobalTemplateInterface $mainTemplate = null,
69  ?ServerRequestInterface $httpRequest = null
70  ) {
71  global $DIC;
72 
73  $this->dic = $DIC;
74 
75  $this->user = $user ?? $DIC->user();
76  $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
77  $this->httpRequest = $httpRequest ?? $DIC->http()->request();
78  $this->ctrl = $DIC->ctrl();
79  $this->lng = $DIC->language();
80  $this->lng->loadLanguageModule('auth');
81  $this->logger = ilLoggerFactory::getLogger('init');
82  $this->authSession = $DIC['ilAuthSession'];
83  $this->eventHandler = $DIC->event();
84  $this->setting = $DIC->settings();
85  $this->access = $DIC->access();
86  $this->help = $DIC->help();
87  $this->http = $DIC->http();
88  $this->refinery = $DIC->refinery();
89  $this->ui_factory = $DIC->ui()->factory();
90  $this->ui_renderer = $DIC->ui()->renderer();
91 
92  $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
93  $this->user->setLanguage($this->lng->getLangKey());
94  $this->help->setScreenIdComponent('init');
95  }
96 
97  public static function setForcedCommand(string $cmd): void
98  {
99  self::$forced_cmd = $cmd;
100  }
101 
102  private function checkForcedCommand(string $cmd): string
103  {
104  if (self::$forced_cmd) {
105  $cmd = self::$forced_cmd;
106  self::$forced_cmd = '';
107  }
108 
109  return $cmd;
110  }
111 
112  private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
113  {
114  return $this->refinery->custom()->transformation(static function (array $values): array {
115  return array_merge(...$values);
116  });
117  }
118 
119  private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
120  {
121  return $this->refinery->custom()->transformation(static function (array $values): array {
122  $processed_values = array_merge(
123  ilArrayUtil::stripSlashesRecursive($values),
124  isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
125  );
126 
127  return $processed_values;
128  });
129  }
130 
131  private function initTargetFromQuery(): string
132  {
133  return $this->http->wrapper()->query()->retrieve(
134  'target',
135  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
136  );
137  }
138 
139  public function getUnsafeGetCommands(): array
140  {
141  return [
142  'doLogout'
143  ];
144  }
145 
146  public function getSafePostCommands(): array
147  {
148  return [
149  'doStandardAuthentication',
150  ];
151  }
152 
153  public function executeCommand(): void
154  {
155  $cmd = $this->checkForcedCommand($this->ctrl->getCmd('processIndexPHP'));
156 
157  $next_class = $this->ctrl->getNextClass($this) ?? '';
158 
159  switch (strtolower($next_class)) {
160  case strtolower(ilLoginPageGUI::class):
161  break;
162 
163  case strtolower(ilAccountRegistrationGUI::class):
164  $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
165  return;
166 
167  case strtolower(ilPasswordAssistanceGUI::class):
168  $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
169  return;
170 
171  case strtolower(ilAccessibilityControlConceptGUI::class):
172  $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
173  return;
174 
175  default:
176  if (method_exists($this, $cmd)) {
177  $this->$cmd();
178  return;
179  }
180  }
181 
182  // because this class now implements ilCtrlSecurityInterface,
183  // it may occur that commands are null, therefore I added
184  // this as a fallback method.
185  $this->showLoginPageOrStartupPage();
186  }
187 
188  private function getLogger(): ilLogger
189  {
190  return $this->logger;
191  }
192 
193  private function jumpToRegistration(): void
194  {
195  $this->ctrl->redirectByClass(ilAccountRegistrationGUI::class);
196  }
197 
198  private function jumpToPasswordAssistance(): void
199  {
200  $this->ctrl->saveParameterByClass(ilPasswordAssistanceGUI::class, 'key');
201  $this->ctrl->redirectByClass(ilPasswordAssistanceGUI::class);
202  }
203 
204  private function showLoginPageOrStartupPage(): void
205  {
214  if ($this->authSession->isValid() && $this->authSession->getUserId() > 0 && !$this->user->isAnonymous()) {
215  ilInitialisation::redirectToStartingPage();
216  }
217 
218  $is_forced_login = $this->http->wrapper()->query()->retrieve(
219  'cmd',
220  $this->refinery->byTrying([
221  $this->refinery->kindlyTo()->string(),
222  $this->refinery->always(
223  $this->http->wrapper()->post()->retrieve(
224  'cmd',
225  $this->refinery->byTrying([
226  $this->refinery->kindlyTo()->string(),
227  $this->refinery->always('')
228  ])
229  )
230  )
231  ])
232  ) === 'force_login';
233 
234  if ($is_forced_login) {
235  // Only allow this for anonymous user, see: showLoginPageOrStartupPage
236  $this->logger->debug('Force login');
237  $messages = [];
238  if ($this->authSession->isValid()) {
239  $messages = $this->retrieveMessagesFromSession();
240  $this->logger->debug('Valid session -> logout current user');
241  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
242  $this->authSession->logout();
243 
244  $this->eventHandler->raise(
245  'components/ILIAS/Authentication',
246  'afterLogout',
247  [
248  'username' => $this->user->getLogin(),
249  'is_explicit_logout' => false,
250  ]
251  );
252 
253  $this->dic->user()->setId($this->authSession->getUserId());
254  $this->dic->user()->read();
255  }
256 
257  $this->logger->debug('Show login page');
258  foreach ($messages as $type => $content) {
259  $this->mainTemplate->setOnScreenMessage($type, $content);
260  }
261 
262  $this->showLoginPage();
263  return;
264  }
265 
266  if ($this->authSession->isValid()) {
267  $this->logger->debug('Valid session -> redirect to starting page');
268  ilInitialisation::redirectToStartingPage();
269  return;
270  }
271 
272  $this->logger->debug('No valid session -> show login');
273  $this->showLoginPage();
274  }
275 
276  private function showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
277  {
278  global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
279 
280  $this->help->setSubScreenId('login');
281 
282  $this->getLogger()->debug('Showing login page');
283 
284  $extUid = $this->http->wrapper()->query()->retrieve(
285  'ext_uid',
286  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
287  );
288 
289  $soapPw = $this->http->wrapper()->query()->retrieve(
290  'soap_pw',
291  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
292  );
293 
294  $credentials = new ilAuthFrontendCredentialsSoap(
295  $GLOBALS['DIC']->http()->request(),
296  $this->ctrl,
297  $this->setting
298  );
299 
300  $credentials->setUsername($extUid);
301  $credentials->setPassword($soapPw);
302  $credentials->tryAuthenticationOnLoginPage();
303 
304  $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
305  $frontend->tryAuthenticationOnLoginPage();
306 
307  $tpl = self::initStartUpTemplate('tpl.login.html');
308  $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
309  $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
310 
311  $page_editor_html = $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGIN);
312  $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
313  $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
314  $page_editor_html = $this->showLoginForm($page_editor_html, $form);
315  $page_editor_html = $this->showCASLoginForm($page_editor_html);
316  $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
317  $page_editor_html = $this->showSamlLoginForm($page_editor_html);
318  $page_editor_html = $this->showRegistrationLinks($page_editor_html);
319  $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
320  $page_editor_html = $this->purgePlaceholders($page_editor_html);
321 
322  // check expired session and send message
323  if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
324  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
325  } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
326  $this->lng->loadLanguageModule('registration');
327  $message_key = $this->http->wrapper()->query()->retrieve(
328  'reg_confirmation_msg',
329  $this->refinery->kindlyTo()->string()
330  );
331  $message_type = $message_key === 'reg_account_confirmation_successful' ?
332  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
333  $this->mainTemplate->setOnScreenMessage(
334  $message_type,
335  $this->lng->txt($message_key)
336  );
337  }
338 
339  if ($page_editor_html !== '') {
340  $tpl->setVariable('LPE', $page_editor_html);
341  }
342 
343  if ($this->authSession->isExpired()) {
344  // The usr_id is is still the one of the former logged-in user, so we have to unset it
345  $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
346  $this->dic->user()->setId($this->authSession->getUserId());
347  $this->dic->user()->read();
348  }
349 
350  $this->mainTemplate->setPermanentLink('auth', null, 'login');
351  self::printToGlobalTemplate($tpl);
352  }
353 
357  public static function printToGlobalTemplate($tpl): void
358  {
359  global $DIC;
360  $gtpl = $DIC['tpl'];
361  $gtpl->setContent($tpl->get());
362  $gtpl->printToStdout('DEFAULT', false, true);
363  }
364 
368  private function retrieveMessagesFromSession(): array
369  {
370  $messages = [];
371  $message_types = [
372  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
373  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
374  ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
375  ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
376  ];
377 
378  foreach ($message_types as $message_type) {
379  if (ilSession::get($message_type)) {
380  $messages[$message_type] = ilSession::get($message_type);
381  }
382  }
383 
384  return $messages;
385  }
386 
387  private function showCodeForm(
388  ?string $username = null,
389  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
390  ): void {
391  $this->help->setSubScreenId('code_input');
392 
393  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
394 
395  $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
396  $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
397  self::printToGlobalTemplate($tpl);
398  }
399 
400  private function buildCodeForm(?string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
401  {
402  $this->lng->loadLanguageModule('auth');
403 
404  $field_factory = $this->ui_factory->input()->field();
405 
406  $username_field = $field_factory
407  ->hidden()
408  ->withRequired(true);
409  if ($username !== null) {
410  $username_field = $username_field->withValue($username);
411  }
412 
413  return $this->ui_factory
414  ->input()
415  ->container()
416  ->form()
417  ->standard(
418  $this->ctrl->getFormAction($this, 'processCode'),
419  [
420  $field_factory->section(
421  [
422  self::PROP_CODE => $field_factory
423  ->text(
424  $this->lng->txt('auth_account_code'),
425  $this->lng->txt('auth_account_code_info')
426  )
427  ->withRequired(true),
428  // #11658
429  self::PROP_USERNAME => $username_field,
430  ],
431  $this->lng->txt('auth_account_code_title'),
432  ),
433  ]
434  )
435  ->withSubmitLabel($this->lng->txt('send'))
436  ->withAdditionalTransformation($this->mergeValuesTrafo())
437  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
438  }
439 
440  private function processCode(): void
441  {
442  $form = $this->buildCodeForm();
443  $form_valid = false;
444  $form_data = null;
445  if ($this->http->request()->getMethod() === 'POST') {
446  $form = $form->withRequest($this->http->request());
447  $form_data = $form->getData();
448  $form_valid = $form_data !== null;
449  }
450 
451  $uname = null;
452  if ($form_valid) {
453  $code = $form_data[self::PROP_CODE];
454  $uname = $form_data[self::PROP_USERNAME];
455  if (ilRegistrationCode::isUnusedCode($code)) {
456  $valid_until = ilRegistrationCode::getCodeValidUntil($code);
457  if (!$user_id = ilObjUser::_lookupId($uname)) {
458  $this->showLoginPage();
459  return;
460  }
461  $invalid_code = false;
462  $user = new ilObjUser($user_id);
463  if ($valid_until === '0') {
464  $user->setTimeLimitUnlimited(true);
465  } else {
466  if (is_numeric($valid_until)) {
467  $valid_until = strtotime('+' . $valid_until . 'days');
468  } else {
469  $valid_until = explode('-', $valid_until);
470  $valid_until = mktime(
471  23,
472  59,
473  59,
474  (int) $valid_until[1],
475  (int) $valid_until[2],
476  (int) $valid_until[0]
477  );
478  if ($valid_until < time()) {
479  $invalid_code = true;
480  }
481  }
482 
483  if (!$invalid_code) {
484  $user->setTimeLimitUnlimited(false);
485  $user->setTimeLimitUntil($valid_until);
486  }
487  }
488 
489  if (!$invalid_code) {
490  $user->setActive(true);
491  ilRegistrationCode::useCode($code);
492  // apply registration code role assignments
493  ilRegistrationCode::applyRoleAssignments($user, $code);
494  // apply registration code tie limits
495  ilRegistrationCode::applyAccessLimits($user, $code);
496 
497  $user->update();
498 
499  $this->ctrl->setParameter($this, 'cu', 1);
500  $this->lng->loadLanguageModule('auth');
501  $this->mainTemplate->setOnScreenMessage(
502  'success',
503  $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
504  true
505  );
506  $this->ctrl->redirect($this, 'showLoginPage');
507  }
508  }
509 
510  $this->lng->loadLanguageModule('user');
511  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
512  } else {
513  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
514  }
515 
516  $this->showCodeForm($uname, $form);
517  }
518 
519  private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
520  {
521  $field_factory = $this->ui_factory->input()->field();
522 
523  $fields = [];
524  $det = ilAuthModeDetermination::_getInstance();
525  if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
526  $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
527  $visible_auth_methods = [];
528  foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
529  if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
530  continue;
531  }
532 
533  $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
534 
535  if (isset($option['checked'])) {
536  $auth_mode = $auth_mode->withValue($key);
537  }
538  $visible_auth_methods[] = $key;
539  }
540 
541  if (count($visible_auth_methods) === 1) {
542  $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
543  }
544 
545  $fields[self::PROP_AUTH_MODE] = $auth_mode;
546  }
547 
548  $fields += [
549  self::PROP_USERNAME => $field_factory
550  ->text($this->lng->txt('username'))
551  ->withRequired(
552  true,
553  $this->refinery->custom()->constraint(
554  static function (string $value): bool {
555  return $value !== '';
556  },
557  static function (Closure $lng, string $value): string {
558  return $lng('auth_required_username');
559  }
560  )
561  ),
562  self::PROP_PASSWORD => $field_factory
563  ->password($this->lng->txt('password'))
564  ->withRevelation(true)
565  ->withRequired(
566  true,
567  $this->refinery->custom()->constraint(
568  static function (string $value): bool {
569  return $value !== '';
570  },
571  static function (Closure $lng, string $value): string {
572  return $lng('auth_required_password');
573  }
574  )
575  )
576  ->withAdditionalTransformation(
577  $this->refinery->custom()->transformation(
578  static function (ILIAS\Data\Password $value): string {
579  return $value->toString();
580  }
581  )
582  ),
583  ];
584 
585  $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias'))];
586 
587  return $this->ui_factory
588  ->input()
589  ->container()
590  ->form()
591  ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
592  ->withDedicatedName('login_form')
593  ->withSubmitLabel($this->lng->txt('log_in'))
594  ->withAdditionalTransformation($this->mergeValuesTrafo())
595  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
596  }
597 
598  private function doShibbolethAuthentication(): void
599  {
600  $this->getLogger()->debug('Trying shibboleth authentication');
601 
602  $credentials = new ilAuthFrontendCredentialsShibboleth();
603  $credentials->initFromRequest();
604 
605  $provider_factory = new ilAuthProviderFactory();
606  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_SHIBBOLETH);
607 
608  $status = ilAuthStatus::getInstance();
609 
610  $frontend_factory = new ilAuthFrontendFactory();
611  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
612  $frontend = $frontend_factory->getFrontend(
613  $this->authSession,
614  $status,
615  $credentials,
616  [$provider]
617  );
618  $frontend->authenticate();
619 
620  switch ($status->getStatus()) {
621  case ilAuthStatus::STATUS_AUTHENTICATED:
622  $this->logger->debug('Authentication successful; Redirecting to starting page.');
623  ilInitialisation::redirectToStartingPage();
624 
625  // no break
626  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
627  $this->ctrl->redirect($this, 'showAccountMigration');
628 
629  // no break
630  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
631  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
632  $this->ctrl->redirect($this, 'showLoginPage');
633  }
634 
635  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
636  $this->showLoginPage();
637  }
638 
639  private function doCasAuthentication(): void
640  {
641  $this->getLogger()->debug('Trying cas authentication');
642  $credentials = new ilAuthFrontendCredentialsCAS();
643 
644  $provider_factory = new ilAuthProviderFactory();
645  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_CAS);
646 
647  $status = ilAuthStatus::getInstance();
648 
649  $frontend_factory = new ilAuthFrontendFactory();
650  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
651  $frontend = $frontend_factory->getFrontend(
652  $this->authSession,
653  $status,
654  $credentials,
655  [$provider]
656  );
657  $frontend->authenticate();
658 
659  switch ($status->getStatus()) {
660  case ilAuthStatus::STATUS_AUTHENTICATED:
661  $this->getLogger()->debug('Authentication successful.');
662  ilInitialisation::redirectToStartingPage();
663 
664  // no break
665  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
666  default:
667  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()));
668  $this->showLoginPage();
669  }
670  }
671 
672  private function doLTIAuthentication(): void
673  {
674  $this->getLogger()->debug('Trying lti authentication');
675 
676  $credentials = new ilAuthFrontendCredentialsLTI();
677  $credentials->initFromRequest();
678 
679  $provider_factory = new ilAuthProviderFactory();
680  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
681 
682  $status = ilAuthStatus::getInstance();
683 
684  $frontend_factory = new ilAuthFrontendFactory();
685  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
686  $frontend = $frontend_factory->getFrontend(
687  $this->authSession,
688  $status,
689  $credentials,
690  [$provider]
691  );
692  $frontend->authenticate();
693 
694  switch ($status->getStatus()) {
695  case ilAuthStatus::STATUS_AUTHENTICATED:
696  ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
697  ilInitialisation::redirectToStartingPage();
698 
699  // no break
700  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
701  $this->ctrl->redirect($this, 'showAccountMigration');
702 
703  // no break
704  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
705  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
706  $this->ctrl->redirect($this, 'showLoginPage');
707  }
708 
709  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
710  $this->showLoginPage();
711  }
712 
713  private function doApacheAuthentication(): void
714  {
715  $this->getLogger()->debug('Trying apache authentication');
716 
717  $credentials = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
718  $credentials->initFromRequest();
719 
720  $provider_factory = new ilAuthProviderFactory();
721  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
722 
723  $status = ilAuthStatus::getInstance();
724 
725  $frontend_factory = new \ilAuthFrontendFactory();
726  $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
727  $frontend = $frontend_factory->getFrontend(
728  $this->authSession,
729  $status,
730  $credentials,
731  [$provider]
732  );
733  $frontend->authenticate();
734 
735  switch ($status->getStatus()) {
736  case ilAuthStatus::STATUS_AUTHENTICATED:
737  if ($credentials->hasValidTargetUrl()) {
738  $this->logger->debug(
739  sprintf(
740  'Authentication successful. Redirecting to starting page: %s',
741  $credentials->getTargetUrl()
742  )
743  );
744  $this->ctrl->redirectToURL($credentials->getTargetUrl());
745  }
746  $this->logger->debug(
747  'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
748  );
749  ilInitialisation::redirectToStartingPage();
750 
751  // no break
752  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
753  $this->ctrl->redirect($this, 'showAccountMigration');
754 
755  // no break
756  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
757  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
758  $this->ctrl->redirectToURL(
759  ilUtil::appendUrlParameterString(
760  $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
761  'passed_sso=1'
762  )
763  );
764  }
765 
766  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
767  $this->showLoginPage();
768  }
769 
770  private function doStandardAuthentication(): void
771  {
772  $form = $this->buildStandardLoginForm();
773  $form_valid = false;
774  $form_data = null;
775  if ($this->http->request()->getMethod() === 'POST') {
776  $form = $form->withRequest($this->http->request());
777  $form_data = $form->getData();
778  $form_valid = $form_data !== null;
779  }
780 
781  if (!$form_valid) {
782  $this->showLoginPage($form);
783  return;
784  }
785 
786  $this->getLogger()->debug('Trying to authenticate user.');
787 
788  $auth_callback = function () use ($form_data) {
789  $credentials = new ilAuthFrontendCredentials();
790  $credentials->setUsername($form_data[self::PROP_USERNAME]);
791  $credentials->setPassword($form_data[self::PROP_PASSWORD]);
792 
793  $det = ilAuthModeDetermination::_getInstance();
794  if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
795  $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
796  }
797 
798  $provider_factory = new ilAuthProviderFactory();
799  $providers = $provider_factory->getProviders($credentials);
800 
801  $status = ilAuthStatus::getInstance();
802 
803  $frontend_factory = new ilAuthFrontendFactory();
804  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
805  $frontend = $frontend_factory->getFrontend(
806  $this->authSession,
807  $status,
808  $credentials,
809  $providers
810  );
811  $frontend->authenticate();
812 
813  return $status;
814  };
815 
816  if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
817  $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
818  $status = $duration->stretch($auth_callback);
819  } else {
820  $status = $auth_callback();
821  }
822 
823  switch ($status->getStatus()) {
824  case ilAuthStatus::STATUS_AUTHENTICATED:
825  ilLoggerFactory::getLogger('auth')->debug(
826  'Authentication successful; Redirecting to starting page.'
827  );
828  ilInitialisation::redirectToStartingPage();
829 
830  // no break
831  case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
832  $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
833  $this->showLoginPage($this->buildCodeForm($uname));
834  return;
835 
836  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
837  $this->ctrl->redirect($this, 'showAccountMigration');
838 
839  // no break
840  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
841  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
842  $this->showLoginPage($form);
843  }
844  }
845 
846  private function showLoginForm(
847  string $page_editor_html,
848  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
849  ): string {
850  global $tpl;
851 
852  // @todo move this to auth utils.
853  // login via ILIAS (this also includes ldap)
854  // If local authentication is enabled for shibboleth users, we
855  // display the login form for ILIAS here.
856  if ((
857  $this->setting->get('auth_mode') != ilAuthUtils::AUTH_SHIBBOLETH ||
858  $this->setting->get('shib_auth_allow_local')
859  ) && $this->setting->get('auth_mode') != ilAuthUtils::AUTH_CAS) {
860  return $this->substituteLoginPageElements(
861  $tpl,
862  $page_editor_html,
863  $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
864  '[list-login-form]',
865  'LOGIN_FORM'
866  );
867  }
868 
869  return $page_editor_html;
870  }
871 
872  private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
873  {
874  if ($page_editor_html !== '') {
875  return $page_editor_html;
876  }
877 
878  return $page_editor_html;
879  }
880 
881  private function showCASLoginForm(string $page_editor_html): string
882  {
883  if ($this->setting->get('cas_active')) {
884  $tpl = new ilTemplate('tpl.login_form_cas.html', true, true, 'components/ILIAS/Init');
885  $tpl->setVariable('TXT_CAS_LOGIN', $this->lng->txt('login_to_ilias_via_cas'));
886  $tpl->setVariable('TXT_CAS_LOGIN_BUTTON', ilUtil::getImagePath('auth/cas_login_button.png'));
887  $tpl->setVariable('TXT_CAS_LOGIN_INSTRUCTIONS', $this->setting->get('cas_login_instructions'));
888  $this->ctrl->setParameter($this, 'forceCASLogin', '1');
889  $tpl->setVariable('TARGET_CAS_LOGIN', $this->ctrl->getLinkTarget($this, 'doCasAuthentication'));
890  $this->ctrl->setParameter($this, 'forceCASLogin', '');
891 
892  return $this->substituteLoginPageElements(
893  $GLOBALS['tpl'],
894  $page_editor_html,
895  $tpl->get(),
896  '[list-cas-login-form]',
897  'CAS_LOGIN_FORM'
898  );
899  }
900 
901  return $page_editor_html;
902  }
903 
904  private function showShibbolethLoginForm(string $page_editor_html): string
905  {
906  $target = $this->initTargetFromQuery();
907 
908  if ($this->setting->get('shib_active')) {
909  $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'components/ILIAS/Init');
910 
911  $tpl->setVariable(
912  'SHIB_FORMACTION',
913  './shib_login.php'
914  ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
915  $federation_name = $this->setting->get('shib_federation_name');
916  $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
917  'administrator'
918  ) . '</a>.';
919  if ($this->setting->get('shib_hos_type') === 'external_wayf') {
920  $tpl->setCurrentBlock('shibboleth_login');
921  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
922  $tpl->setVariable('IL_TARGET', $target);
923  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
924  $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
925  $tpl->setVariable(
926  'TXT_SHIB_LOGIN_INSTRUCTIONS',
927  sprintf(
928  $this->lng->txt('shib_general_login_instructions'),
929  $federation_name,
930  $admin_mail
931  )
932  );
933  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
934  $tpl->parseCurrentBlock();
935  } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
936  $tpl->setCurrentBlock('shibboleth_custom_login');
937  $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
938  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
939  $tpl->parseCurrentBlock();
940  } else {
941  $tpl->setCurrentBlock('shibboleth_wayf_login');
942  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
943  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
944  $tpl->setVariable(
945  'TXT_SELECT_HOME_ORGANIZATION',
946  sprintf(
947  $this->lng->txt('shib_select_home_organization'),
948  $this->setting->get('shib_federation_name')
949  )
950  );
951  $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
952  $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
953  $tpl->setVariable(
954  'TXT_SHIB_LOGIN_INSTRUCTIONS',
955  sprintf(
956  $this->lng->txt('shib_general_wayf_login_instructions'),
957  $admin_mail
958  )
959  );
960  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
961 
962  $ilShibbolethWAYF = new ilShibbolethWAYF();
963 
964  $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
965  $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
966  $tpl->setVariable('ILW_TARGET', $target);
967  $tpl->parseCurrentBlock();
968  }
969 
970  return $this->substituteLoginPageElements(
971  $GLOBALS['tpl'],
972  $page_editor_html,
973  $tpl->get(),
974  '[list-shibboleth-login-form]',
975  'SHIB_LOGIN_FORM'
976  );
977  }
978 
979  return $page_editor_html;
980  }
981 
985  private function substituteLoginPageElements(
986  $tpl,
987  string $page_editor_html,
988  string $element_html,
989  string $placeholder,
990  string $fallback_tplvar
991  ): string {
992  if ($page_editor_html === '') {
993  $tpl->setVariable($fallback_tplvar, $element_html);
994  return $page_editor_html;
995  }
996 
997  if (stripos($page_editor_html, $placeholder) === false) {
998  $tpl->setVariable($fallback_tplvar, $element_html);
999  return $page_editor_html;
1000  }
1001 
1002  return str_replace($placeholder, $element_html, $page_editor_html);
1003  }
1004 
1005  private function getAuthPageEditorHtml(AuthPageEditorContext $ipe_context): string
1006  {
1007  $ipe_settings = ilAuthPageEditorSettings::getInstance($ipe_context);
1008 
1009  $ipe_language = $ipe_settings->getIliasEditorLanguage($this->lng->getLangKey());
1010  if (!$ipe_language) {
1011  return '';
1012  }
1013 
1014  // if page does not exist, return nothing
1015  if (!ilPageUtil::_existsAndNotEmpty($ipe_context->pageType(), ilLanguage::lookupId($ipe_language))) {
1016  return '';
1017  }
1018 
1019  $this->dic->contentStyle()->gui()->addCss($this->mainTemplate, ilObjAuthSettings::getAuthSettingsRefId());
1020 
1021  $page_gui = new ($ipe_context->pageUiClass())(ilLanguage::lookupId($ipe_language));
1022 
1023  $page_gui->setStyleId(0);
1024 
1025  $page_gui->setPresentationTitle('');
1026  $page_gui->setTemplateOutput(false);
1027  $page_gui->setHeader('');
1028 
1029  return $page_gui->showPage();
1030  }
1031 
1032  private function showRegistrationLinks(string $page_editor_html): string
1033  {
1034  global $tpl;
1035 
1036  $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'components/ILIAS/Init');
1037 
1038  // allow new registrations?
1039  if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
1040  $rtpl->setCurrentBlock('new_registration');
1041  $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
1042  $rtpl->setVariable(
1043  'CMD_REGISTER',
1044  $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
1045  );
1046  $rtpl->parseCurrentBlock();
1047  }
1048  // allow password assistance? Surpress option if Authmode is not local database
1049  if ($this->setting->get('password_assistance')) {
1050  $rtpl->setCurrentBlock('password_assistance');
1051  $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
1052  $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
1053  $rtpl->setVariable(
1054  'CMD_FORGOT_PASSWORD',
1055  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
1056  );
1057  $rtpl->setVariable(
1058  'CMD_FORGOT_USERNAME',
1059  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
1060  );
1061  $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
1062  $rtpl->parseCurrentBlock();
1063  }
1064 
1065  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1066  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1067  $rtpl->setCurrentBlock('homelink');
1068  $rtpl->setVariable(
1069  'CLIENT_ID',
1070  '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
1071  );
1072  $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1073  $rtpl->parseCurrentBlock();
1074  }
1075 
1076  return $this->substituteLoginPageElements(
1077  $tpl,
1078  $page_editor_html,
1079  $rtpl->get(),
1080  '[list-registration-link]',
1081  'REG_PWD_CLIENT_LINKS'
1082  );
1083  }
1084 
1085  private function showLegalDocumentsLinks(string $page_editor_html): string
1086  {
1087  global $tpl;
1088  global $DIC;
1089 
1090  if (0 === $this->user->getId()) {
1091  $this->user->setId(ANONYMOUS_USER_ID);
1092  }
1093 
1094  $page_editor_html = $this->substituteLoginPageElements(
1095  $tpl,
1096  $page_editor_html,
1097  $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
1098  '[list-user-agreement]',
1099  'USER_AGREEMENT'
1100  );
1101  $page_editor_html = $this->substituteLoginPageElements(
1102  $tpl,
1103  $page_editor_html,
1104  $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
1105  '[list-dpro-agreement]',
1106  'DPRO_AGREEMENT'
1107  );
1108 
1109  return $page_editor_html;
1110  }
1111 
1112  private function purgePlaceholders(string $page_editor_html): string
1113  {
1114  return str_replace(
1115  [
1116  '[list-language-selection]',
1117  '[list-registration-link]',
1118  '[list-user-agreement]',
1119  '[list-dpro-agreement]',
1120  '[list-login-form]',
1121  '[list-cas-login-form]',
1122  '[list-saml-login]',
1123  '[list-shibboleth-login-form]',
1124  '[list-openid-connect-login]'
1125  ],
1126  '',
1127  $page_editor_html
1128  );
1129  }
1130 
1131  private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1132  {
1133  $field_factory = $this->ui_factory->input()->field();
1134 
1135  $keep = $field_factory->group(
1136  [
1137  self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1138  self::PROP_PASSWORD => $field_factory
1139  ->password($this->lng->txt('password'))
1140  ->withRequired(true)
1141  ->withRevelation(true)
1142  ->withAdditionalTransformation(
1143  $this->refinery->custom()->transformation(
1144  static function (ILIAS\Data\Password $value): string {
1145  return $value->toString();
1146  }
1147  )
1148  ),
1149  ],
1150  $this->lng->txt('auth_account_migration_keep'),
1151  $this->lng->txt('auth_info_migrate')
1152  );
1153 
1154  $new = $field_factory->group(
1155  [],
1156  $this->lng->txt('auth_account_migration_new'),
1157  $this->lng->txt('auth_info_add')
1158  );
1159 
1160  $fields = [
1161  self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1162  [
1163  self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1164  self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1165  ],
1166  $this->lng->txt('auth_account_migration_name')
1167  )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1168  ];
1169 
1170  $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1171 
1172  return $this->ui_factory->input()
1173  ->container()
1174  ->form()
1175  ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1176  ->withDedicatedName('login_form')
1177  ->withSubmitLabel($this->lng->txt('save'))
1178  ->withAdditionalTransformation($this->mergeValuesTrafo())
1179  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1180  }
1181 
1182  private function showAccountMigration(
1183  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1184  string $message = ''
1185  ): void {
1186  $this->help->setSubScreenId('account_migration');
1187 
1188  $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1189  $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1190 
1191  if ($message !== '') {
1192  $this->mainTemplate->setOnScreenMessage('failure', $message);
1193  }
1194 
1195  self::printToGlobalTemplate($tpl);
1196  }
1197 
1198  private function migrateAccount(): void
1199  {
1200  $form = $this->buildAccountMigrationForm();
1201  $form_valid = false;
1202  $form_data = null;
1203  if ($this->http->request()->getMethod() === 'POST') {
1204  $form = $form->withRequest($this->http->request());
1205  $form_data = $form->getData();
1206  $form_valid = $form_data !== null;
1207  }
1208 
1209  if (!$form_valid) {
1210  $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1211  return;
1212  }
1213 
1214  $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1215  $account_migration_mode = $account_migration[0];
1216  if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1217  $this->doMigration($account_migration[1]);
1218  } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1219  $this->doMigrationNewAccount();
1220  } else {
1221  $this->showAccountMigration(
1222  $form,
1223  $this->lng->txt('form_input_not_valid')
1224  );
1225  }
1226  }
1227 
1228  private function doMigrationNewAccount(): void
1229  {
1230  $credentials = new ilAuthFrontendCredentials();
1231  $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1232 
1233  $provider_factory = new ilAuthProviderFactory();
1234  $provider = $provider_factory->getProviderByAuthMode(
1235  $credentials,
1236  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1237  );
1238 
1239  $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1240 
1241  $status = ilAuthStatus::getInstance();
1242 
1243  $frontend_factory = new ilAuthFrontendFactory();
1244  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1245  $frontend = $frontend_factory->getFrontend(
1246  $GLOBALS['DIC']['ilAuthSession'],
1247  $status,
1248  $credentials,
1249  [$provider]
1250  );
1251 
1252  if ($frontend->migrateAccountNew()) {
1253  ilInitialisation::redirectToStartingPage();
1254  }
1255 
1256  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1257  $this->ctrl->redirect($this, 'showAccountMigration');
1258  }
1259 
1263  private function doMigration(array $migration_request_data): void
1264  {
1265  $username = $migration_request_data[self::PROP_USERNAME];
1266  $password = $migration_request_data[self::PROP_PASSWORD];
1267 
1268  $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1269 
1270  $credentials = new ilAuthFrontendCredentials();
1271  $credentials->setUsername($username);
1272  $credentials->setPassword($password);
1273 
1274  $provider_factory = new ilAuthProviderFactory();
1275  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1276 
1277  $status = ilAuthStatus::getInstance();
1278 
1279  $frontend_factory = new ilAuthFrontendFactory();
1280  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1281  $frontend = $frontend_factory->getFrontend(
1282  $this->authSession,
1283  $status,
1284  $credentials,
1285  [$provider]
1286  );
1287  $frontend->authenticate();
1288 
1289  switch ($status->getStatus()) {
1290  case ilAuthStatus::STATUS_AUTHENTICATED:
1291  $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1292 
1293  $provider = $provider_factory->getProviderByAuthMode(
1294  $credentials,
1295  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1296  );
1297  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1298  $frontend = $frontend_factory->getFrontend(
1299  $GLOBALS['DIC']['ilAuthSession'],
1300  $status,
1301  $credentials,
1302  [$provider]
1303  );
1304 
1305  if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1306  ilInitialisation::redirectToStartingPage();
1307  }
1308 
1309  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1310  $this->ctrl->redirect($this, 'showAccountMigration');
1311 
1312  // no break
1313  default:
1314  $this->getLogger()->info('Account migration failed for user ' . $username);
1315  $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1316  }
1317  }
1318 
1319  private function showLogout(): void
1320  {
1321  if (!$this->authSession->isExpired() &&
1322  $this->authSession->isAuthenticated() &&
1323  !ilObjUser::_isAnonymous($this->authSession->getUserId())) {
1324  $this->ctrl->redirectToURL(ilUserUtil::getStartingPointAsUrl());
1325  }
1326 
1327  $this->help->setSubScreenId('logout');
1328 
1329  $tpl = self::initStartUpTemplate('tpl.logout.html');
1330  $client_id = $this->http->wrapper()->query()->retrieve(
1331  'client_id',
1332  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1333  );
1334  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1335  $tpl->setCurrentBlock('homelink');
1336  $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1337  $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1338  $tpl->parseCurrentBlock();
1339  }
1340 
1341  $tpl->setVariable('LPE', $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGOUT));
1342  $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1343  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1344  $tpl->setVariable(
1345  'CLIENT_ID',
1346  '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1347  );
1348 
1349  self::printToGlobalTemplate($tpl);
1350  }
1351 
1352  private function doLogout(): void
1353  {
1355  $legal_documents = $this->dic['legalDocuments'];
1356 
1357  $this->eventHandler->raise(
1358  'components/ILIAS/Authentication',
1359  'beforeLogout',
1360  [
1361  'user_id' => $this->user->getId()
1362  ]
1363  );
1364 
1365  $user_language = $this->user->getLanguage();
1366 
1367  $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1368 
1369  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1370  $this->authSession->logout();
1371  $this->eventHandler->raise(
1372  'components/ILIAS/Authentication',
1373  'afterLogout',
1374  [
1375  'username' => $this->user->getLogin(),
1376  'is_explicit_logout' => true,
1377  'used_external_auth_mode' => $used_external_auth_mode,
1378  ]
1379  );
1380 
1381  $target = new ConfigurableLogoutTarget(
1382  $this->ctrl,
1383  new ilSetting('auth'),
1384  $this->access,
1385  ilUtil::_getHttpPath()
1386  );
1387  $target = $legal_documents->logoutTarget($target);
1388  $url = $target->asURI();
1389 
1390  $this->mainTemplate->setOnScreenMessage(
1391  $this->mainTemplate::MESSAGE_TYPE_INFO,
1392  $this->lng->txt('logout_text') . $legal_documents->logoutText(),
1393  true
1394  );
1395 
1396  if ($used_external_auth_mode && (int) $this->user->getAuthMode(true) === ilAuthUtils::AUTH_SAML) {
1397  $this->logger->info('Redirecting user to SAML logout script');
1398  $this->ctrl->redirectToURL(
1399  'saml.php?action=logout&logout_url=' . urlencode((string) $url)
1400  );
1401  }
1402 
1403  // reset cookie
1404  ilUtil::setCookie('ilClientId', '');
1405 
1406  $this->ctrl->setParameter($this, 'lang', $user_language);
1407  $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1408  $this->ctrl->redirectToURL((string) $url);
1409  }
1410 
1411  protected function showLegalDocuments(): void
1412  {
1413  global $DIC;
1414  $tpl = self::initStartUpTemplate(['agreement.html', 'components/ILIAS/LegalDocuments'], true, false);
1415  $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1416  self::printToGlobalTemplate($tpl);
1417  }
1418 
1419  private function processIndexPHP(): void
1420  {
1421  if ($this->authSession->isValid()) {
1422  if (!$this->user->isAnonymous() || ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1423  $this->httpRequest->getServerParams()['SERVER_NAME']
1424  )) {
1425  ilInitialisation::redirectToStartingPage();
1426  return;
1427  }
1428  }
1429 
1430  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1431  ilInitialisation::goToPublicSection();
1432  }
1433 
1434  $this->showLoginPage();
1435  }
1436 
1440  public static function _checkGoto(string $a_target)
1441  {
1442  global $DIC;
1443 
1444  $component_factory = $DIC['component.factory'];
1445 
1446  $access = $DIC->access();
1447 
1448  foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1450  $gui_class = $ui_plugin->getUIClassInstance();
1451  $resp = $gui_class->checkGotoHook($a_target);
1452  if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1453  $a_target = $resp['target'];
1454  break;
1455  }
1456  }
1457 
1458  if ($a_target === '') {
1459  return false;
1460  }
1461 
1462  $t_arr = explode('_', $a_target);
1463  $type = $t_arr[0];
1464 
1465  if ($type === 'git') {
1466  $type = 'glo';
1467  }
1468 
1469  if ($type === 'pg' | $type === 'st') {
1470  $type = 'lm';
1471  }
1472 
1473  $class = $DIC['objDefinition']->getClassName($type);
1474  if ($class === '') {
1475  return false;
1476  }
1477 
1478  $location = $DIC['objDefinition']->getLocation($type);
1479  $full_class = 'ilObj' . $class . 'Access';
1480 
1481  $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1482 
1483  // if no access and repository object => check for parent course/group
1484  if (!$ret &&
1485  isset($t_arr[1]) &&
1486  !str_contains($a_target, '_wsp') &&
1487  !$DIC->user()->isAnonymous() && // #10637
1488  !$DIC['objDefinition']->isAdministrationObject($type) &&
1489  $DIC['objDefinition']->isRBACObject($type)) {
1490  $ref_id = 0;
1491  // original type 'pg' => pg_<page_id>[_<ref_id>]
1492  if ($t_arr[0] === 'pg') {
1493  if (isset($t_arr[2])) {
1494  $ref_id = (int) $t_arr[2];
1495  } else {
1496  $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1497  $ref_ids = ilObject::_getAllReferences($lm_id);
1498  if ($ref_ids) {
1499  $ref_id = array_shift($ref_ids);
1500  }
1501  }
1502  } else {
1503  $ref_id = (int) $t_arr[1];
1504  }
1505 
1506  if ($ref_id < 1) {
1507  return false;
1508  }
1509 
1510  $block_obj = [];
1511 
1512  // walk path to find parent container
1513  $path = $DIC->repositoryTree()->getPathId($ref_id);
1514  array_pop($path);
1515  foreach ($path as $path_ref_id) {
1516  $redirect_infopage = false;
1517  $add_member_role = false;
1518 
1519  $ptype = ilObject::_lookupType($path_ref_id, true);
1520  $pobj_id = ilObject::_lookupObjId($path_ref_id);
1521 
1522  // core checks: timings/object-specific
1523  if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1524  !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1525  // object in path is inaccessible - aborting
1526  return false;
1527  } elseif ($ptype === 'crs') {
1528  // check if already participant
1529  $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1530  if (!$participants->isAssigned()) {
1531  // subscription currently possible?
1532  if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1533  $block_obj[] = $path_ref_id;
1534  $add_member_role = true;
1535  } else {
1536  $redirect_infopage = true;
1537  }
1538  }
1539  } elseif ($ptype === 'grp') {
1540  // check if already participant
1541  if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1542  // subscription currently possible?
1543  $group_obj = new ilObjGroup($path_ref_id);
1544  if ($group_obj->isRegistrationEnabled()) {
1545  $block_obj[] = $path_ref_id;
1546  $add_member_role = true;
1547  } else {
1548  $redirect_infopage = true;
1549  }
1550  }
1551  }
1552 
1553  // add members roles for all 'blocking' objects
1554  if ($add_member_role) {
1555  // cannot join? goto will never work, so redirect to current object
1556  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1557  if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1558  $redirect_infopage = true;
1559  } else {
1560  $DIC->rbac()->system()->addTemporaryRole(
1561  $DIC->user()->getId(),
1562  ilParticipants::getDefaultMemberRole($path_ref_id)
1563  );
1564  }
1565  }
1566 
1567  // redirect to infopage of 1st blocking object in path
1568  if ($redirect_infopage) {
1569  if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1570  ilUtil::redirect(
1571  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1572  );
1573  } else {
1574  return false;
1575  }
1576  }
1577  }
1578 
1579  // check if access will be possible with all (possible) member roles added
1580  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1581  if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1582  // this won't work with lm-pages (see above)
1583  // keep original target
1584  ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1585 
1586  // redirect to 1st non-member object in path
1587  ilUtil::redirect(
1588  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1589  );
1590  }
1591  }
1592 
1593  return $ret;
1594  }
1595 
1596  private function confirmRegistration(): void
1597  {
1598  $this->lng->loadLanguageModule('registration');
1599 
1600  ilUtil::setCookie('iltest', 'cookie', false);
1601  $regitration_hash = trim(
1602  $this->http->wrapper()->query()->retrieve(
1603  'rh',
1604  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1605  )
1606  );
1607  if ($regitration_hash === '') {
1608  $this->mainTemplate->setOnScreenMessage(
1609  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1610  $this->lng->txt('reg_confirmation_hash_not_passed'),
1611  true
1612  );
1613  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1614  }
1615 
1616  try {
1617  $oRegSettings = new ilRegistrationSettings();
1618 
1619  $usr_id = ilObjUser::_verifyRegistrationHash(trim($regitration_hash));
1621  $user = ilObjectFactory::getInstanceByObjId($usr_id);
1622  $user->setActive(true);
1623  $password = '';
1624  if ($oRegSettings->passwordGenerationEnabled()) {
1625  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
1626  $password = $passwords[0];
1627  $user->setPasswd($password, ilObjUser::PASSWD_PLAIN);
1628  $user->setLastPasswordChangeTS(time());
1629  }
1630  $user->update();
1631 
1632  $target = $user->getPref('reg_target') ?? '';
1633  if ($target !== '') {
1634  // Used for ilAccountMail in ilAccountRegistrationMail, which relies on this super global ...
1635  // @todo: fixme
1636  $_GET['target'] = $target;
1637  }
1638 
1639  $accountMail = new ilAccountRegistrationMail(
1640  $oRegSettings,
1641  $this->lng,
1642  ilLoggerFactory::getLogger('user')
1643  );
1644  $accountMail->withEmailConfirmationRegistrationMode()->send($user, $password);
1645 
1646  $this->mainTemplate->setOnScreenMessage(
1647  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
1648  $this->lng->txt('reg_account_confirmation_successful'),
1649  true
1650  );
1651  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1652  } catch (ilRegConfirmationLinkExpiredException $exception) {
1653  $soap_client = new ilSoapClient();
1654  $soap_client->setResponseTimeout(1);
1655  $soap_client->enableWSDL(true);
1656  $soap_client->init();
1657 
1658  $this->logger->info(
1659  'Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...'
1660  );
1661 
1662  $soap_client->call(
1663  'deleteExpiredDualOptInUserObjects',
1664  [
1665  $_COOKIE[session_name()] . '::' . CLIENT_ID,
1666  $exception->getCode() // user id
1667  ]
1668  );
1669 
1670  $this->mainTemplate->setOnScreenMessage(
1671  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1672  $this->lng->txt($exception->getMessage()),
1673  true
1674  );
1675  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1676  } catch (ilRegistrationHashNotFoundException $exception) {
1677  $this->mainTemplate->setOnScreenMessage(
1678  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1679  $this->lng->txt($exception->getMessage()),
1680  true
1681  );
1682  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1683  }
1684  }
1685 
1690  public static function initStartUpTemplate(
1691  $a_tmpl,
1692  bool $a_show_back = false,
1693  bool $a_show_logout = false
1694  ): ilGlobalTemplateInterface {
1695  global $DIC;
1696 
1697  $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1698 
1699  $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'components/ILIAS/Init');
1700 
1701  $view_title = $DIC->language()->txt('login_to_ilias');
1702  if ($a_show_back) {
1703  // #13400
1704  $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1705 
1706  $tpl->setCurrentBlock('link_item_bl');
1707  $tpl->setVariable('LINK_TXT', $view_title);
1708  $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1709  $tpl->parseCurrentBlock();
1710 
1711  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1712  $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1713  $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1714  $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1715  $tpl->parseCurrentBlock();
1716  }
1717  } elseif ($a_show_logout) {
1718  $view_title = $DIC->language()->txt('logout');
1719  $tpl->setCurrentBlock('link_item_bl');
1720  $tpl->setVariable('LINK_TXT', $view_title);
1721  $tpl->setVariable('LINK_URL', self::logoutUrl());
1722  $tpl->parseCurrentBlock();
1723  }
1724 
1725  if (is_array($a_tmpl)) {
1726  $template_file = $a_tmpl[0];
1727  $template_dir = $a_tmpl[1];
1728  } else {
1729  $template_file = $a_tmpl;
1730  $template_dir = 'components/ILIAS/Init';
1731  }
1732 
1733  $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1734 
1735  PageContentProvider::setViewTitle($view_title);
1736  $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1737  if ($short_title === '') {
1738  $short_title = 'ILIAS';
1739  }
1740  PageContentProvider::setShortTitle($short_title);
1741 
1742  $header_title = ilObjSystemFolder::_getHeaderTitle();
1743  PageContentProvider::setTitle($header_title);
1744 
1745  return $tpl;
1746  }
1747 
1748  private function showSamlLoginForm(string $page_editor_html): string
1749  {
1750  if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1751  $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'components/ILIAS/Saml');
1752 
1753  $return = '';
1754  $target = $this->initTargetFromQuery();
1755  if ($target !== '') {
1756  $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1757  }
1758 
1759  $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1760  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1761  $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1762  $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1763  $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1764 
1765  return $this->substituteLoginPageElements(
1766  $GLOBALS['tpl'],
1767  $page_editor_html,
1768  $tpl->get(),
1769  '[list-saml-login]',
1770  'SAML_LOGIN_FORM'
1771  );
1772  }
1773 
1774  return $page_editor_html;
1775  }
1776 
1777  private function showOpenIdConnectLoginForm(string $page_editor_html): string
1778  {
1779  $oidc_settings = ilOpenIdConnectSettings::getInstance();
1780  if ($oidc_settings->getActive()) {
1781  $tpl = new ilTemplate('tpl.login_element.html', true, true, 'components/ILIAS/OpenIdConnect');
1782 
1783  $this->lng->loadLanguageModule('auth');
1784  $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1785 
1786  $target = $this->initTargetFromQuery();
1787  $target_str = empty($target) ? '' : ('?target=' . $target);
1788  switch ($oidc_settings->getLoginElementType()) {
1789  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1790  $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1791  $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1792  break;
1793 
1794  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1795  $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1796  $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1797  break;
1798  }
1799 
1800  return $this->substituteLoginPageElements(
1801  $GLOBALS['tpl'],
1802  $page_editor_html,
1803  $tpl->get(),
1804  '[list-openid-connect-login]',
1805  'OPEN_ID_CONNECT_LOGIN_FORM'
1806  );
1807  }
1808 
1809  return $page_editor_html;
1810  }
1811 
1812  private function doOpenIdConnectAuthentication(): void
1813  {
1814  $this->getLogger()->debug('Trying openid connect authentication');
1815 
1816  $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1817  $credentials->initFromRequest();
1818 
1819  $provider_factory = new ilAuthProviderFactory();
1820  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1821 
1822  $status = ilAuthStatus::getInstance();
1823 
1824  $frontend_factory = new ilAuthFrontendFactory();
1825  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1826  $frontend = $frontend_factory->getFrontend(
1827  $this->authSession,
1828  $status,
1829  $credentials,
1830  [$provider]
1831  );
1832  $frontend->authenticate();
1833 
1834  switch ($status->getStatus()) {
1835  case ilAuthStatus::STATUS_AUTHENTICATED:
1836  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1837  if ($credentials->getRedirectionTarget()) {
1838  ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1839  }
1840  ilInitialisation::redirectToStartingPage();
1841 
1842  // no break
1843  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1844  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1845  $this->ctrl->redirect($this, 'showLoginPage');
1846  }
1847 
1848  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1849  $this->showLoginPage();
1850  }
1851 
1852  private function doSamlAuthentication(): void
1853  {
1854  $this->getLogger()->debug('Trying saml authentication');
1855  $request = $this->httpRequest;
1856  $params = $request->getQueryParams();
1857 
1858  $factory = new ilSamlAuthFactory();
1859  $auth = $factory->auth();
1860 
1861  if (isset($params['action']) && $params['action'] === 'logout') {
1862  $logout_url = $params['logout_url'] ?? '';
1863  $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1864  $auth->logout($logout_url);
1865  }
1866 
1867  if (isset($params['target']) && !isset($params['returnTo'])) {
1868  $params['returnTo'] = $params['target'];
1869  }
1870 
1871  if (isset($params['returnTo'])) {
1872  $auth->storeParam('target', $params['returnTo']);
1873  }
1874 
1875  $this->logger->debug('Started SAML authentication request');
1876  if (!$auth->isAuthenticated()) {
1877  ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1878  if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1879  $activeIdps = ilSamlIdp::getActiveIdpList();
1880  if (count($activeIdps) === 1) {
1881  $idp = current($activeIdps);
1882 
1883  ilLoggerFactory::getLogger('auth')->debug(
1884  sprintf(
1885  'Found exactly one active IDP with id %s: %s',
1886  $idp->getIdpId(),
1887  $idp->getEntityId()
1888  )
1889  );
1890 
1891  $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1892  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1893  $this->ctrl->setTargetScript('saml.php');
1894  $this->ctrl->redirect($this, 'doSamlAuthentication');
1895  } elseif ($activeIdps === []) {
1896  $this->logger->debug('Did not find any active IDP, skipp authentication process');
1897  $this->ctrl->redirect($this, 'showLoginPage');
1898  } else {
1899  $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1900  $this->showSamlIdpSelection($auth, $activeIdps);
1901  return;
1902  }
1903  }
1904 
1905  $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1906  $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1907  }
1908 
1909  $auth = $factory->auth();
1910 
1911  $this->logger->debug('Checking SAML authentication status...');
1912  $auth->protectResource();
1913  $this->logger->debug(
1914  'SAML authentication successful, continuing with ILIAS internal authentication process...'
1915  );
1916 
1917  $idpId = (int) $auth->getParam('idpId');
1918 
1919  $this->logger->debug(
1920  sprintf(
1921  'Internal SAML IDP id fetched from session: %s',
1922  $idpId
1923  )
1924  );
1925 
1926  if ($idpId < 1) {
1927  $this->logger->debug(
1928  'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1929  );
1930  $authData = $auth->getAuthDataArray();
1931  if (isset($authData['saml:sp:IdP'])) {
1932  $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1933  $this->logger->debug(
1934  sprintf(
1935  'Searching active ILIAS IDP by entity id "%s" results in: %s',
1936  $authData['saml:sp:IdP'],
1937  $idpId
1938  )
1939  );
1940  } else {
1941  $this->logger->debug(
1942  'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1943  );
1944  }
1945  }
1946 
1947  $target = $auth->popParam('target');
1948 
1949  $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1950 
1951  $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1952  $credentials->initFromRequest();
1953 
1954  $provider_factory = new ilAuthProviderFactory();
1955  $provider = $provider_factory->getProviderByAuthMode(
1956  $credentials,
1957  ilUtil::stripSlashes(
1958  ilAuthUtils::AUTH_SAML . '_' . $idpId
1959  )
1960  );
1961 
1962  if ($target) {
1963  $credentials->setReturnTo($target);
1964  } else {
1965  $target = $credentials->getReturnTo();
1966  }
1967 
1968  $status = ilAuthStatus::getInstance();
1969 
1970  $frontend_factory = new ilAuthFrontendFactory();
1971  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1972  $frontend = $frontend_factory->getFrontend(
1973  $this->authSession,
1974  $status,
1975  $credentials,
1976  [$provider]
1977  );
1978  $frontend->authenticate();
1979 
1980  switch ($status->getStatus()) {
1981  case ilAuthStatus::STATUS_AUTHENTICATED:
1982  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1983  ilInitialisation::redirectToStartingPage($target ?? '');
1984 
1985  // no break
1986  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1987  $this->ctrl->redirect($this, 'showAccountMigration');
1988 
1989  // no break
1990  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1991  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1992  $this->ctrl->redirect($this, 'showLoginPage');
1993  }
1994 
1995  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1996  $this->showLoginPage();
1997  }
1998 
2002  private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
2003  {
2004  $this->help->setSubScreenId('saml_idp_selection');
2005 
2006  self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'components/ILIAS/Saml']);
2007 
2008  $this->ctrl->setTargetScript('saml.php');
2009  $items = [];
2010  foreach ($idps as $idp) {
2011  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
2012  $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
2013 
2014  $items[] = $this->ui_factory->link()->standard(
2015  $idp->getEntityId(),
2016  $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
2017  );
2018  }
2019 
2020  $components = [
2021  $this->ui_factory->panel()->standard(
2022  $this->lng->txt('auth_saml_idp_selection_table_title'),
2023  [
2024  $this->ui_factory->messageBox()->info($this->lng->txt('auth_saml_idp_selection_table_desc')),
2025  $this->ui_factory->listing()->unordered(
2026  array_map(
2027  fn($item) => $this->ui_renderer->render($item),
2028  $items
2029  )
2030  )
2031  ]
2032  )
2033  ];
2034 
2035  $this->mainTemplate->setVariable('CONTENT', $this->ui_renderer->render($components));
2036  $this->mainTemplate->printToStdout('DEFAULT', false);
2037  }
2038 
2044  public static function logoutUrl(array $parameters = []): string
2045  {
2046  global $DIC;
2047 
2048  $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
2049  $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
2050 
2051  $DIC->ctrl()->setTargetScript('logout.php');
2052  $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
2053  $DIC->ctrl()->setTargetScript('ilias.php');
2054 
2055  return $url;
2056  }
2057 }
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:146
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $a_unlimited)
Definition: class.ilObjUser.php:1793
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:44
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:117
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection...
Definition: class.ilStartUpGUI.php:1690
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:23
$_GET
$_GET["client_id"]
Definition: webdav.php:30
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:374
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:61
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:872
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:273
ilStartUpGUI\setForcedCommand
static setForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:97
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilStartUpGUI\showAccountMigration
showAccountMigration(?ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1182
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:397
ilObjUser\_verifyRegistrationHash
static _verifyRegistrationHash(string $a_hash)
Verifies a registration hash.
Definition: class.ilObjUser.php:3756
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:29
ilAccountRegistrationGUI
Class ilAccountRegistrationGUI.
Definition: class.ilAccountRegistrationGUI.php:26
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$location
$location
Definition: buildRTE.php:22
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:51
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:31
ilRegConfirmationLinkExpiredException
Class for user related exception handling in ILIAS.
Definition: class.ilRegConfirmationLinkExpiredException.php:25
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:561
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
array_map
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:390
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:809
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:27
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:37
ilStartUpGUI\checkForcedCommand
checkForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:102
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:910
$url
$url
Definition: shib_logout.php:66
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
$duration
$duration
Definition: LOMStructure.php:54
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1783
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:357
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1112
$path
$path
Definition: ltiservices.php:29
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:61
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1267
$components
$components
Definition: build_bootstrap.php:58
ilAuthFrontendCredentialsLTI
Auth credentials for lti oauth based authentication.
Definition: class.ilAuthFrontendCredentialsLTI.php:27
ilStartUpGUI\$forced_cmd
static string $forced_cmd
Definition: class.ilStartUpGUI.php:46
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:42
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilCtrlBaseClassInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlBaseClassInterface.php:37
$provider
$provider
Definition: ltitoken.php:80
ilStartUpGUI\getAuthPageEditorHtml
getAuthPageEditorHtml(AuthPageEditorContext $ipe_context)
Definition: class.ilStartUpGUI.php:1005
ilObjUser\setActive
setActive(bool $a_active, int $a_owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1690
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1777
$messages
$messages
Definition: xapiexit.php:21
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:904
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages) ...
Definition: class.ilPageUtil.php:31
$ref_id
$ref_id
Definition: ltiauth.php:65
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:58
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:2044
ilStartUpGUI\showLoginPage
showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:276
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:846
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1274
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:33
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:231
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ilObjUser\getPref
getPref(string $a_keyword)
Definition: class.ilObjUser.php:1063
$param
$param
Definition: xapitoken.php:46
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:32
$DIC
global $DIC
Definition: shib_login.php:22
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:66
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:337
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:54
ilStartUpGUI\showCodeForm
showCodeForm(?string $username=null, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:387
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:43
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1569
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:985
ilObjUser\_isAnonymous
static _isAnonymous(int $usr_id)
Definition: class.ilObjUser.php:4039
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:937
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilObjUser\setLastPasswordChangeTS
setLastPasswordChangeTS(int $a_last_password_change_ts)
Definition: class.ilObjUser.php:1526
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:569
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:37
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1263
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1321
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:286
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1032
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:55
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1849
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:429
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1085
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:63
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:56
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:2002
ilAuthFrontendCredentialsShibboleth
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentialsShibboleth.php:25
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:563
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:202
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:60
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:429
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:31
$client_id
$client_id
Definition: ltiauth.php:66
$message
$message
Definition: xapiexit.php:31
ILIAS\UI\examples\Symbol\Glyph\Language\language
language()
description: > Example for rendring a language glyph.
Definition: language.php:41
ilRegistrationHashNotFoundException
Class for user related exception handling in ILIAS.
Definition: class.ilRegistrationHashNotFoundException.php:26
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:53
ilAuthPageEditorSettings\getInstance
static getInstance(AuthPageEditorContext $context)
Definition: class.ilAuthPageEditorSettings.php:46
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:216
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:322
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:29
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:139
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393
ilStartUpGUI\__construct
__construct(?ilObjUser $user=null, ?ilGlobalTemplateInterface $mainTemplate=null, ?ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:66
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:64
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:355
ilAuthFrontendCredentialsCAS
Auth frontend credentials for CAS auth.
Definition: class.ilAuthFrontendCredentialsCAS.php:25
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1748
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
ilStartUpGUI\showCASLoginForm
showCASLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:881
ilStartUpGUI\buildCodeForm
buildCodeForm(?string $username=null)
Definition: class.ilStartUpGUI.php:400
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:678