ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
class.ilStartUpGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Registration\DualOptIn\Exception\DualOptInException;
22use ILIAS\Registration\DualOptIn\Repository\PendingRegistrationDatabaseRepository;
23use ILIAS\Registration\DualOptIn\Service\DualOptInServiceImpl;
24use ILIAS\Registration\DualOptIn\ValueObjects\PendingRegistrationHash;
25use Psr\Http\Message\ServerRequestInterface;
26use ILIAS\UICore\PageContentProvider;
27use ILIAS\Refinery\Factory as RefineryFactory;
28use ILIAS\HTTP\Services as HTTPServices;
29use ILIAS\TermsOfService\Consumer as TermsOfService;
30use ILIAS\DataProtection\Consumer as DataProtection;
31use ILIAS\components\Authentication\Logout\ConfigurableLogoutTarget;
32use ILIAS\LegalDocuments\Conductor;
33use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
34use ILIAS\AuthApache\AuthFrontendCredentialsApache;
35
41class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
42{
43 private const PROP_USERNAME = 'username';
44 private const PROP_PASSWORD = 'password';
45 private const PROP_AUTH_MODE = 'auth_mode';
46 private const PROP_CODE = 'code';
47 private const PROP_ACCOUNT_MIGRATION = 'account_migration';
48 private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
49 private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
50
51 private static string $forced_cmd = '';
52
53 private ilCtrlInterface $ctrl;
54 private ilLanguage $lng;
55 private ilLogger $logger;
56 private ilGlobalTemplateInterface $mainTemplate;
57 private ilObjUser $user;
58 private ServerRequestInterface $httpRequest;
59 private ILIAS\DI\Container $dic;
60 private ilAuthSession $authSession;
61 private ilAppEventHandler $eventHandler;
62 private ilSetting $setting;
63 private ilAccessHandler $access;
64 private ilDBInterface $db;
65
66 private RefineryFactory $refinery;
67 private HTTPServices $http;
68 private ilHelpGUI $help;
69 private ILIAS\UI\Factory $ui_factory;
70 private ILIAS\UI\Renderer $ui_renderer;
71
72 public function __construct(
73 ?ilObjUser $user = null,
74 ?ilGlobalTemplateInterface $mainTemplate = null,
75 ?ServerRequestInterface $httpRequest = null
76 ) {
77 global $DIC;
78
79 $this->dic = $DIC;
80
81 $this->user = $user ?? $DIC->user();
82 $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
83 $this->httpRequest = $httpRequest ?? $DIC->http()->request();
84 $this->ctrl = $DIC->ctrl();
85 $this->lng = $DIC->language();
86 $this->lng->loadLanguageModule('auth');
87 $this->logger = ilLoggerFactory::getLogger('init');
88 $this->authSession = $DIC['ilAuthSession'];
89 $this->eventHandler = $DIC->event();
90 $this->setting = $DIC->settings();
91 $this->access = $DIC->access();
92 $this->db = $DIC->database();
93 $this->help = $DIC->help();
94 $this->http = $DIC->http();
95 $this->refinery = $DIC->refinery();
96 $this->ui_factory = $DIC->ui()->factory();
97 $this->ui_renderer = $DIC->ui()->renderer();
98
99 $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
100 $this->user->setLanguage($this->lng->getLangKey());
101 $this->help->setScreenIdComponent('init');
102 }
103
104 public static function setForcedCommand(string $cmd): void
105 {
106 self::$forced_cmd = $cmd;
107 }
108
109 private function checkForcedCommand(string $cmd): string
110 {
111 if (self::$forced_cmd) {
112 $cmd = self::$forced_cmd;
113 self::$forced_cmd = '';
114 }
115
116 return $cmd;
117 }
118
119 private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
120 {
121 return $this->refinery->custom()->transformation(static function (array $values): array {
122 return array_merge(...$values);
123 });
124 }
125
126 private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
127 {
128 return $this->refinery->custom()->transformation(static function (array $values): array {
129 $processed_values = array_merge(
130 ilArrayUtil::stripSlashesRecursive($values),
131 isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
132 );
133
134 return $processed_values;
135 });
136 }
137
138 private function initTargetFromQuery(): string
139 {
140 return $this->http->wrapper()->query()->retrieve(
141 'target',
142 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
143 );
144 }
145
146 public function getUnsafeGetCommands(): array
147 {
148 return [
149 'doLogout'
150 ];
151 }
152
153 public function getSafePostCommands(): array
154 {
155 return [
156 'doStandardAuthentication',
157 'doLTIAuthentication'
158 ];
159 }
160
161 public function executeCommand(): void
162 {
163 $cmd = $this->checkForcedCommand($this->ctrl->getCmd('processIndexPHP'));
164
165 $next_class = $this->ctrl->getNextClass($this) ?? '';
166
167 switch (strtolower($next_class)) {
168 case strtolower(ilLoginPageGUI::class):
169 break;
170
171 case strtolower(ilAccountRegistrationGUI::class):
172 $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
173 return;
174
175 case strtolower(ilPasswordAssistanceGUI::class):
176 $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
177 return;
178
179 case strtolower(ilAccessibilityControlConceptGUI::class):
180 $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
181 return;
182
183 default:
184 if (method_exists($this, $cmd)) {
185 $this->$cmd();
186 return;
187 }
188 }
189
190 // because this class now implements ilCtrlSecurityInterface,
191 // it may occur that commands are null, therefore I added
192 // this as a fallback method.
193 $this->showLoginPageOrStartupPage();
194 }
195
196 private function getLogger(): ilLogger
197 {
198 return $this->logger;
199 }
200
201 private function jumpToRegistration(): void
202 {
203 $this->ctrl->redirectByClass(ilAccountRegistrationGUI::class);
204 }
205
206 private function jumpToPasswordAssistance(): void
207 {
208 $this->ctrl->saveParameterByClass(ilPasswordAssistanceGUI::class, 'key');
209 $this->ctrl->redirectByClass(ilPasswordAssistanceGUI::class);
210 }
211
212 private function showLoginPageOrStartupPage(): void
213 {
222 if ($this->authSession->isValid() && $this->authSession->getUserId() > 0 && !$this->user->isAnonymous()) {
223 ilInitialisation::redirectToStartingPage();
224 }
225
226 $is_forced_login = $this->http->wrapper()->query()->retrieve(
227 'cmd',
228 $this->refinery->byTrying([
229 $this->refinery->kindlyTo()->string(),
230 $this->refinery->always(
231 $this->http->wrapper()->post()->retrieve(
232 'cmd',
233 $this->refinery->byTrying([
234 $this->refinery->kindlyTo()->string(),
235 $this->refinery->always('')
236 ])
237 )
238 )
239 ])
240 ) === 'force_login';
241
242 if ($is_forced_login) {
243 // Only allow this for anonymous user, see: showLoginPageOrStartupPage
244 $this->logger->debug('Force login');
245 $messages = [];
246 if ($this->authSession->isValid()) {
247 $messages = $this->retrieveMessagesFromSession();
248 $this->logger->debug('Valid session -> logout current user');
249 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
250 $this->authSession->logout();
251
252 $this->eventHandler->raise(
253 'components/ILIAS/Authentication',
254 'afterLogout',
255 [
256 'username' => $this->user->getLogin(),
257 'is_explicit_logout' => false,
258 ]
259 );
260
261 $this->dic->user()->setId($this->authSession->getUserId());
262 $this->dic->user()->read();
263 }
264
265 $this->logger->debug('Show login page');
266 foreach ($messages as $type => $content) {
267 $this->mainTemplate->setOnScreenMessage($type, $content);
268 }
269
270 $this->showLoginPage();
271 return;
272 }
273
274 if ($this->authSession->isValid()) {
275 $this->logger->debug('Valid session -> redirect to starting page');
276 ilInitialisation::redirectToStartingPage();
277 return;
278 }
279
280 $this->logger->debug('No valid session -> show login');
281 $this->showLoginPage();
282 }
283
284 private function showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
285 {
286 global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
287
288 $this->help->setSubScreenId('login');
289
290 $this->getLogger()->debug('Showing login page');
291
292 $extUid = $this->http->wrapper()->query()->retrieve(
293 'ext_uid',
294 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
295 );
296
297 $soapPw = $this->http->wrapper()->query()->retrieve(
298 'soap_pw',
299 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
300 );
301
302 $credentials = new ilAuthFrontendCredentialsSoap(
303 $GLOBALS['DIC']->http()->request(),
304 $this->ctrl,
305 $this->setting
306 );
307
308 $credentials->setUsername($extUid);
309 $credentials->setPassword($soapPw);
310 $credentials->tryAuthenticationOnLoginPage();
311
312 $frontend = new AuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
313 $frontend->tryAuthenticationOnLoginPage();
314
315 $tpl = self::initStartUpTemplate('tpl.login.html');
316 $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
317 $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
318
319 $page_editor_html = $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGIN);
320 $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
321 $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
322 $page_editor_html = $this->showLoginForm($page_editor_html, $form);
323 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
324 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
325 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
326 $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
327 $page_editor_html = $this->purgePlaceholders($page_editor_html);
328
329 // check expired session and send message
330 if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
331 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
332 } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
333 $this->lng->loadLanguageModule('registration');
334 $message_key = $this->http->wrapper()->query()->retrieve(
335 'reg_confirmation_msg',
336 $this->refinery->kindlyTo()->string()
337 );
338 $message_type = $message_key === 'reg_account_confirmation_successful' ?
339 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
340 $this->mainTemplate->setOnScreenMessage(
341 $message_type,
342 $this->lng->txt($message_key)
343 );
344 }
345
346 if ($page_editor_html !== '') {
347 $tpl->setVariable('LPE', $page_editor_html);
348 }
349
350 if ($this->authSession->isExpired()) {
351 // The usr_id is is still the one of the former logged-in user, so we have to unset it
352 $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
353 $this->dic->user()->setId($this->authSession->getUserId());
354 $this->dic->user()->read();
355 }
356
357 $this->mainTemplate->setPermanentLink('auth', null, 'login');
358 self::printToGlobalTemplate($tpl);
359 }
360
364 public static function printToGlobalTemplate($tpl): void
365 {
366 global $DIC;
367 $gtpl = $DIC['tpl'];
368 $gtpl->setContent($tpl->get());
369 $gtpl->printToStdout('DEFAULT', false, true);
370 }
371
375 private function retrieveMessagesFromSession(): array
376 {
377 $messages = [];
378 $message_types = [
379 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
380 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
381 ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
382 ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
383 ];
384
385 foreach ($message_types as $message_type) {
386 if (ilSession::get($message_type)) {
387 $messages[$message_type] = ilSession::get($message_type);
388 }
389 }
390
391 return $messages;
392 }
393
394 private function showCodeForm(
395 ?string $username = null,
396 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
397 ): void {
398 $this->help->setSubScreenId('code_input');
399
400 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
401
402 $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
403 $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
404 self::printToGlobalTemplate($tpl);
405 }
406
407 private function buildCodeForm(?string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
408 {
409 $this->lng->loadLanguageModule('auth');
410
411 $field_factory = $this->ui_factory->input()->field();
412
413 $username_field = $field_factory
414 ->hidden()
415 ->withRequired(true);
416 if ($username !== null) {
417 $username_field = $username_field->withValue($username);
418 }
419
420 return $this->ui_factory
421 ->input()
422 ->container()
423 ->form()
424 ->standard(
425 $this->ctrl->getFormAction($this, 'processCode'),
426 [
427 $field_factory->section(
428 [
429 self::PROP_CODE => $field_factory
430 ->text(
431 $this->lng->txt('auth_account_code'),
432 $this->lng->txt('auth_account_code_info')
433 )
434 ->withRequired(true),
435 // #11658
436 self::PROP_USERNAME => $username_field,
437 ],
438 $this->lng->txt('auth_account_code_title'),
439 ),
440 ]
441 )
442 ->withSubmitLabel($this->lng->txt('send'))
443 ->withAdditionalTransformation($this->mergeValuesTrafo())
444 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
445 }
446
447 private function processCode(): void
448 {
449 $form = $this->buildCodeForm();
450 $form_valid = false;
451 $form_data = null;
452 if ($this->http->request()->getMethod() === 'POST') {
453 $form = $form->withRequest($this->http->request());
454 $form_data = $form->getData();
455 $form_valid = $form_data !== null;
456 }
457
458 $uname = null;
459 if ($form_valid) {
460 $code = $form_data[self::PROP_CODE];
461 $uname = $form_data[self::PROP_USERNAME];
462 if (ilRegistrationCode::isUnusedCode($code)) {
463 $valid_until = ilRegistrationCode::getCodeValidUntil($code);
464 if (!$user_id = ilObjUser::_lookupId($uname)) {
465 $this->showLoginPage();
466 return;
467 }
468 $invalid_code = false;
469 $user = new ilObjUser($user_id);
470 if ($valid_until === '0') {
471 $user->setTimeLimitUnlimited(true);
472 } else {
473 if (is_numeric($valid_until)) {
474 $valid_until = strtotime('+' . $valid_until . 'days');
475 } else {
476 $valid_until = explode('-', $valid_until);
477 $valid_until = mktime(
478 23,
479 59,
480 59,
481 (int) $valid_until[1],
482 (int) $valid_until[2],
483 (int) $valid_until[0]
484 );
485 if ($valid_until < time()) {
486 $invalid_code = true;
487 }
488 }
489
490 if (!$invalid_code) {
491 $user->setTimeLimitUnlimited(false);
492 $user->setTimeLimitUntil($valid_until);
493 }
494 }
495
496 if (!$invalid_code) {
497 $user->setActive(true);
498 ilRegistrationCode::useCode($code);
499 // apply registration code role assignments
500 ilRegistrationCode::applyRoleAssignments($user, $code);
501 // apply registration code tie limits
502 ilRegistrationCode::applyAccessLimits($user, $code);
503
504 $user->update();
505
506 $this->ctrl->setParameter($this, 'cu', 1);
507 $this->lng->loadLanguageModule('auth');
508 $this->mainTemplate->setOnScreenMessage(
509 'success',
510 $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
511 true
512 );
513 $this->ctrl->redirect($this, 'showLoginPage');
514 }
515 }
516
517 $this->lng->loadLanguageModule('user');
518 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
519 } else {
520 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
521 }
522
523 $this->showCodeForm($uname, $form);
524 }
525
526 private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
527 {
528 $field_factory = $this->ui_factory->input()->field();
529
530 $fields = [];
531 $det = ilAuthModeDetermination::_getInstance();
532 if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
533 $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
534 $visible_auth_methods = [];
535 foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
536 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
537 continue;
538 }
539
540 $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
541
542 if (isset($option['checked'])) {
543 $auth_mode = $auth_mode->withValue($key);
544 }
545 $visible_auth_methods[] = $key;
546 }
547
548 if (count($visible_auth_methods) === 1) {
549 $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
550 }
551
552 $fields[self::PROP_AUTH_MODE] = $auth_mode;
553 }
554
555 $fields += [
556 self::PROP_USERNAME => $field_factory
557 ->text($this->lng->txt('username'))
558 ->withRequired(
559 true,
560 $this->refinery->custom()->constraint(
561 static function (string $value): bool {
562 return $value !== '';
563 },
564 static function (Closure $lng, string $value): string {
565 return $lng('auth_required_username');
566 }
567 )
568 ),
569 self::PROP_PASSWORD => $field_factory
570 ->password($this->lng->txt('password'))
571 ->withRevelation(true)
572 ->withRequired(
573 true,
574 $this->refinery->custom()->constraint(
575 static function (string $value): bool {
576 return $value !== '';
577 },
578 static function (Closure $lng, string $value): string {
579 return $lng('auth_required_password');
580 }
581 )
582 )
583 ->withAdditionalTransformation(
584 $this->refinery->custom()->transformation(
585 static function (ILIAS\Data\Password $value): string {
586 return $value->toString();
587 }
588 )
589 ),
590 ];
591
592 $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias_via_login_form'))];
593
594 return $this->ui_factory
595 ->input()
596 ->container()
597 ->form()
598 ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
599 ->withDedicatedName('login_form')
600 ->withSubmitLabel($this->lng->txt('log_in'))
601 ->withAdditionalTransformation($this->mergeValuesTrafo())
602 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
603 }
604
605 private function doLTIAuthentication(): void
606 {
607 $this->getLogger()->debug('Trying lti authentication');
608
609 $credentials = new ilAuthFrontendCredentialsLTI();
610 $credentials->initFromRequest();
611
612 $provider_factory = new ilAuthProviderFactory();
613 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
614
615 $status = ilAuthStatus::getInstance();
616
617 $frontend_factory = new ilAuthFrontendFactory();
618 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
619 $frontend = $frontend_factory->getFrontend(
620 $this->authSession,
621 $status,
622 $credentials,
623 [$provider]
624 );
625 $frontend->authenticate();
626
627 setcookie(session_name(), session_id(), [
628 'expires' => 0,
629 'path' => rtrim(IL_COOKIE_PATH, '/'),
630 'domain' => IL_COOKIE_DOMAIN,
631 'secure' => true,
632 'httponly' => true,
633 'samesite' => 'None'
634 ]);
635
636 $lti_context_ids = ilSession::get("lti_context_ids");
637
638 if (is_array($lti_context_ids) && isset($lti_context_ids[0])) {
639 $ref_id = $lti_context_ids[0];
640 $obj_type = ilObject::_lookupType($ref_id, true);
641 ilSession::set('orig_request_target', "goto.php?target=" . $obj_type . "_" . $ref_id . "&lti_context_id=" . $ref_id);
642 }
643
644 switch ($status->getStatus()) {
645 case ilAuthStatus::STATUS_AUTHENTICATED:
646 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
647 ilInitialisation::redirectToStartingPage();
648
649 // no break
650 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
651 $this->ctrl->redirect($this, 'showAccountMigration');
652
653 // no break
654 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
655 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
656 $this->ctrl->redirect($this, 'showLoginPage');
657 }
658
659 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
660 $this->showLoginPage();
661 }
662
663 private function doApacheAuthentication(): void
664 {
665 $this->getLogger()->debug('Trying apache authentication');
666
667 $credentials = new AuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
668 $credentials->initFromRequest();
669
670 $provider_factory = new ilAuthProviderFactory();
671 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
672
673 $status = ilAuthStatus::getInstance();
674
675 $frontend_factory = new \ilAuthFrontendFactory();
676 $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
677 $frontend = $frontend_factory->getFrontend(
678 $this->authSession,
679 $status,
680 $credentials,
681 [$provider]
682 );
683 $frontend->authenticate();
684
685 switch ($status->getStatus()) {
686 case ilAuthStatus::STATUS_AUTHENTICATED:
687 if ($credentials->hasValidTargetUrl()) {
688 $this->logger->debug(
689 sprintf(
690 'Authentication successful. Redirecting to starting page: %s',
691 $credentials->getTargetUrl()
692 )
693 );
694 $this->ctrl->redirectToURL($credentials->getTargetUrl());
695 }
696 $this->logger->debug(
697 'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
698 );
699 ilInitialisation::redirectToStartingPage();
700
701 // no break
702 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
703 $this->ctrl->redirect($this, 'showAccountMigration');
704
705 // no break
706 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
707 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
708 $this->ctrl->redirectToURL(
709 ilUtil::appendUrlParameterString(
710 $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
711 'passed_sso=1'
712 )
713 );
714 }
715
716 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
717 $this->showLoginPage();
718 }
719
720 private function doStandardAuthentication(): void
721 {
722 $form = $this->buildStandardLoginForm();
723 $form_valid = false;
724 $form_data = null;
725 if ($this->http->request()->getMethod() === 'POST') {
726 $form = $form->withRequest($this->http->request());
727 $form_data = $form->getData();
728 $form_valid = $form_data !== null;
729 }
730
731 if (!$form_valid) {
732 $this->showLoginPage($form);
733 return;
734 }
735
736 $this->getLogger()->debug('Trying to authenticate user.');
737
738 $auth_callback = function () use ($form_data) {
739 $credentials = new ilAuthFrontendCredentials();
740 $credentials->setUsername($form_data[self::PROP_USERNAME]);
741 $credentials->setPassword($form_data[self::PROP_PASSWORD]);
742
743 $det = ilAuthModeDetermination::_getInstance();
744 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
745 $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
746 }
747
748 $provider_factory = new ilAuthProviderFactory();
749 $providers = $provider_factory->getProviders($credentials);
750
751 $status = ilAuthStatus::getInstance();
752
753 $frontend_factory = new ilAuthFrontendFactory();
754 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
755 $frontend = $frontend_factory->getFrontend(
756 $this->authSession,
757 $status,
758 $credentials,
759 $providers
760 );
761 $frontend->authenticate();
762
763 return $status;
764 };
765
766 if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
767 $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
768 $status = $duration->stretch($auth_callback);
769 } else {
770 $status = $auth_callback();
771 }
772
773 switch ($status->getStatus()) {
774 case ilAuthStatus::STATUS_AUTHENTICATED:
775 ilLoggerFactory::getLogger('auth')->debug(
776 'Authentication successful; Redirecting to starting page.'
777 );
778 ilInitialisation::redirectToStartingPage();
779
780 // no break
781 case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
782 $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
783 $this->showLoginPage($this->buildCodeForm($uname));
784 return;
785
786 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
787 $this->ctrl->redirect($this, 'showAccountMigration');
788
789 // no break
790 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
791 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
792 $this->showLoginPage($form);
793 }
794 }
795
796 private function showLoginForm(
797 string $page_editor_html,
798 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
799 ): string {
800 global $tpl;
801
802 return $this->substituteLoginPageElements(
803 $tpl,
804 $page_editor_html,
805 $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
806 '[list-login-form]',
807 'LOGIN_FORM'
808 );
809 }
810
811 private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
812 {
813 if ($page_editor_html !== '') {
814 return $page_editor_html;
815 }
816
817 return $page_editor_html;
818 }
819
820 private function showShibbolethLoginForm(string $page_editor_html): string
821 {
822 $target = $this->initTargetFromQuery();
823
824 if ($this->setting->get('shib_active')) {
825 $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'components/ILIAS/Init');
826
827 $tpl->setVariable(
828 'SHIB_FORMACTION',
829 './shib_login.php'
830 ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
831 $federation_name = $this->setting->get('shib_federation_name');
832 $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
833 'administrator'
834 ) . '</a>.';
835 if ($this->setting->get('shib_hos_type') === 'external_wayf') {
836 $tpl->setCurrentBlock('shibboleth_login');
837 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
838 $tpl->setVariable('IL_TARGET', $target);
839 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
840 $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
841 $tpl->setVariable(
842 'TXT_SHIB_LOGIN_INSTRUCTIONS',
843 sprintf(
844 $this->lng->txt('shib_general_login_instructions'),
845 $federation_name,
846 $admin_mail
847 )
848 );
849 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
850 $tpl->parseCurrentBlock();
851 } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
852 $tpl->setCurrentBlock('shibboleth_custom_login');
853 $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
854 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
855 $tpl->parseCurrentBlock();
856 } else {
857 $tpl->setCurrentBlock('shibboleth_wayf_login');
858 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
859 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
860 $tpl->setVariable(
861 'TXT_SELECT_HOME_ORGANIZATION',
862 sprintf(
863 $this->lng->txt('shib_select_home_organization'),
864 $this->setting->get('shib_federation_name')
865 )
866 );
867 $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
868 $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
869 $tpl->setVariable(
870 'TXT_SHIB_LOGIN_INSTRUCTIONS',
871 sprintf(
872 $this->lng->txt('shib_general_wayf_login_instructions'),
873 $admin_mail
874 )
875 );
876 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
877
878 $ilShibbolethWAYF = new ilShibbolethWAYF();
879
880 $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
881 $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
882 $tpl->setVariable('ILW_TARGET', $target);
883 $tpl->parseCurrentBlock();
884 }
885
886 return $this->substituteLoginPageElements(
887 $GLOBALS['tpl'],
888 $page_editor_html,
889 $tpl->get(),
890 '[list-shibboleth-login-form]',
891 'SHIB_LOGIN_FORM'
892 );
893 }
894
895 return $page_editor_html;
896 }
897
901 private function substituteLoginPageElements(
902 $tpl,
903 string $page_editor_html,
904 string $element_html,
905 string $placeholder,
906 string $fallback_tplvar
907 ): string {
908 if ($page_editor_html === '') {
909 $tpl->setVariable($fallback_tplvar, $element_html);
910 return $page_editor_html;
911 }
912
913 if (stripos($page_editor_html, $placeholder) === false) {
914 $tpl->setVariable($fallback_tplvar, $element_html);
915 return $page_editor_html;
916 }
917
918 return str_replace($placeholder, $element_html, $page_editor_html);
919 }
920
921 private function getAuthPageEditorHtml(AuthPageEditorContext $ipe_context): string
922 {
923 $ipe_settings = ilAuthPageEditorSettings::getInstance($ipe_context);
924
925 $ipe_language = $ipe_settings->getIliasEditorLanguage($this->lng->getLangKey());
926 if (!$ipe_language) {
927 return '';
928 }
929
930 // if page does not exist, return nothing
931 if (!ilPageUtil::_existsAndNotEmpty($ipe_context->pageType(), ilLanguage::lookupId($ipe_language))) {
932 return '';
933 }
934
935 $this->dic->contentStyle()->gui()->addCss($this->mainTemplate, ilObjAuthSettings::getAuthSettingsRefId());
936
937 $page_gui = new ($ipe_context->pageUiClass())(ilLanguage::lookupId($ipe_language));
938
939 $page_gui->setStyleId(0);
940
941 $page_gui->setPresentationTitle('');
942 $page_gui->setTemplateOutput(false);
943 $page_gui->setHeader('');
944
945 return $page_gui->showPage();
946 }
947
948 private function showRegistrationLinks(string $page_editor_html): string
949 {
950 global $tpl;
951
952 $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'components/ILIAS/Init');
953
954 // allow new registrations?
955 if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
956 $rtpl->setCurrentBlock('new_registration');
957 $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
958 $rtpl->setVariable(
959 'CMD_REGISTER',
960 $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
961 );
962 $rtpl->parseCurrentBlock();
963 }
964 // allow password assistance? Surpress option if Authmode is not local database
965 if ($this->setting->get('password_assistance')) {
966 $rtpl->setCurrentBlock('password_assistance');
967 $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
968 $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
969 $rtpl->setVariable(
970 'CMD_FORGOT_PASSWORD',
971 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
972 );
973 $rtpl->setVariable(
974 'CMD_FORGOT_USERNAME',
975 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
976 );
977 $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
978 $rtpl->parseCurrentBlock();
979 }
980
981 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
982 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
983 $rtpl->setCurrentBlock('homelink');
984 $rtpl->setVariable(
985 'CLIENT_ID',
986 '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
987 );
988 $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
989 $rtpl->parseCurrentBlock();
990 }
991
992 return $this->substituteLoginPageElements(
993 $tpl,
994 $page_editor_html,
995 $rtpl->get(),
996 '[list-registration-link]',
997 'REG_PWD_CLIENT_LINKS'
998 );
999 }
1000
1001 private function showLegalDocumentsLinks(string $page_editor_html): string
1002 {
1003 global $tpl;
1004 global $DIC;
1005
1006 if (0 === $this->user->getId()) {
1007 $this->user->setId(ANONYMOUS_USER_ID);
1008 }
1009
1010 $page_editor_html = $this->substituteLoginPageElements(
1011 $tpl,
1012 $page_editor_html,
1013 $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
1014 '[list-user-agreement]',
1015 'USER_AGREEMENT'
1016 );
1017 $page_editor_html = $this->substituteLoginPageElements(
1018 $tpl,
1019 $page_editor_html,
1020 $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
1021 '[list-dpro-agreement]',
1022 'DPRO_AGREEMENT'
1023 );
1024
1025 return $page_editor_html;
1026 }
1027
1028 private function purgePlaceholders(string $page_editor_html): string
1029 {
1030 return str_replace(
1031 [
1032 '[list-language-selection]',
1033 '[list-registration-link]',
1034 '[list-user-agreement]',
1035 '[list-dpro-agreement]',
1036 '[list-login-form]',
1037 '[list-saml-login]',
1038 '[list-shibboleth-login-form]',
1039 '[list-openid-connect-login]'
1040 ],
1041 '',
1042 $page_editor_html
1043 );
1044 }
1045
1046 private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1047 {
1048 $field_factory = $this->ui_factory->input()->field();
1049
1050 $keep = $field_factory->group(
1051 [
1052 self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1053 self::PROP_PASSWORD => $field_factory
1054 ->password($this->lng->txt('password'))
1055 ->withRequired(true)
1056 ->withRevelation(true)
1057 ->withAdditionalTransformation(
1058 $this->refinery->custom()->transformation(
1059 static function (ILIAS\Data\Password $value): string {
1060 return $value->toString();
1061 }
1062 )
1063 ),
1064 ],
1065 $this->lng->txt('auth_account_migration_keep'),
1066 $this->lng->txt('auth_info_migrate')
1067 );
1068
1069 $new = $field_factory->group(
1070 [],
1071 $this->lng->txt('auth_account_migration_new'),
1072 $this->lng->txt('auth_info_add')
1073 );
1074
1075 $fields = [
1076 self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1077 [
1078 self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1079 self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1080 ],
1081 $this->lng->txt('auth_account_migration_name')
1082 )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1083 ];
1084
1085 $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1086
1087 return $this->ui_factory->input()
1088 ->container()
1089 ->form()
1090 ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1091 ->withDedicatedName('login_form')
1092 ->withSubmitLabel($this->lng->txt('save'))
1093 ->withAdditionalTransformation($this->mergeValuesTrafo())
1094 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1095 }
1096
1097 private function showAccountMigration(
1098 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1099 string $message = ''
1100 ): void {
1101 $this->help->setSubScreenId('account_migration');
1102
1103 $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1104 $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1105
1106 if ($message !== '') {
1107 $this->mainTemplate->setOnScreenMessage('failure', $message);
1108 }
1109
1110 self::printToGlobalTemplate($tpl);
1111 }
1112
1113 private function migrateAccount(): void
1114 {
1115 $form = $this->buildAccountMigrationForm();
1116 $form_valid = false;
1117 $form_data = null;
1118 if ($this->http->request()->getMethod() === 'POST') {
1119 $form = $form->withRequest($this->http->request());
1120 $form_data = $form->getData();
1121 $form_valid = $form_data !== null;
1122 }
1123
1124 if (!$form_valid) {
1125 $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1126 return;
1127 }
1128
1129 $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1130 $account_migration_mode = $account_migration[0];
1131 if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1132 $this->doMigration($account_migration[1]);
1133 } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1134 $this->doMigrationNewAccount();
1135 } else {
1136 $this->showAccountMigration(
1137 $form,
1138 $this->lng->txt('form_input_not_valid')
1139 );
1140 }
1141 }
1142
1143 private function doMigrationNewAccount(): void
1144 {
1145 $credentials = new ilAuthFrontendCredentials();
1146 $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1147
1148 $provider_factory = new ilAuthProviderFactory();
1149 $provider = $provider_factory->getProviderByAuthMode(
1150 $credentials,
1151 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1152 );
1153
1154 $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1155
1156 $status = ilAuthStatus::getInstance();
1157
1158 $frontend_factory = new ilAuthFrontendFactory();
1159 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1160 $frontend = $frontend_factory->getFrontend(
1161 $GLOBALS['DIC']['ilAuthSession'],
1162 $status,
1163 $credentials,
1164 [$provider]
1165 );
1166
1167 if ($frontend->migrateAccountNew()) {
1168 ilInitialisation::redirectToStartingPage();
1169 }
1170
1171 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1172 $this->ctrl->redirect($this, 'showAccountMigration');
1173 }
1174
1178 private function doMigration(array $migration_request_data): void
1179 {
1180 $username = $migration_request_data[self::PROP_USERNAME];
1181 $password = $migration_request_data[self::PROP_PASSWORD];
1182
1183 $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1184
1185 $credentials = new ilAuthFrontendCredentials();
1186 $credentials->setUsername($username);
1187 $credentials->setPassword($password);
1188
1189 $provider_factory = new ilAuthProviderFactory();
1190 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1191
1192 $status = ilAuthStatus::getInstance();
1193
1194 $frontend_factory = new ilAuthFrontendFactory();
1195 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1196 $frontend = $frontend_factory->getFrontend(
1197 $this->authSession,
1198 $status,
1199 $credentials,
1200 [$provider]
1201 );
1202 $frontend->authenticate();
1203
1204 switch ($status->getStatus()) {
1205 case ilAuthStatus::STATUS_AUTHENTICATED:
1206 $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1207
1208 $provider = $provider_factory->getProviderByAuthMode(
1209 $credentials,
1210 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1211 );
1212 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1213 $frontend = $frontend_factory->getFrontend(
1214 $GLOBALS['DIC']['ilAuthSession'],
1215 $status,
1216 $credentials,
1217 [$provider]
1218 );
1219
1220 if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1221 ilInitialisation::redirectToStartingPage();
1222 }
1223
1224 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1225 $this->ctrl->redirect($this, 'showAccountMigration');
1226
1227 // no break
1228 default:
1229 $this->getLogger()->info('Account migration failed for user ' . $username);
1230 $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1231 }
1232 }
1233
1234 private function showLogout(): void
1235 {
1236 if (!$this->authSession->isExpired() &&
1237 $this->authSession->isAuthenticated() &&
1238 !ilObjUser::_isAnonymous($this->authSession->getUserId())) {
1239 $this->ctrl->redirectToURL(ilUserUtil::getStartingPointAsUrl());
1240 }
1241
1242 $this->help->setSubScreenId('logout');
1243
1244 $tpl = self::initStartUpTemplate('tpl.logout.html');
1245 $client_id = $this->http->wrapper()->query()->retrieve(
1246 'client_id',
1247 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1248 );
1249
1250 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1251 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1252 $tpl->setCurrentBlock('homelink');
1253 $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1254 $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1255 $tpl->parseCurrentBlock();
1256 }
1257
1258 $tpl->setVariable('LPE', $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGOUT));
1259 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1260 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1261 $tpl->setVariable(
1262 'CLIENT_ID',
1263 '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1264 );
1265
1266 self::printToGlobalTemplate($tpl);
1267 }
1268
1269 private function doLogout(): void
1270 {
1272 $legal_documents = $this->dic['legalDocuments'];
1273
1274 $this->eventHandler->raise(
1275 'components/ILIAS/Authentication',
1276 'beforeLogout',
1277 [
1278 'user_id' => $this->user->getId()
1279 ]
1280 );
1281
1282 $user_language = $this->user->getLanguage();
1283
1284 $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1285
1286 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1287 $this->authSession->logout();
1288
1289 $target = new ConfigurableLogoutTarget(
1290 $this->ctrl,
1291 new ilSetting('auth'),
1292 $this->access,
1293 ilUtil::_getHttpPath()
1294 );
1295 $target = $legal_documents->logoutTarget($target);
1296 $url = $target->asURI();
1297
1298 $this->eventHandler->raise(
1299 'components/ILIAS/Authentication',
1300 'afterLogout',
1301 [
1302 'username' => $this->user->getLogin(),
1303 'is_explicit_logout' => true,
1304 'used_external_auth_mode' => $used_external_auth_mode,
1305 'logout_target' => $url
1306 ]
1307 );
1308
1309 $this->mainTemplate->setOnScreenMessage(
1310 $this->mainTemplate::MESSAGE_TYPE_INFO,
1311 $this->lng->txt('logout_text') . $legal_documents->logoutText(),
1312 true
1313 );
1314
1315 // reset cookie
1316 ilUtil::setCookie('ilClientId', '');
1317
1318 $this->ctrl->setParameter($this, 'lang', $user_language);
1319 $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1320 $this->ctrl->redirectToURL((string) $url);
1321 }
1322
1323 protected function showLegalDocuments(): void
1324 {
1325 global $DIC;
1326 $tpl = self::initStartUpTemplate(['agreement.html', 'components/ILIAS/LegalDocuments'], true, false);
1327 $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1328 self::printToGlobalTemplate($tpl);
1329 }
1330
1331 private function processIndexPHP(): void
1332 {
1333 if ($this->authSession->isValid()) {
1334 if (!$this->user->isAnonymous() || (
1335 ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1336 $this->httpRequest->getServerParams()['SERVER_NAME']
1337 ) && $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)
1338 )) {
1339 ilInitialisation::redirectToStartingPage();
1340 return;
1341 }
1342 }
1343
1344 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1345 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1346 ilInitialisation::goToPublicSection();
1347 }
1348
1349 $this->showLoginPage();
1350 }
1351
1355 public static function _checkGoto(string $a_target)
1356 {
1357 global $DIC;
1358
1359 $component_factory = $DIC['component.factory'];
1360
1361 $access = $DIC->access();
1362
1363 foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1365 $gui_class = $ui_plugin->getUIClassInstance();
1366 $resp = $gui_class->checkGotoHook($a_target);
1367 if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1368 $a_target = $resp['target'];
1369 break;
1370 }
1371 }
1372
1373 if ($a_target === '') {
1374 return false;
1375 }
1376
1377 $t_arr = explode('_', $a_target);
1378 $type = $t_arr[0];
1379
1380 if ($type === 'git') {
1381 $type = 'glo';
1382 }
1383
1384 if ($type === 'pg' | $type === 'st') {
1385 $type = 'lm';
1386 }
1387
1388 $class = $DIC['objDefinition']->getClassName($type);
1389 if ($class === '') {
1390 return false;
1391 }
1392
1393 $location = $DIC['objDefinition']->getLocation($type);
1394 $full_class = 'ilObj' . $class . 'Access';
1395
1396 $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1397
1398 // if no access and repository object => check for parent course/group
1399 if (!$ret &&
1400 isset($t_arr[1]) &&
1401 !str_contains($a_target, '_wsp') &&
1402 !$DIC->user()->isAnonymous() && // #10637
1403 !$DIC['objDefinition']->isAdministrationObject($type) &&
1404 $DIC['objDefinition']->isRBACObject($type)) {
1405 $ref_id = 0;
1406 // original type 'pg' => pg_<page_id>[_<ref_id>]
1407 if ($t_arr[0] === 'pg') {
1408 if (isset($t_arr[2])) {
1409 $ref_id = (int) $t_arr[2];
1410 } else {
1411 $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1412 $ref_ids = ilObject::_getAllReferences($lm_id);
1413 if ($ref_ids) {
1414 $ref_id = array_shift($ref_ids);
1415 }
1416 }
1417 } else {
1418 $ref_id = (int) $t_arr[1];
1419 }
1420
1421 if ($ref_id < 1) {
1422 return false;
1423 }
1424
1425 $block_obj = [];
1426
1427 // walk path to find parent container
1428 $path = $DIC->repositoryTree()->getPathId($ref_id);
1429 array_pop($path);
1430 foreach ($path as $path_ref_id) {
1431 $redirect_infopage = false;
1432 $add_member_role = false;
1433
1434 $ptype = ilObject::_lookupType($path_ref_id, true);
1435 $pobj_id = ilObject::_lookupObjId($path_ref_id);
1436
1437 // core checks: timings/object-specific
1438 if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1439 !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1440 // object in path is inaccessible - aborting
1441 return false;
1442 } elseif ($ptype === 'crs') {
1443 // check if already participant
1444 $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1445 if (!$participants->isAssigned()) {
1446 // subscription currently possible?
1447 if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1448 $block_obj[] = $path_ref_id;
1449 $add_member_role = true;
1450 } else {
1451 $redirect_infopage = true;
1452 }
1453 }
1454 } elseif ($ptype === 'grp') {
1455 // check if already participant
1456 if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1457 // subscription currently possible?
1458 $group_obj = new ilObjGroup($path_ref_id);
1459 if ($group_obj->isRegistrationEnabled()) {
1460 $block_obj[] = $path_ref_id;
1461 $add_member_role = true;
1462 } else {
1463 $redirect_infopage = true;
1464 }
1465 }
1466 }
1467
1468 // add members roles for all 'blocking' objects
1469 if ($add_member_role) {
1470 // cannot join? goto will never work, so redirect to current object
1471 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1472 if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1473 $redirect_infopage = true;
1474 } else {
1475 $DIC->rbac()->system()->addTemporaryRole(
1476 $DIC->user()->getId(),
1477 ilParticipants::getDefaultMemberRole($path_ref_id)
1478 );
1479 }
1480 }
1481
1482 // redirect to infopage of 1st blocking object in path
1483 if ($redirect_infopage) {
1484 if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1485 ilUtil::redirect(
1486 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1487 );
1488 } else {
1489 return false;
1490 }
1491 }
1492 }
1493
1494 // check if access will be possible with all (possible) member roles added
1495 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1496 if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1497 // this won't work with lm-pages (see above)
1498 // keep original target
1499 ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1500
1501 // redirect to 1st non-member object in path
1502 ilUtil::redirect(
1503 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1504 );
1505 }
1506 }
1507
1508 return $ret;
1509 }
1510
1511 private function confirmRegistration(): void
1512 {
1513 $this->lng->loadLanguageModule('registration');
1514 ilUtil::setCookie('iltest', 'cookie', false);
1515
1516 try {
1517 $reg_hash = $this->refinery->to()
1518 ->toNew(PendingRegistrationHash::class)
1519 ->transform([$this->http->wrapper()->query()->retrieve('rh', $this->refinery->byTrying([
1520 $this->refinery->kindlyTo()->string(),
1521 $this->refinery->always(null)
1522 ]))]);
1523
1524 $dual_opt_in_service = new DualOptInServiceImpl(
1525 new ilRegistrationSettings(),
1526 new PendingRegistrationDatabaseRepository($this->dic->database()),
1527 $this->dic->database(),
1528 $this->dic->logger()->user(),
1529 (new \ILIAS\Data\Factory())->clock()
1530 );
1531 $user = $dual_opt_in_service->verifyHashAndActivateUser($reg_hash);
1532
1533 $this->mainTemplate->setOnScreenMessage(
1534 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_SUCCESS,
1535 $this->lng->txt('reg_account_confirmation_successful'),
1536 true
1537 );
1538 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1539 } catch (DualOptInException $exception) {
1540 $this->mainTemplate->setOnScreenMessage(
1541 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_FAILURE,
1542 $this->lng->txt($exception->getMessage()),
1543 true
1544 );
1545 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1546 } catch (Exception) {
1547 $this->mainTemplate->setOnScreenMessage(
1548 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_FAILURE,
1549 $this->lng->txt('reg_confirmation_hash_not_passed'),
1550 true
1551 );
1552 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1553 }
1554 }
1555
1560 public static function initStartUpTemplate(
1561 $a_tmpl,
1562 bool $a_show_back = false,
1563 bool $a_show_logout = false
1564 ): ilGlobalTemplateInterface {
1565 global $DIC;
1566
1567 $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1568
1569 $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'components/ILIAS/Init');
1570
1571 $view_title = $DIC->language()->txt('login_to_ilias');
1572 if ($a_show_back) {
1573 // #13400
1574 $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1575
1576 $tpl->setCurrentBlock('link_item_bl');
1577 $tpl->setVariable('LINK_TXT', $view_title);
1578 $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1579 $tpl->parseCurrentBlock();
1580
1581 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1582 $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1583 $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1584 $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1585 $tpl->parseCurrentBlock();
1586 }
1587 } elseif ($a_show_logout) {
1588 $view_title = $DIC->language()->txt('logout');
1589 $tpl->setCurrentBlock('link_item_bl');
1590 $tpl->setVariable('LINK_TXT', $view_title);
1591 $tpl->setVariable('LINK_URL', self::logoutUrl());
1592 $tpl->parseCurrentBlock();
1593 }
1594
1595 if (is_array($a_tmpl)) {
1596 $template_file = $a_tmpl[0];
1597 $template_dir = $a_tmpl[1];
1598 } else {
1599 $template_file = $a_tmpl;
1600 $template_dir = 'components/ILIAS/Init';
1601 }
1602
1603 $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1604
1605 PageContentProvider::setViewTitle($view_title);
1606 $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1607 if ($short_title === '') {
1608 $short_title = 'ILIAS';
1609 }
1610 PageContentProvider::setShortTitle($short_title);
1611
1612 $header_title = ilObjSystemFolder::_getHeaderTitle();
1613 PageContentProvider::setTitle($header_title);
1614
1615 return $tpl;
1616 }
1617
1618 private function showSamlLoginForm(string $page_editor_html): string
1619 {
1620 if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1621 $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'components/ILIAS/Saml');
1622
1623 $return = '';
1624 $target = $this->initTargetFromQuery();
1625 if ($target !== '') {
1626 $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1627 }
1628
1629 $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1630 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1631 $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1632 $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1633 $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1634
1635 return $this->substituteLoginPageElements(
1636 $GLOBALS['tpl'],
1637 $page_editor_html,
1638 $tpl->get(),
1639 '[list-saml-login]',
1640 'SAML_LOGIN_FORM'
1641 );
1642 }
1643
1644 return $page_editor_html;
1645 }
1646
1647 private function showOpenIdConnectLoginForm(string $page_editor_html): string
1648 {
1649 $oidc_settings = ilOpenIdConnectSettings::getInstance();
1650 if ($oidc_settings->getActive()) {
1651 $tpl = new ilTemplate('tpl.login_element.html', true, true, 'components/ILIAS/OpenIdConnect');
1652
1653 $this->lng->loadLanguageModule('auth');
1654 $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1655
1656 $target = $this->initTargetFromQuery();
1657 $target_str = empty($target) ? '' : ('?target=' . $target);
1658 switch ($oidc_settings->getLoginElementType()) {
1659 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1660 $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1661 $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1662 break;
1663
1664 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1665 $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1666 $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1667 break;
1668 }
1669
1670 return $this->substituteLoginPageElements(
1671 $GLOBALS['tpl'],
1672 $page_editor_html,
1673 $tpl->get(),
1674 '[list-openid-connect-login]',
1675 'OPEN_ID_CONNECT_LOGIN_FORM'
1676 );
1677 }
1678
1679 return $page_editor_html;
1680 }
1681
1682 private function doOpenIdConnectAuthentication(): void
1683 {
1684 $this->getLogger()->debug('Trying openid connect authentication');
1685
1686 $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1687 $credentials->initFromRequest();
1688
1689 $provider_factory = new ilAuthProviderFactory();
1690 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1691
1692 $status = ilAuthStatus::getInstance();
1693
1694 $frontend_factory = new ilAuthFrontendFactory();
1695 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1696 $frontend = $frontend_factory->getFrontend(
1697 $this->authSession,
1698 $status,
1699 $credentials,
1700 [$provider]
1701 );
1702 $frontend->authenticate();
1703
1704 switch ($status->getStatus()) {
1705 case ilAuthStatus::STATUS_AUTHENTICATED:
1706 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1707 if ($credentials->getRedirectionTarget()) {
1708 ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1709 }
1710 ilInitialisation::redirectToStartingPage();
1711
1712 // no break
1713 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1714 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1715 $this->ctrl->redirect($this, 'showLoginPage');
1716 }
1717
1718 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1719 $this->showLoginPage();
1720 }
1721
1722 private function doSamlAuthentication(): void
1723 {
1724 $this->getLogger()->debug('Trying saml authentication');
1725 $request = $this->httpRequest;
1726 $params = $request->getQueryParams();
1727
1728 $factory = new ilSamlAuthFactory();
1729 $auth = $factory->auth();
1730
1731 if (isset($params['action']) && $params['action'] === 'logout') {
1732 $logout_url = $params['logout_url'] ?? '';
1733 $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1734 $auth->logout($logout_url);
1735 }
1736
1737 if (isset($params['target']) && !isset($params['returnTo'])) {
1738 $params['returnTo'] = $params['target'];
1739 }
1740
1741 if (isset($params['returnTo'])) {
1742 $auth->storeParam('target', $params['returnTo']);
1743 }
1744
1745 $this->logger->debug('Started SAML authentication request');
1746 if (!$auth->isAuthenticated()) {
1747 ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1748 if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1749 $activeIdps = ilSamlIdp::getActiveIdpList();
1750 if (count($activeIdps) === 1) {
1751 $idp = current($activeIdps);
1752
1753 ilLoggerFactory::getLogger('auth')->debug(
1754 sprintf(
1755 'Found exactly one active IDP with id %s: %s',
1756 $idp->getIdpId(),
1757 $idp->getEntityId()
1758 )
1759 );
1760
1761 $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1762 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1763 $this->ctrl->setTargetScript('saml.php');
1764 $this->ctrl->redirect($this, 'doSamlAuthentication');
1765 } elseif ($activeIdps === []) {
1766 $this->logger->debug('Did not find any active IDP, skipp authentication process');
1767 $this->ctrl->redirect($this, 'showLoginPage');
1768 } else {
1769 $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1770 $this->showSamlIdpSelection($auth, $activeIdps);
1771 return;
1772 }
1773 }
1774
1775 $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1776 $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1777 }
1778
1779 $auth = $factory->auth();
1780
1781 $this->logger->debug('Checking SAML authentication status...');
1782 $auth->protectResource();
1783 $this->logger->debug(
1784 'SAML authentication successful, continuing with ILIAS internal authentication process...'
1785 );
1786
1787 $idpId = (int) $auth->getParam('idpId');
1788
1789 $this->logger->debug(
1790 sprintf(
1791 'Internal SAML IDP id fetched from session: %s',
1792 $idpId
1793 )
1794 );
1795
1796 if ($idpId < 1) {
1797 $this->logger->debug(
1798 'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1799 );
1800 $authData = $auth->getAuthDataArray();
1801 if (isset($authData['saml:sp:IdP'])) {
1802 $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1803 $this->logger->debug(
1804 sprintf(
1805 'Searching active ILIAS IDP by entity id "%s" results in: %s',
1806 $authData['saml:sp:IdP'],
1807 $idpId
1808 )
1809 );
1810 } else {
1811 $this->logger->debug(
1812 'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1813 );
1814 }
1815 }
1816
1817 $target = $auth->popParam('target');
1818
1819 $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1820
1821 $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1822 $credentials->initFromRequest();
1823
1824 $provider_factory = new ilAuthProviderFactory();
1825 $provider = $provider_factory->getProviderByAuthMode(
1826 $credentials,
1827 ilUtil::stripSlashes(
1828 ilAuthUtils::AUTH_SAML . '_' . $idpId
1829 )
1830 );
1831
1832 if ($target) {
1833 $credentials->setReturnTo($target);
1834 } else {
1835 $target = $credentials->getReturnTo();
1836 }
1837
1838 $status = ilAuthStatus::getInstance();
1839
1840 $frontend_factory = new ilAuthFrontendFactory();
1841 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1842 $frontend = $frontend_factory->getFrontend(
1843 $this->authSession,
1844 $status,
1845 $credentials,
1846 [$provider]
1847 );
1848 $frontend->authenticate();
1849
1850 switch ($status->getStatus()) {
1851 case ilAuthStatus::STATUS_AUTHENTICATED:
1852 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1853 ilInitialisation::redirectToStartingPage($target ?? '');
1854
1855 // no break
1856 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1857 $this->ctrl->redirect($this, 'showAccountMigration');
1858
1859 // no break
1860 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1861 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1862 $this->ctrl->redirect($this, 'showLoginPage');
1863 }
1864
1865 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1866 $this->showLoginPage();
1867 }
1868
1872 private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
1873 {
1874 $this->help->setSubScreenId('saml_idp_selection');
1875
1876 self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'components/ILIAS/Saml']);
1877
1878 $this->ctrl->setTargetScript('saml.php');
1879 $items = [];
1880 foreach ($idps as $idp) {
1881 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1882 $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
1883
1884 $items[] = $this->ui_factory->link()->standard(
1885 $idp->getEntityId(),
1886 $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
1887 );
1888 }
1889
1890 $components = [
1891 $this->ui_factory->panel()->standard(
1892 $this->lng->txt('auth_saml_idp_selection_table_title'),
1893 [
1894 $this->ui_factory->messageBox()->info($this->lng->txt('auth_saml_idp_selection_table_desc')),
1895 $this->ui_factory->listing()->unordered(
1896 array_map(
1897 fn($item) => $this->ui_renderer->render($item),
1898 $items
1899 )
1900 )
1901 ]
1902 )
1903 ];
1904
1905 $this->mainTemplate->setVariable('CONTENT', $this->ui_renderer->render($components));
1906 $this->mainTemplate->printToStdout('DEFAULT', false);
1907 }
1908
1914 public static function logoutUrl(array $parameters = []): string
1915 {
1916 global $DIC;
1917
1918 $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
1919 $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
1920
1921 $DIC->ctrl()->setTargetScript('logout.php');
1922 $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
1923 $DIC->ctrl()->setTargetScript('ilias.php');
1924
1925 return $url;
1926 }
1927}
IL_COOKIE_PATH
const IL_COOKIE_PATH
Definition: index.php:48
$duration
$duration
Definition: LOMStructure.php:54
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
$location
$location
Definition: buildRTE.php:22
$components
$components
Definition: build_bootstrap.php:58
ILIAS\DI\Container
Customizing of pimple-DIC for ILIAS.
Definition: Container.php:36
ILIAS\Data\Color\Factory
Builds a Color from either hex- or rgb values.
Definition: Factory.php:31
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ILIAS\HTTP\Services
Class Services.
Definition: Services.php:38
ILIAS\Registration\DualOptIn\Repository\PendingRegistrationDatabaseRepository
@phpstan-type PendingRegistrationRecord array{id: string, usr_id: int, reg_hash: string,...
Definition: PendingRegistrationDatabaseRepository.php:32
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:24
ilAccountRegistrationGUI
@ilCtrl_Calls ilAccountRegistrationGUI:
Definition: class.ilAccountRegistrationGUI.php:35
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:52
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:60
ilAuthFrontendCredentialsLTI
Auth credentials for lti oauth based authentication.
Definition: class.ilAuthFrontendCredentialsLTI.php:28
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthFrontend\MIG_TRIGGER_AUTHMODE
const string MIG_TRIGGER_AUTHMODE
Definition: class.ilAuthFrontend.php:26
ilAuthFrontend\MIG_EXTERNAL_ACCOUNT
const string MIG_EXTERNAL_ACCOUNT
Definition: class.ilAuthFrontend.php:25
ilAuthPageEditorSettings\getInstance
static getInstance(AuthPageEditorContext $context)
Definition: class.ilAuthPageEditorSettings.php:46
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:395
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:36
ilAuthUtils\AUTH_OPENID_CONNECT
const int AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:38
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:365
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:45
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:30
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:117
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:29
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:909
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1857
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:563
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:337
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:569
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:561
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:32
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1569
ilObjUser
User class.
Definition: class.ilObjUser.php:48
ilObjUser\_isAnonymous
static _isAnonymous(int $usr_id)
Definition: class.ilObjUser.php:1760
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1105
ilObjUser\setActive
setActive(bool $active, int $owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1052
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2823
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $unlimited)
Definition: class.ilObjUser.php:1115
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:2637
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:826
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages)
Definition: class.ilPageUtil.php:31
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:129
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:142
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:87
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:211
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:178
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:223
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:209
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:33
ilStartUpGUI
@ilCtrl_Calls ilStartUpGUI: ilAccountRegistrationGUI, ilPasswordAssistanceGUI, ilLoginPageGUI,...
Definition: class.ilStartUpGUI.php:42
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:820
ilStartUpGUI\$forced_cmd
static string $forced_cmd
Definition: class.ilStartUpGUI.php:51
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:901
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:58
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:53
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:1914
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:811
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1647
ilStartUpGUI\$db
ilDBInterface $db
Definition: class.ilStartUpGUI.php:64
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:61
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:67
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:49
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:796
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection,...
Definition: class.ilStartUpGUI.php:1560
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:56
ilStartUpGUI\getAuthPageEditorHtml
getAuthPageEditorHtml(AuthPageEditorContext $ipe_context)
Definition: class.ilStartUpGUI.php:921
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:70
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:153
ilStartUpGUI\checkForcedCommand
checkForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:109
ilStartUpGUI\setForcedCommand
static setForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:104
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:364
ilStartUpGUI\__construct
__construct(?ilObjUser $user=null, ?ilGlobalTemplateInterface $mainTemplate=null, ?ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:72
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:63
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:60
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:69
ilStartUpGUI\showAccountMigration
showAccountMigration(?ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1097
ilStartUpGUI\buildCodeForm
buildCodeForm(?string $username=null)
Definition: class.ilStartUpGUI.php:407
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1618
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1178
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:146
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:66
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:59
ilStartUpGUI\showLoginPage
showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:284
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1028
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:1872
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1001
ilStartUpGUI\showCodeForm
showCodeForm(?string $username=null, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:394
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:47
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:948
ilTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilTemplate.php:31
ilUserUtil\getStartingPointAsUrl
static getStartingPointAsUrl()
Definition: class.ilUserUtil.php:212
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1328
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:397
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:381
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:944
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1281
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:31
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilCtrlBaseClassInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlBaseClassInterface.php:38
ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:30
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
$client_id
$client_id
Definition: ltiauth.php:67
$ref_id
$ref_id
Definition: ltiauth.php:66
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:31
$path
$path
Definition: ltiservices.php:30
$provider
$provider
Definition: ltitoken.php:80
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\UI\Implementation\Component\Input\ViewControl\withAdditionalTransformation
withAdditionalTransformation(Transformation $trafo)
@inheritDoc
Definition: GroupDecorator.php:57
ILIAS
Interface Observer \BackgroundTasks Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
$lng
global $lng
Definition: privfeed.php:31
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23
$DIC
global $DIC
Definition: shib_login.php:26
$url
$url
Definition: shib_logout.php:68
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$param
$param
Definition: xapitoken.php:44