ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilStartUpGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use Psr\Http\Message\ServerRequestInterface;
22 use ILIAS\UICore\PageContentProvider;
23 use ILIAS\Refinery\Factory as RefineryFactory;
24 use ILIAS\HTTP\Services as HTTPServices;
25 use ILIAS\TermsOfService\Consumer as TermsOfService;
26 use ILIAS\DataProtection\Consumer as DataProtection;
27 use ILIAS\components\Authentication\Logout\ConfigurableLogoutTarget;
28 use ILIAS\LegalDocuments\Conductor;
29 use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
30 
36 class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
37 {
38  private const PROP_USERNAME = 'username';
39  private const PROP_PASSWORD = 'password';
40  private const PROP_AUTH_MODE = 'auth_mode';
41  private const PROP_CODE = 'code';
42  private const PROP_ACCOUNT_MIGRATION = 'account_migration';
43  private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
44  private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
45 
46  private static string $forced_cmd = '';
47 
48  private ilCtrlInterface $ctrl;
49  private ilLanguage $lng;
50  private ilLogger $logger;
51  private ilGlobalTemplateInterface $mainTemplate;
52  private ilObjUser $user;
53  private ServerRequestInterface $httpRequest;
54  private ILIAS\DI\Container $dic;
55  private ilAuthSession $authSession;
56  private ilAppEventHandler $eventHandler;
57  private ilSetting $setting;
58  private ilAccessHandler $access;
59 
60  private RefineryFactory $refinery;
61  private HTTPServices $http;
62  private ilHelpGUI $help;
63  private ILIAS\UI\Factory $ui_factory;
64  private ILIAS\UI\Renderer $ui_renderer;
65 
66  public function __construct(
67  ?ilObjUser $user = null,
68  ?ilGlobalTemplateInterface $mainTemplate = null,
69  ?ServerRequestInterface $httpRequest = null
70  ) {
71  global $DIC;
72 
73  $this->dic = $DIC;
74 
75  $this->user = $user ?? $DIC->user();
76  $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
77  $this->httpRequest = $httpRequest ?? $DIC->http()->request();
78  $this->ctrl = $DIC->ctrl();
79  $this->lng = $DIC->language();
80  $this->lng->loadLanguageModule('auth');
81  $this->logger = ilLoggerFactory::getLogger('init');
82  $this->authSession = $DIC['ilAuthSession'];
83  $this->eventHandler = $DIC->event();
84  $this->setting = $DIC->settings();
85  $this->access = $DIC->access();
86  $this->help = $DIC->help();
87  $this->http = $DIC->http();
88  $this->refinery = $DIC->refinery();
89  $this->ui_factory = $DIC->ui()->factory();
90  $this->ui_renderer = $DIC->ui()->renderer();
91 
92  $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
93  $this->user->setLanguage($this->lng->getLangKey());
94  $this->help->setScreenIdComponent('init');
95  }
96 
97  public static function setForcedCommand(string $cmd): void
98  {
99  self::$forced_cmd = $cmd;
100  }
101 
102  private function checkForcedCommand(string $cmd): string
103  {
104  if (self::$forced_cmd) {
105  $cmd = self::$forced_cmd;
106  self::$forced_cmd = '';
107  }
108 
109  return $cmd;
110  }
111 
112  private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
113  {
114  return $this->refinery->custom()->transformation(static function (array $values): array {
115  return array_merge(...$values);
116  });
117  }
118 
119  private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
120  {
121  return $this->refinery->custom()->transformation(static function (array $values): array {
122  $processed_values = array_merge(
123  ilArrayUtil::stripSlashesRecursive($values),
124  isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
125  );
126 
127  return $processed_values;
128  });
129  }
130 
131  private function initTargetFromQuery(): string
132  {
133  return $this->http->wrapper()->query()->retrieve(
134  'target',
135  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
136  );
137  }
138 
139  public function getUnsafeGetCommands(): array
140  {
141  return [
142  'doLogout'
143  ];
144  }
145 
146  public function getSafePostCommands(): array
147  {
148  return [
149  'doStandardAuthentication',
150  ];
151  }
152 
153  public function executeCommand(): void
154  {
155  $cmd = $this->checkForcedCommand($this->ctrl->getCmd('processIndexPHP'));
156 
157  $next_class = $this->ctrl->getNextClass($this) ?? '';
158 
159  switch (strtolower($next_class)) {
160  case strtolower(ilLoginPageGUI::class):
161  break;
162 
163  case strtolower(ilAccountRegistrationGUI::class):
164  $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
165  return;
166 
167  case strtolower(ilPasswordAssistanceGUI::class):
168  $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
169  return;
170 
171  case strtolower(ilAccessibilityControlConceptGUI::class):
172  $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
173  return;
174 
175  default:
176  if (method_exists($this, $cmd)) {
177  $this->$cmd();
178  return;
179  }
180  }
181 
182  // because this class now implements ilCtrlSecurityInterface,
183  // it may occur that commands are null, therefore I added
184  // this as a fallback method.
185  $this->showLoginPageOrStartupPage();
186  }
187 
188  private function getLogger(): ilLogger
189  {
190  return $this->logger;
191  }
192 
193  private function jumpToRegistration(): void
194  {
195  $this->ctrl->redirectByClass(ilAccountRegistrationGUI::class);
196  }
197 
198  private function jumpToPasswordAssistance(): void
199  {
200  $this->ctrl->saveParameterByClass(ilPasswordAssistanceGUI::class, 'key');
201  $this->ctrl->redirectByClass(ilPasswordAssistanceGUI::class);
202  }
203 
204  private function showLoginPageOrStartupPage(): void
205  {
214  if ($this->authSession->isValid() && $this->authSession->getUserId() > 0 && !$this->user->isAnonymous()) {
215  ilInitialisation::redirectToStartingPage();
216  }
217 
218  $is_forced_login = $this->http->wrapper()->query()->retrieve(
219  'cmd',
220  $this->refinery->byTrying([
221  $this->refinery->kindlyTo()->string(),
222  $this->refinery->always(
223  $this->http->wrapper()->post()->retrieve(
224  'cmd',
225  $this->refinery->byTrying([
226  $this->refinery->kindlyTo()->string(),
227  $this->refinery->always('')
228  ])
229  )
230  )
231  ])
232  ) === 'force_login';
233 
234  if ($is_forced_login) {
235  // Only allow this for anonymous user, see: showLoginPageOrStartupPage
236  $this->logger->debug('Force login');
237  $messages = [];
238  if ($this->authSession->isValid()) {
239  $messages = $this->retrieveMessagesFromSession();
240  $this->logger->debug('Valid session -> logout current user');
241  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
242  $this->authSession->logout();
243 
244  $this->eventHandler->raise(
245  'components/ILIAS/Authentication',
246  'afterLogout',
247  [
248  'username' => $this->user->getLogin(),
249  'is_explicit_logout' => false,
250  ]
251  );
252 
253  $this->dic->user()->setId($this->authSession->getUserId());
254  $this->dic->user()->read();
255  }
256 
257  $this->logger->debug('Show login page');
258  foreach ($messages as $type => $content) {
259  $this->mainTemplate->setOnScreenMessage($type, $content);
260  }
261 
262  $this->showLoginPage();
263  return;
264  }
265 
266  if ($this->authSession->isValid()) {
267  $this->logger->debug('Valid session -> redirect to starting page');
268  ilInitialisation::redirectToStartingPage();
269  return;
270  }
271 
272  $this->logger->debug('No valid session -> show login');
273  $this->showLoginPage();
274  }
275 
276  private function showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
277  {
278  global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
279 
280  $this->help->setSubScreenId('login');
281 
282  $this->getLogger()->debug('Showing login page');
283 
284  $extUid = $this->http->wrapper()->query()->retrieve(
285  'ext_uid',
286  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
287  );
288 
289  $soapPw = $this->http->wrapper()->query()->retrieve(
290  'soap_pw',
291  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
292  );
293 
294  $credentials = new ilAuthFrontendCredentialsSoap(
295  $GLOBALS['DIC']->http()->request(),
296  $this->ctrl,
297  $this->setting
298  );
299 
300  $credentials->setUsername($extUid);
301  $credentials->setPassword($soapPw);
302  $credentials->tryAuthenticationOnLoginPage();
303 
304  $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
305  $frontend->tryAuthenticationOnLoginPage();
306 
307  $tpl = self::initStartUpTemplate('tpl.login.html');
308  $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
309  $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
310 
311  $page_editor_html = $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGIN);
312  $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
313  $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
314  $page_editor_html = $this->showLoginForm($page_editor_html, $form);
315  $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
316  $page_editor_html = $this->showSamlLoginForm($page_editor_html);
317  $page_editor_html = $this->showRegistrationLinks($page_editor_html);
318  $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
319  $page_editor_html = $this->purgePlaceholders($page_editor_html);
320 
321  // check expired session and send message
322  if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
323  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
324  } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
325  $this->lng->loadLanguageModule('registration');
326  $message_key = $this->http->wrapper()->query()->retrieve(
327  'reg_confirmation_msg',
328  $this->refinery->kindlyTo()->string()
329  );
330  $message_type = $message_key === 'reg_account_confirmation_successful' ?
331  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
332  $this->mainTemplate->setOnScreenMessage(
333  $message_type,
334  $this->lng->txt($message_key)
335  );
336  }
337 
338  if ($page_editor_html !== '') {
339  $tpl->setVariable('LPE', $page_editor_html);
340  }
341 
342  if ($this->authSession->isExpired()) {
343  // The usr_id is is still the one of the former logged-in user, so we have to unset it
344  $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
345  $this->dic->user()->setId($this->authSession->getUserId());
346  $this->dic->user()->read();
347  }
348 
349  $this->mainTemplate->setPermanentLink('auth', null, 'login');
350  self::printToGlobalTemplate($tpl);
351  }
352 
356  public static function printToGlobalTemplate($tpl): void
357  {
358  global $DIC;
359  $gtpl = $DIC['tpl'];
360  $gtpl->setContent($tpl->get());
361  $gtpl->printToStdout('DEFAULT', false, true);
362  }
363 
367  private function retrieveMessagesFromSession(): array
368  {
369  $messages = [];
370  $message_types = [
371  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
372  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
373  ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
374  ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
375  ];
376 
377  foreach ($message_types as $message_type) {
378  if (ilSession::get($message_type)) {
379  $messages[$message_type] = ilSession::get($message_type);
380  }
381  }
382 
383  return $messages;
384  }
385 
386  private function showCodeForm(
387  ?string $username = null,
388  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
389  ): void {
390  $this->help->setSubScreenId('code_input');
391 
392  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
393 
394  $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
395  $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
396  self::printToGlobalTemplate($tpl);
397  }
398 
399  private function buildCodeForm(?string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
400  {
401  $this->lng->loadLanguageModule('auth');
402 
403  $field_factory = $this->ui_factory->input()->field();
404 
405  $username_field = $field_factory
406  ->hidden()
407  ->withRequired(true);
408  if ($username !== null) {
409  $username_field = $username_field->withValue($username);
410  }
411 
412  return $this->ui_factory
413  ->input()
414  ->container()
415  ->form()
416  ->standard(
417  $this->ctrl->getFormAction($this, 'processCode'),
418  [
419  $field_factory->section(
420  [
421  self::PROP_CODE => $field_factory
422  ->text(
423  $this->lng->txt('auth_account_code'),
424  $this->lng->txt('auth_account_code_info')
425  )
426  ->withRequired(true),
427  // #11658
428  self::PROP_USERNAME => $username_field,
429  ],
430  $this->lng->txt('auth_account_code_title'),
431  ),
432  ]
433  )
434  ->withSubmitLabel($this->lng->txt('send'))
435  ->withAdditionalTransformation($this->mergeValuesTrafo())
436  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
437  }
438 
439  private function processCode(): void
440  {
441  $form = $this->buildCodeForm();
442  $form_valid = false;
443  $form_data = null;
444  if ($this->http->request()->getMethod() === 'POST') {
445  $form = $form->withRequest($this->http->request());
446  $form_data = $form->getData();
447  $form_valid = $form_data !== null;
448  }
449 
450  $uname = null;
451  if ($form_valid) {
452  $code = $form_data[self::PROP_CODE];
453  $uname = $form_data[self::PROP_USERNAME];
454  if (ilRegistrationCode::isUnusedCode($code)) {
455  $valid_until = ilRegistrationCode::getCodeValidUntil($code);
456  if (!$user_id = ilObjUser::_lookupId($uname)) {
457  $this->showLoginPage();
458  return;
459  }
460  $invalid_code = false;
461  $user = new ilObjUser($user_id);
462  if ($valid_until === '0') {
463  $user->setTimeLimitUnlimited(true);
464  } else {
465  if (is_numeric($valid_until)) {
466  $valid_until = strtotime('+' . $valid_until . 'days');
467  } else {
468  $valid_until = explode('-', $valid_until);
469  $valid_until = mktime(
470  23,
471  59,
472  59,
473  (int) $valid_until[1],
474  (int) $valid_until[2],
475  (int) $valid_until[0]
476  );
477  if ($valid_until < time()) {
478  $invalid_code = true;
479  }
480  }
481 
482  if (!$invalid_code) {
483  $user->setTimeLimitUnlimited(false);
484  $user->setTimeLimitUntil($valid_until);
485  }
486  }
487 
488  if (!$invalid_code) {
489  $user->setActive(true);
490  ilRegistrationCode::useCode($code);
491  // apply registration code role assignments
492  ilRegistrationCode::applyRoleAssignments($user, $code);
493  // apply registration code tie limits
494  ilRegistrationCode::applyAccessLimits($user, $code);
495 
496  $user->update();
497 
498  $this->ctrl->setParameter($this, 'cu', 1);
499  $this->lng->loadLanguageModule('auth');
500  $this->mainTemplate->setOnScreenMessage(
501  'success',
502  $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
503  true
504  );
505  $this->ctrl->redirect($this, 'showLoginPage');
506  }
507  }
508 
509  $this->lng->loadLanguageModule('user');
510  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
511  } else {
512  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
513  }
514 
515  $this->showCodeForm($uname, $form);
516  }
517 
518  private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
519  {
520  $field_factory = $this->ui_factory->input()->field();
521 
522  $fields = [];
523  $det = ilAuthModeDetermination::_getInstance();
524  if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
525  $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
526  $visible_auth_methods = [];
527  foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
528  if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
529  continue;
530  }
531 
532  $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
533 
534  if (isset($option['checked'])) {
535  $auth_mode = $auth_mode->withValue($key);
536  }
537  $visible_auth_methods[] = $key;
538  }
539 
540  if (count($visible_auth_methods) === 1) {
541  $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
542  }
543 
544  $fields[self::PROP_AUTH_MODE] = $auth_mode;
545  }
546 
547  $fields += [
548  self::PROP_USERNAME => $field_factory
549  ->text($this->lng->txt('username'))
550  ->withRequired(
551  true,
552  $this->refinery->custom()->constraint(
553  static function (string $value): bool {
554  return $value !== '';
555  },
556  static function (Closure $lng, string $value): string {
557  return $lng('auth_required_username');
558  }
559  )
560  ),
561  self::PROP_PASSWORD => $field_factory
562  ->password($this->lng->txt('password'))
563  ->withRevelation(true)
564  ->withRequired(
565  true,
566  $this->refinery->custom()->constraint(
567  static function (string $value): bool {
568  return $value !== '';
569  },
570  static function (Closure $lng, string $value): string {
571  return $lng('auth_required_password');
572  }
573  )
574  )
575  ->withAdditionalTransformation(
576  $this->refinery->custom()->transformation(
577  static function (ILIAS\Data\Password $value): string {
578  return $value->toString();
579  }
580  )
581  ),
582  ];
583 
584  $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias_via_login_form'))];
585 
586  return $this->ui_factory
587  ->input()
588  ->container()
589  ->form()
590  ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
591  ->withDedicatedName('login_form')
592  ->withSubmitLabel($this->lng->txt('log_in'))
593  ->withAdditionalTransformation($this->mergeValuesTrafo())
594  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
595  }
596 
597  private function doLTIAuthentication(): void
598  {
599  $this->getLogger()->debug('Trying lti authentication');
600 
601  $credentials = new ilAuthFrontendCredentialsLTI();
602  $credentials->initFromRequest();
603 
604  $provider_factory = new ilAuthProviderFactory();
605  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
606 
607  $status = ilAuthStatus::getInstance();
608 
609  $frontend_factory = new ilAuthFrontendFactory();
610  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
611  $frontend = $frontend_factory->getFrontend(
612  $this->authSession,
613  $status,
614  $credentials,
615  [$provider]
616  );
617  $frontend->authenticate();
618 
619  switch ($status->getStatus()) {
620  case ilAuthStatus::STATUS_AUTHENTICATED:
621  ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
622  ilInitialisation::redirectToStartingPage();
623 
624  // no break
625  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
626  $this->ctrl->redirect($this, 'showAccountMigration');
627 
628  // no break
629  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
630  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
631  $this->ctrl->redirect($this, 'showLoginPage');
632  }
633 
634  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
635  $this->showLoginPage();
636  }
637 
638  private function doApacheAuthentication(): void
639  {
640  $this->getLogger()->debug('Trying apache authentication');
641 
642  $credentials = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
643  $credentials->initFromRequest();
644 
645  $provider_factory = new ilAuthProviderFactory();
646  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
647 
648  $status = ilAuthStatus::getInstance();
649 
650  $frontend_factory = new \ilAuthFrontendFactory();
651  $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
652  $frontend = $frontend_factory->getFrontend(
653  $this->authSession,
654  $status,
655  $credentials,
656  [$provider]
657  );
658  $frontend->authenticate();
659 
660  switch ($status->getStatus()) {
661  case ilAuthStatus::STATUS_AUTHENTICATED:
662  if ($credentials->hasValidTargetUrl()) {
663  $this->logger->debug(
664  sprintf(
665  'Authentication successful. Redirecting to starting page: %s',
666  $credentials->getTargetUrl()
667  )
668  );
669  $this->ctrl->redirectToURL($credentials->getTargetUrl());
670  }
671  $this->logger->debug(
672  'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
673  );
674  ilInitialisation::redirectToStartingPage();
675 
676  // no break
677  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
678  $this->ctrl->redirect($this, 'showAccountMigration');
679 
680  // no break
681  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
682  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
683  $this->ctrl->redirectToURL(
684  ilUtil::appendUrlParameterString(
685  $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
686  'passed_sso=1'
687  )
688  );
689  }
690 
691  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
692  $this->showLoginPage();
693  }
694 
695  private function doStandardAuthentication(): void
696  {
697  $form = $this->buildStandardLoginForm();
698  $form_valid = false;
699  $form_data = null;
700  if ($this->http->request()->getMethod() === 'POST') {
701  $form = $form->withRequest($this->http->request());
702  $form_data = $form->getData();
703  $form_valid = $form_data !== null;
704  }
705 
706  if (!$form_valid) {
707  $this->showLoginPage($form);
708  return;
709  }
710 
711  $this->getLogger()->debug('Trying to authenticate user.');
712 
713  $auth_callback = function () use ($form_data) {
714  $credentials = new ilAuthFrontendCredentials();
715  $credentials->setUsername($form_data[self::PROP_USERNAME]);
716  $credentials->setPassword($form_data[self::PROP_PASSWORD]);
717 
718  $det = ilAuthModeDetermination::_getInstance();
719  if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
720  $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
721  }
722 
723  $provider_factory = new ilAuthProviderFactory();
724  $providers = $provider_factory->getProviders($credentials);
725 
726  $status = ilAuthStatus::getInstance();
727 
728  $frontend_factory = new ilAuthFrontendFactory();
729  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
730  $frontend = $frontend_factory->getFrontend(
731  $this->authSession,
732  $status,
733  $credentials,
734  $providers
735  );
736  $frontend->authenticate();
737 
738  return $status;
739  };
740 
741  if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
742  $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
743  $status = $duration->stretch($auth_callback);
744  } else {
745  $status = $auth_callback();
746  }
747 
748  switch ($status->getStatus()) {
749  case ilAuthStatus::STATUS_AUTHENTICATED:
750  ilLoggerFactory::getLogger('auth')->debug(
751  'Authentication successful; Redirecting to starting page.'
752  );
753  ilInitialisation::redirectToStartingPage();
754 
755  // no break
756  case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
757  $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
758  $this->showLoginPage($this->buildCodeForm($uname));
759  return;
760 
761  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
762  $this->ctrl->redirect($this, 'showAccountMigration');
763 
764  // no break
765  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
766  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
767  $this->showLoginPage($form);
768  }
769  }
770 
771  private function showLoginForm(
772  string $page_editor_html,
773  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
774  ): string {
775  global $tpl;
776 
777  return $this->substituteLoginPageElements(
778  $tpl,
779  $page_editor_html,
780  $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
781  '[list-login-form]',
782  'LOGIN_FORM'
783  );
784  }
785 
786  private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
787  {
788  if ($page_editor_html !== '') {
789  return $page_editor_html;
790  }
791 
792  return $page_editor_html;
793  }
794 
795  private function showShibbolethLoginForm(string $page_editor_html): string
796  {
797  $target = $this->initTargetFromQuery();
798 
799  if ($this->setting->get('shib_active')) {
800  $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'components/ILIAS/Init');
801 
802  $tpl->setVariable(
803  'SHIB_FORMACTION',
804  './shib_login.php'
805  ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
806  $federation_name = $this->setting->get('shib_federation_name');
807  $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
808  'administrator'
809  ) . '</a>.';
810  if ($this->setting->get('shib_hos_type') === 'external_wayf') {
811  $tpl->setCurrentBlock('shibboleth_login');
812  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
813  $tpl->setVariable('IL_TARGET', $target);
814  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
815  $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
816  $tpl->setVariable(
817  'TXT_SHIB_LOGIN_INSTRUCTIONS',
818  sprintf(
819  $this->lng->txt('shib_general_login_instructions'),
820  $federation_name,
821  $admin_mail
822  )
823  );
824  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
825  $tpl->parseCurrentBlock();
826  } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
827  $tpl->setCurrentBlock('shibboleth_custom_login');
828  $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
829  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
830  $tpl->parseCurrentBlock();
831  } else {
832  $tpl->setCurrentBlock('shibboleth_wayf_login');
833  $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
834  $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
835  $tpl->setVariable(
836  'TXT_SELECT_HOME_ORGANIZATION',
837  sprintf(
838  $this->lng->txt('shib_select_home_organization'),
839  $this->setting->get('shib_federation_name')
840  )
841  );
842  $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
843  $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
844  $tpl->setVariable(
845  'TXT_SHIB_LOGIN_INSTRUCTIONS',
846  sprintf(
847  $this->lng->txt('shib_general_wayf_login_instructions'),
848  $admin_mail
849  )
850  );
851  $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
852 
853  $ilShibbolethWAYF = new ilShibbolethWAYF();
854 
855  $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
856  $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
857  $tpl->setVariable('ILW_TARGET', $target);
858  $tpl->parseCurrentBlock();
859  }
860 
861  return $this->substituteLoginPageElements(
862  $GLOBALS['tpl'],
863  $page_editor_html,
864  $tpl->get(),
865  '[list-shibboleth-login-form]',
866  'SHIB_LOGIN_FORM'
867  );
868  }
869 
870  return $page_editor_html;
871  }
872 
876  private function substituteLoginPageElements(
877  $tpl,
878  string $page_editor_html,
879  string $element_html,
880  string $placeholder,
881  string $fallback_tplvar
882  ): string {
883  if ($page_editor_html === '') {
884  $tpl->setVariable($fallback_tplvar, $element_html);
885  return $page_editor_html;
886  }
887 
888  if (stripos($page_editor_html, $placeholder) === false) {
889  $tpl->setVariable($fallback_tplvar, $element_html);
890  return $page_editor_html;
891  }
892 
893  return str_replace($placeholder, $element_html, $page_editor_html);
894  }
895 
896  private function getAuthPageEditorHtml(AuthPageEditorContext $ipe_context): string
897  {
898  $ipe_settings = ilAuthPageEditorSettings::getInstance($ipe_context);
899 
900  $ipe_language = $ipe_settings->getIliasEditorLanguage($this->lng->getLangKey());
901  if (!$ipe_language) {
902  return '';
903  }
904 
905  // if page does not exist, return nothing
906  if (!ilPageUtil::_existsAndNotEmpty($ipe_context->pageType(), ilLanguage::lookupId($ipe_language))) {
907  return '';
908  }
909 
910  $this->dic->contentStyle()->gui()->addCss($this->mainTemplate, ilObjAuthSettings::getAuthSettingsRefId());
911 
912  $page_gui = new ($ipe_context->pageUiClass())(ilLanguage::lookupId($ipe_language));
913 
914  $page_gui->setStyleId(0);
915 
916  $page_gui->setPresentationTitle('');
917  $page_gui->setTemplateOutput(false);
918  $page_gui->setHeader('');
919 
920  return $page_gui->showPage();
921  }
922 
923  private function showRegistrationLinks(string $page_editor_html): string
924  {
925  global $tpl;
926 
927  $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'components/ILIAS/Init');
928 
929  // allow new registrations?
930  if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
931  $rtpl->setCurrentBlock('new_registration');
932  $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
933  $rtpl->setVariable(
934  'CMD_REGISTER',
935  $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
936  );
937  $rtpl->parseCurrentBlock();
938  }
939  // allow password assistance? Surpress option if Authmode is not local database
940  if ($this->setting->get('password_assistance')) {
941  $rtpl->setCurrentBlock('password_assistance');
942  $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
943  $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
944  $rtpl->setVariable(
945  'CMD_FORGOT_PASSWORD',
946  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
947  );
948  $rtpl->setVariable(
949  'CMD_FORGOT_USERNAME',
950  $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
951  );
952  $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
953  $rtpl->parseCurrentBlock();
954  }
955 
956  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
957  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
958  $rtpl->setCurrentBlock('homelink');
959  $rtpl->setVariable(
960  'CLIENT_ID',
961  '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
962  );
963  $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
964  $rtpl->parseCurrentBlock();
965  }
966 
967  return $this->substituteLoginPageElements(
968  $tpl,
969  $page_editor_html,
970  $rtpl->get(),
971  '[list-registration-link]',
972  'REG_PWD_CLIENT_LINKS'
973  );
974  }
975 
976  private function showLegalDocumentsLinks(string $page_editor_html): string
977  {
978  global $tpl;
979  global $DIC;
980 
981  if (0 === $this->user->getId()) {
982  $this->user->setId(ANONYMOUS_USER_ID);
983  }
984 
985  $page_editor_html = $this->substituteLoginPageElements(
986  $tpl,
987  $page_editor_html,
988  $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
989  '[list-user-agreement]',
990  'USER_AGREEMENT'
991  );
992  $page_editor_html = $this->substituteLoginPageElements(
993  $tpl,
994  $page_editor_html,
995  $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
996  '[list-dpro-agreement]',
997  'DPRO_AGREEMENT'
998  );
999 
1000  return $page_editor_html;
1001  }
1002 
1003  private function purgePlaceholders(string $page_editor_html): string
1004  {
1005  return str_replace(
1006  [
1007  '[list-language-selection]',
1008  '[list-registration-link]',
1009  '[list-user-agreement]',
1010  '[list-dpro-agreement]',
1011  '[list-login-form]',
1012  '[list-saml-login]',
1013  '[list-shibboleth-login-form]',
1014  '[list-openid-connect-login]'
1015  ],
1016  '',
1017  $page_editor_html
1018  );
1019  }
1020 
1021  private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1022  {
1023  $field_factory = $this->ui_factory->input()->field();
1024 
1025  $keep = $field_factory->group(
1026  [
1027  self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1028  self::PROP_PASSWORD => $field_factory
1029  ->password($this->lng->txt('password'))
1030  ->withRequired(true)
1031  ->withRevelation(true)
1032  ->withAdditionalTransformation(
1033  $this->refinery->custom()->transformation(
1034  static function (ILIAS\Data\Password $value): string {
1035  return $value->toString();
1036  }
1037  )
1038  ),
1039  ],
1040  $this->lng->txt('auth_account_migration_keep'),
1041  $this->lng->txt('auth_info_migrate')
1042  );
1043 
1044  $new = $field_factory->group(
1045  [],
1046  $this->lng->txt('auth_account_migration_new'),
1047  $this->lng->txt('auth_info_add')
1048  );
1049 
1050  $fields = [
1051  self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1052  [
1053  self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1054  self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1055  ],
1056  $this->lng->txt('auth_account_migration_name')
1057  )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1058  ];
1059 
1060  $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1061 
1062  return $this->ui_factory->input()
1063  ->container()
1064  ->form()
1065  ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1066  ->withDedicatedName('login_form')
1067  ->withSubmitLabel($this->lng->txt('save'))
1068  ->withAdditionalTransformation($this->mergeValuesTrafo())
1069  ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1070  }
1071 
1072  private function showAccountMigration(
1073  ?ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1074  string $message = ''
1075  ): void {
1076  $this->help->setSubScreenId('account_migration');
1077 
1078  $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1079  $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1080 
1081  if ($message !== '') {
1082  $this->mainTemplate->setOnScreenMessage('failure', $message);
1083  }
1084 
1085  self::printToGlobalTemplate($tpl);
1086  }
1087 
1088  private function migrateAccount(): void
1089  {
1090  $form = $this->buildAccountMigrationForm();
1091  $form_valid = false;
1092  $form_data = null;
1093  if ($this->http->request()->getMethod() === 'POST') {
1094  $form = $form->withRequest($this->http->request());
1095  $form_data = $form->getData();
1096  $form_valid = $form_data !== null;
1097  }
1098 
1099  if (!$form_valid) {
1100  $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1101  return;
1102  }
1103 
1104  $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1105  $account_migration_mode = $account_migration[0];
1106  if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1107  $this->doMigration($account_migration[1]);
1108  } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1109  $this->doMigrationNewAccount();
1110  } else {
1111  $this->showAccountMigration(
1112  $form,
1113  $this->lng->txt('form_input_not_valid')
1114  );
1115  }
1116  }
1117 
1118  private function doMigrationNewAccount(): void
1119  {
1120  $credentials = new ilAuthFrontendCredentials();
1121  $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1122 
1123  $provider_factory = new ilAuthProviderFactory();
1124  $provider = $provider_factory->getProviderByAuthMode(
1125  $credentials,
1126  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1127  );
1128 
1129  $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1130 
1131  $status = ilAuthStatus::getInstance();
1132 
1133  $frontend_factory = new ilAuthFrontendFactory();
1134  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1135  $frontend = $frontend_factory->getFrontend(
1136  $GLOBALS['DIC']['ilAuthSession'],
1137  $status,
1138  $credentials,
1139  [$provider]
1140  );
1141 
1142  if ($frontend->migrateAccountNew()) {
1143  ilInitialisation::redirectToStartingPage();
1144  }
1145 
1146  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1147  $this->ctrl->redirect($this, 'showAccountMigration');
1148  }
1149 
1153  private function doMigration(array $migration_request_data): void
1154  {
1155  $username = $migration_request_data[self::PROP_USERNAME];
1156  $password = $migration_request_data[self::PROP_PASSWORD];
1157 
1158  $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1159 
1160  $credentials = new ilAuthFrontendCredentials();
1161  $credentials->setUsername($username);
1162  $credentials->setPassword($password);
1163 
1164  $provider_factory = new ilAuthProviderFactory();
1165  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1166 
1167  $status = ilAuthStatus::getInstance();
1168 
1169  $frontend_factory = new ilAuthFrontendFactory();
1170  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1171  $frontend = $frontend_factory->getFrontend(
1172  $this->authSession,
1173  $status,
1174  $credentials,
1175  [$provider]
1176  );
1177  $frontend->authenticate();
1178 
1179  switch ($status->getStatus()) {
1180  case ilAuthStatus::STATUS_AUTHENTICATED:
1181  $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1182 
1183  $provider = $provider_factory->getProviderByAuthMode(
1184  $credentials,
1185  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1186  );
1187  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1188  $frontend = $frontend_factory->getFrontend(
1189  $GLOBALS['DIC']['ilAuthSession'],
1190  $status,
1191  $credentials,
1192  [$provider]
1193  );
1194 
1195  if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1196  ilInitialisation::redirectToStartingPage();
1197  }
1198 
1199  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1200  $this->ctrl->redirect($this, 'showAccountMigration');
1201 
1202  // no break
1203  default:
1204  $this->getLogger()->info('Account migration failed for user ' . $username);
1205  $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1206  }
1207  }
1208 
1209  private function showLogout(): void
1210  {
1211  if (!$this->authSession->isExpired() &&
1212  $this->authSession->isAuthenticated() &&
1213  !ilObjUser::_isAnonymous($this->authSession->getUserId())) {
1214  $this->ctrl->redirectToURL(ilUserUtil::getStartingPointAsUrl());
1215  }
1216 
1217  $this->help->setSubScreenId('logout');
1218 
1219  $tpl = self::initStartUpTemplate('tpl.logout.html');
1220  $client_id = $this->http->wrapper()->query()->retrieve(
1221  'client_id',
1222  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1223  );
1224 
1225  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1226  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1227  $tpl->setCurrentBlock('homelink');
1228  $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1229  $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1230  $tpl->parseCurrentBlock();
1231  }
1232 
1233  $tpl->setVariable('LPE', $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGOUT));
1234  $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1235  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1236  $tpl->setVariable(
1237  'CLIENT_ID',
1238  '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1239  );
1240 
1241  self::printToGlobalTemplate($tpl);
1242  }
1243 
1244  private function doLogout(): void
1245  {
1247  $legal_documents = $this->dic['legalDocuments'];
1248 
1249  $this->eventHandler->raise(
1250  'components/ILIAS/Authentication',
1251  'beforeLogout',
1252  [
1253  'user_id' => $this->user->getId()
1254  ]
1255  );
1256 
1257  $user_language = $this->user->getLanguage();
1258 
1259  $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1260 
1261  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1262  $this->authSession->logout();
1263 
1264  $target = new ConfigurableLogoutTarget(
1265  $this->ctrl,
1266  new ilSetting('auth'),
1267  $this->access,
1268  ilUtil::_getHttpPath()
1269  );
1270  $target = $legal_documents->logoutTarget($target);
1271  $url = $target->asURI();
1272 
1273  $this->eventHandler->raise(
1274  'components/ILIAS/Authentication',
1275  'afterLogout',
1276  [
1277  'username' => $this->user->getLogin(),
1278  'is_explicit_logout' => true,
1279  'used_external_auth_mode' => $used_external_auth_mode,
1280  'logout_target' => $url
1281  ]
1282  );
1283 
1284  $this->mainTemplate->setOnScreenMessage(
1285  $this->mainTemplate::MESSAGE_TYPE_INFO,
1286  $this->lng->txt('logout_text') . $legal_documents->logoutText(),
1287  true
1288  );
1289 
1290  // reset cookie
1291  ilUtil::setCookie('ilClientId', '');
1292 
1293  $this->ctrl->setParameter($this, 'lang', $user_language);
1294  $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1295  $this->ctrl->redirectToURL((string) $url);
1296  }
1297 
1298  protected function showLegalDocuments(): void
1299  {
1300  global $DIC;
1301  $tpl = self::initStartUpTemplate(['agreement.html', 'components/ILIAS/LegalDocuments'], true, false);
1302  $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1303  self::printToGlobalTemplate($tpl);
1304  }
1305 
1306  private function processIndexPHP(): void
1307  {
1308  if ($this->authSession->isValid()) {
1309  if (!$this->user->isAnonymous() || (
1310  ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1311  $this->httpRequest->getServerParams()['SERVER_NAME']
1312  ) && $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)
1313  )) {
1314  ilInitialisation::redirectToStartingPage();
1315  return;
1316  }
1317  }
1318 
1319  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1320  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1321  ilInitialisation::goToPublicSection();
1322  }
1323 
1324  $this->showLoginPage();
1325  }
1326 
1330  public static function _checkGoto(string $a_target)
1331  {
1332  global $DIC;
1333 
1334  $component_factory = $DIC['component.factory'];
1335 
1336  $access = $DIC->access();
1337 
1338  foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1340  $gui_class = $ui_plugin->getUIClassInstance();
1341  $resp = $gui_class->checkGotoHook($a_target);
1342  if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1343  $a_target = $resp['target'];
1344  break;
1345  }
1346  }
1347 
1348  if ($a_target === '') {
1349  return false;
1350  }
1351 
1352  $t_arr = explode('_', $a_target);
1353  $type = $t_arr[0];
1354 
1355  if ($type === 'git') {
1356  $type = 'glo';
1357  }
1358 
1359  if ($type === 'pg' | $type === 'st') {
1360  $type = 'lm';
1361  }
1362 
1363  $class = $DIC['objDefinition']->getClassName($type);
1364  if ($class === '') {
1365  return false;
1366  }
1367 
1368  $location = $DIC['objDefinition']->getLocation($type);
1369  $full_class = 'ilObj' . $class . 'Access';
1370 
1371  $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1372 
1373  // if no access and repository object => check for parent course/group
1374  if (!$ret &&
1375  isset($t_arr[1]) &&
1376  !str_contains($a_target, '_wsp') &&
1377  !$DIC->user()->isAnonymous() && // #10637
1378  !$DIC['objDefinition']->isAdministrationObject($type) &&
1379  $DIC['objDefinition']->isRBACObject($type)) {
1380  $ref_id = 0;
1381  // original type 'pg' => pg_<page_id>[_<ref_id>]
1382  if ($t_arr[0] === 'pg') {
1383  if (isset($t_arr[2])) {
1384  $ref_id = (int) $t_arr[2];
1385  } else {
1386  $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1387  $ref_ids = ilObject::_getAllReferences($lm_id);
1388  if ($ref_ids) {
1389  $ref_id = array_shift($ref_ids);
1390  }
1391  }
1392  } else {
1393  $ref_id = (int) $t_arr[1];
1394  }
1395 
1396  if ($ref_id < 1) {
1397  return false;
1398  }
1399 
1400  $block_obj = [];
1401 
1402  // walk path to find parent container
1403  $path = $DIC->repositoryTree()->getPathId($ref_id);
1404  array_pop($path);
1405  foreach ($path as $path_ref_id) {
1406  $redirect_infopage = false;
1407  $add_member_role = false;
1408 
1409  $ptype = ilObject::_lookupType($path_ref_id, true);
1410  $pobj_id = ilObject::_lookupObjId($path_ref_id);
1411 
1412  // core checks: timings/object-specific
1413  if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1414  !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1415  // object in path is inaccessible - aborting
1416  return false;
1417  } elseif ($ptype === 'crs') {
1418  // check if already participant
1419  $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1420  if (!$participants->isAssigned()) {
1421  // subscription currently possible?
1422  if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1423  $block_obj[] = $path_ref_id;
1424  $add_member_role = true;
1425  } else {
1426  $redirect_infopage = true;
1427  }
1428  }
1429  } elseif ($ptype === 'grp') {
1430  // check if already participant
1431  if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1432  // subscription currently possible?
1433  $group_obj = new ilObjGroup($path_ref_id);
1434  if ($group_obj->isRegistrationEnabled()) {
1435  $block_obj[] = $path_ref_id;
1436  $add_member_role = true;
1437  } else {
1438  $redirect_infopage = true;
1439  }
1440  }
1441  }
1442 
1443  // add members roles for all 'blocking' objects
1444  if ($add_member_role) {
1445  // cannot join? goto will never work, so redirect to current object
1446  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1447  if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1448  $redirect_infopage = true;
1449  } else {
1450  $DIC->rbac()->system()->addTemporaryRole(
1451  $DIC->user()->getId(),
1452  ilParticipants::getDefaultMemberRole($path_ref_id)
1453  );
1454  }
1455  }
1456 
1457  // redirect to infopage of 1st blocking object in path
1458  if ($redirect_infopage) {
1459  if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1460  ilUtil::redirect(
1461  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1462  );
1463  } else {
1464  return false;
1465  }
1466  }
1467  }
1468 
1469  // check if access will be possible with all (possible) member roles added
1470  $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1471  if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1472  // this won't work with lm-pages (see above)
1473  // keep original target
1474  ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1475 
1476  // redirect to 1st non-member object in path
1477  ilUtil::redirect(
1478  'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1479  );
1480  }
1481  }
1482 
1483  return $ret;
1484  }
1485 
1486  private function confirmRegistration(): void
1487  {
1488  $this->lng->loadLanguageModule('registration');
1489 
1490  ilUtil::setCookie('iltest', 'cookie', false);
1491  $regitration_hash = trim(
1492  $this->http->wrapper()->query()->retrieve(
1493  'rh',
1494  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1495  )
1496  );
1497  if ($regitration_hash === '') {
1498  $this->mainTemplate->setOnScreenMessage(
1499  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1500  $this->lng->txt('reg_confirmation_hash_not_passed'),
1501  true
1502  );
1503  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1504  }
1505 
1506  try {
1507  $oRegSettings = new ilRegistrationSettings();
1508 
1509  $usr_id = ilObjUser::_verifyRegistrationHash(trim($regitration_hash));
1511  $user = ilObjectFactory::getInstanceByObjId($usr_id);
1512  $user->setActive(true);
1513  $password = '';
1514  if ($oRegSettings->passwordGenerationEnabled()) {
1515  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
1516  $password = $passwords[0];
1517  $user->setPasswd($password, ilObjUser::PASSWD_PLAIN);
1518  $user->setLastPasswordChangeTS(time());
1519  }
1520  $user->update();
1521 
1522  $accountMail = (new ilAccountRegistrationMail(
1523  $oRegSettings,
1524  $this->lng,
1525  ilLoggerFactory::getLogger('user')
1526  ))->withEmailConfirmationRegistrationMode();
1527 
1528  if ($user->getPref('reg_target') ?? '') {
1529  $accountMail = $accountMail->withPermanentLinkTarget($user->getPref('reg_target'));
1530  }
1531 
1532  $accountMail->send($user, $password);
1533 
1534  $this->mainTemplate->setOnScreenMessage(
1535  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
1536  $this->lng->txt('reg_account_confirmation_successful'),
1537  true
1538  );
1539  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1540  } catch (ilRegConfirmationLinkExpiredException $exception) {
1541  $soap_client = new ilSoapClient();
1542  $soap_client->setResponseTimeout(1);
1543  $soap_client->enableWSDL(true);
1544  $soap_client->init();
1545 
1546  $this->logger->info(
1547  'Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...'
1548  );
1549 
1550  $soap_client->call(
1551  'deleteExpiredDualOptInUserObjects',
1552  [
1553  $_COOKIE[session_name()] . '::' . CLIENT_ID,
1554  $exception->getCode() // user id
1555  ]
1556  );
1557 
1558  $this->mainTemplate->setOnScreenMessage(
1559  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1560  $this->lng->txt($exception->getMessage()),
1561  true
1562  );
1563  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1564  } catch (ilRegistrationHashNotFoundException $exception) {
1565  $this->mainTemplate->setOnScreenMessage(
1566  ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1567  $this->lng->txt($exception->getMessage()),
1568  true
1569  );
1570  $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1571  }
1572  }
1573 
1578  public static function initStartUpTemplate(
1579  $a_tmpl,
1580  bool $a_show_back = false,
1581  bool $a_show_logout = false
1582  ): ilGlobalTemplateInterface {
1583  global $DIC;
1584 
1585  $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1586 
1587  $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'components/ILIAS/Init');
1588 
1589  $view_title = $DIC->language()->txt('login_to_ilias');
1590  if ($a_show_back) {
1591  // #13400
1592  $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1593 
1594  $tpl->setCurrentBlock('link_item_bl');
1595  $tpl->setVariable('LINK_TXT', $view_title);
1596  $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1597  $tpl->parseCurrentBlock();
1598 
1599  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1600  $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1601  $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1602  $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1603  $tpl->parseCurrentBlock();
1604  }
1605  } elseif ($a_show_logout) {
1606  $view_title = $DIC->language()->txt('logout');
1607  $tpl->setCurrentBlock('link_item_bl');
1608  $tpl->setVariable('LINK_TXT', $view_title);
1609  $tpl->setVariable('LINK_URL', self::logoutUrl());
1610  $tpl->parseCurrentBlock();
1611  }
1612 
1613  if (is_array($a_tmpl)) {
1614  $template_file = $a_tmpl[0];
1615  $template_dir = $a_tmpl[1];
1616  } else {
1617  $template_file = $a_tmpl;
1618  $template_dir = 'components/ILIAS/Init';
1619  }
1620 
1621  $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1622 
1623  PageContentProvider::setViewTitle($view_title);
1624  $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1625  if ($short_title === '') {
1626  $short_title = 'ILIAS';
1627  }
1628  PageContentProvider::setShortTitle($short_title);
1629 
1630  $header_title = ilObjSystemFolder::_getHeaderTitle();
1631  PageContentProvider::setTitle($header_title);
1632 
1633  return $tpl;
1634  }
1635 
1636  private function showSamlLoginForm(string $page_editor_html): string
1637  {
1638  if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1639  $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'components/ILIAS/Saml');
1640 
1641  $return = '';
1642  $target = $this->initTargetFromQuery();
1643  if ($target !== '') {
1644  $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1645  }
1646 
1647  $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1648  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1649  $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1650  $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1651  $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1652 
1653  return $this->substituteLoginPageElements(
1654  $GLOBALS['tpl'],
1655  $page_editor_html,
1656  $tpl->get(),
1657  '[list-saml-login]',
1658  'SAML_LOGIN_FORM'
1659  );
1660  }
1661 
1662  return $page_editor_html;
1663  }
1664 
1665  private function showOpenIdConnectLoginForm(string $page_editor_html): string
1666  {
1667  $oidc_settings = ilOpenIdConnectSettings::getInstance();
1668  if ($oidc_settings->getActive()) {
1669  $tpl = new ilTemplate('tpl.login_element.html', true, true, 'components/ILIAS/OpenIdConnect');
1670 
1671  $this->lng->loadLanguageModule('auth');
1672  $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1673 
1674  $target = $this->initTargetFromQuery();
1675  $target_str = empty($target) ? '' : ('?target=' . $target);
1676  switch ($oidc_settings->getLoginElementType()) {
1677  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1678  $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1679  $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1680  break;
1681 
1682  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1683  $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1684  $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1685  break;
1686  }
1687 
1688  return $this->substituteLoginPageElements(
1689  $GLOBALS['tpl'],
1690  $page_editor_html,
1691  $tpl->get(),
1692  '[list-openid-connect-login]',
1693  'OPEN_ID_CONNECT_LOGIN_FORM'
1694  );
1695  }
1696 
1697  return $page_editor_html;
1698  }
1699 
1700  private function doOpenIdConnectAuthentication(): void
1701  {
1702  $this->getLogger()->debug('Trying openid connect authentication');
1703 
1704  $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1705  $credentials->initFromRequest();
1706 
1707  $provider_factory = new ilAuthProviderFactory();
1708  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1709 
1710  $status = ilAuthStatus::getInstance();
1711 
1712  $frontend_factory = new ilAuthFrontendFactory();
1713  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1714  $frontend = $frontend_factory->getFrontend(
1715  $this->authSession,
1716  $status,
1717  $credentials,
1718  [$provider]
1719  );
1720  $frontend->authenticate();
1721 
1722  switch ($status->getStatus()) {
1723  case ilAuthStatus::STATUS_AUTHENTICATED:
1724  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1725  if ($credentials->getRedirectionTarget()) {
1726  ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1727  }
1728  ilInitialisation::redirectToStartingPage();
1729 
1730  // no break
1731  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1732  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1733  $this->ctrl->redirect($this, 'showLoginPage');
1734  }
1735 
1736  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1737  $this->showLoginPage();
1738  }
1739 
1740  private function doSamlAuthentication(): void
1741  {
1742  $this->getLogger()->debug('Trying saml authentication');
1743  $request = $this->httpRequest;
1744  $params = $request->getQueryParams();
1745 
1746  $factory = new ilSamlAuthFactory();
1747  $auth = $factory->auth();
1748 
1749  if (isset($params['action']) && $params['action'] === 'logout') {
1750  $logout_url = $params['logout_url'] ?? '';
1751  $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1752  $auth->logout($logout_url);
1753  }
1754 
1755  if (isset($params['target']) && !isset($params['returnTo'])) {
1756  $params['returnTo'] = $params['target'];
1757  }
1758 
1759  if (isset($params['returnTo'])) {
1760  $auth->storeParam('target', $params['returnTo']);
1761  }
1762 
1763  $this->logger->debug('Started SAML authentication request');
1764  if (!$auth->isAuthenticated()) {
1765  ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1766  if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1767  $activeIdps = ilSamlIdp::getActiveIdpList();
1768  if (count($activeIdps) === 1) {
1769  $idp = current($activeIdps);
1770 
1771  ilLoggerFactory::getLogger('auth')->debug(
1772  sprintf(
1773  'Found exactly one active IDP with id %s: %s',
1774  $idp->getIdpId(),
1775  $idp->getEntityId()
1776  )
1777  );
1778 
1779  $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1780  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1781  $this->ctrl->setTargetScript('saml.php');
1782  $this->ctrl->redirect($this, 'doSamlAuthentication');
1783  } elseif ($activeIdps === []) {
1784  $this->logger->debug('Did not find any active IDP, skipp authentication process');
1785  $this->ctrl->redirect($this, 'showLoginPage');
1786  } else {
1787  $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1788  $this->showSamlIdpSelection($auth, $activeIdps);
1789  return;
1790  }
1791  }
1792 
1793  $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1794  $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1795  }
1796 
1797  $auth = $factory->auth();
1798 
1799  $this->logger->debug('Checking SAML authentication status...');
1800  $auth->protectResource();
1801  $this->logger->debug(
1802  'SAML authentication successful, continuing with ILIAS internal authentication process...'
1803  );
1804 
1805  $idpId = (int) $auth->getParam('idpId');
1806 
1807  $this->logger->debug(
1808  sprintf(
1809  'Internal SAML IDP id fetched from session: %s',
1810  $idpId
1811  )
1812  );
1813 
1814  if ($idpId < 1) {
1815  $this->logger->debug(
1816  'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1817  );
1818  $authData = $auth->getAuthDataArray();
1819  if (isset($authData['saml:sp:IdP'])) {
1820  $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1821  $this->logger->debug(
1822  sprintf(
1823  'Searching active ILIAS IDP by entity id "%s" results in: %s',
1824  $authData['saml:sp:IdP'],
1825  $idpId
1826  )
1827  );
1828  } else {
1829  $this->logger->debug(
1830  'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1831  );
1832  }
1833  }
1834 
1835  $target = $auth->popParam('target');
1836 
1837  $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1838 
1839  $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1840  $credentials->initFromRequest();
1841 
1842  $provider_factory = new ilAuthProviderFactory();
1843  $provider = $provider_factory->getProviderByAuthMode(
1844  $credentials,
1845  ilUtil::stripSlashes(
1846  ilAuthUtils::AUTH_SAML . '_' . $idpId
1847  )
1848  );
1849 
1850  if ($target) {
1851  $credentials->setReturnTo($target);
1852  } else {
1853  $target = $credentials->getReturnTo();
1854  }
1855 
1856  $status = ilAuthStatus::getInstance();
1857 
1858  $frontend_factory = new ilAuthFrontendFactory();
1859  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1860  $frontend = $frontend_factory->getFrontend(
1861  $this->authSession,
1862  $status,
1863  $credentials,
1864  [$provider]
1865  );
1866  $frontend->authenticate();
1867 
1868  switch ($status->getStatus()) {
1869  case ilAuthStatus::STATUS_AUTHENTICATED:
1870  $this->logger->debug('Authentication successful; Redirecting to starting page.');
1871  ilInitialisation::redirectToStartingPage($target ?? '');
1872 
1873  // no break
1874  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1875  $this->ctrl->redirect($this, 'showAccountMigration');
1876 
1877  // no break
1878  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1879  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1880  $this->ctrl->redirect($this, 'showLoginPage');
1881  }
1882 
1883  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1884  $this->showLoginPage();
1885  }
1886 
1890  private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
1891  {
1892  $this->help->setSubScreenId('saml_idp_selection');
1893 
1894  self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'components/ILIAS/Saml']);
1895 
1896  $this->ctrl->setTargetScript('saml.php');
1897  $items = [];
1898  foreach ($idps as $idp) {
1899  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1900  $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
1901 
1902  $items[] = $this->ui_factory->link()->standard(
1903  $idp->getEntityId(),
1904  $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
1905  );
1906  }
1907 
1908  $components = [
1909  $this->ui_factory->panel()->standard(
1910  $this->lng->txt('auth_saml_idp_selection_table_title'),
1911  [
1912  $this->ui_factory->messageBox()->info($this->lng->txt('auth_saml_idp_selection_table_desc')),
1913  $this->ui_factory->listing()->unordered(
1914  array_map(
1915  fn($item) => $this->ui_renderer->render($item),
1916  $items
1917  )
1918  )
1919  ]
1920  )
1921  ];
1922 
1923  $this->mainTemplate->setVariable('CONTENT', $this->ui_renderer->render($components));
1924  $this->mainTemplate->printToStdout('DEFAULT', false);
1925  }
1926 
1932  public static function logoutUrl(array $parameters = []): string
1933  {
1934  global $DIC;
1935 
1936  $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
1937  $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
1938 
1939  $DIC->ctrl()->setTargetScript('logout.php');
1940  $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
1941  $DIC->ctrl()->setTargetScript('ilias.php');
1942 
1943  return $url;
1944  }
1945 }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:146
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $a_unlimited)
Definition: class.ilObjUser.php:1792
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:44
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:117
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection...
Definition: class.ilStartUpGUI.php:1578
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:23
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:376
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:60
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:786
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:129
ilStartUpGUI\setForcedCommand
static setForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:97
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilStartUpGUI\showAccountMigration
showAccountMigration(?ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1072
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:363
ilObjUser\_verifyRegistrationHash
static _verifyRegistrationHash(string $a_hash)
Verifies a registration hash.
Definition: class.ilObjUser.php:3762
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:29
ilAccountRegistrationGUI
Class ilAccountRegistrationGUI.
Definition: class.ilAccountRegistrationGUI.php:26
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$location
$location
Definition: buildRTE.php:22
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:51
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:31
ilRegConfirmationLinkExpiredException
Class for user related exception handling in ILIAS.
Definition: class.ilRegConfirmationLinkExpiredException.php:25
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:561
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
array_map
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:392
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:817
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilAuthFrontend\MIG_TRIGGER_AUTHMODE
const string MIG_TRIGGER_AUTHMODE
Definition: class.ilAuthFrontend.php:24
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:38
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilStartUpGUI\checkForcedCommand
checkForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:102
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:910
$url
$url
Definition: shib_logout.php:68
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:34
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
$duration
$duration
Definition: LOMStructure.php:54
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1782
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:356
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1003
$path
$path
Definition: ltiservices.php:29
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:61
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1266
$components
$components
Definition: build_bootstrap.php:58
ilAuthFrontendCredentialsLTI
Auth credentials for lti oauth based authentication.
Definition: class.ilAuthFrontendCredentialsLTI.php:27
ilStartUpGUI\$forced_cmd
static string $forced_cmd
Definition: class.ilStartUpGUI.php:46
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:931
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:42
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilCtrlBaseClassInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlBaseClassInterface.php:37
$provider
$provider
Definition: ltitoken.php:80
ilStartUpGUI\getAuthPageEditorHtml
getAuthPageEditorHtml(AuthPageEditorContext $ipe_context)
Definition: class.ilStartUpGUI.php:896
ilObjUser\setActive
setActive(bool $a_active, int $a_owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1689
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1665
$messages
$messages
Definition: xapiexit.php:21
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:795
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages) ...
Definition: class.ilPageUtil.php:31
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:27
$ref_id
$ref_id
Definition: ltiauth.php:65
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:58
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:1932
ilStartUpGUI\showLoginPage
showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:276
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:771
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1276
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:87
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ilObjUser\getPref
getPref(string $a_keyword)
Definition: class.ilObjUser.php:1065
$param
$param
Definition: xapitoken.php:46
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:32
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
$DIC
global $DIC
Definition: shib_login.php:26
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:337
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:54
ilStartUpGUI\showCodeForm
showCodeForm(?string $username=null, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:386
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:43
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:43
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1569
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:876
ilObjUser\_isAnonymous
static _isAnonymous(int $usr_id)
Definition: class.ilObjUser.php:4051
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:939
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilObjUser\setLastPasswordChangeTS
setLastPasswordChangeTS(int $a_last_password_change_ts)
Definition: class.ilObjUser.php:1525
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:569
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1153
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1323
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:142
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:923
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:55
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1848
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:976
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:63
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:56
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:1890
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:563
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:208
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:60
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:393
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:31
$client_id
$client_id
Definition: ltiauth.php:66
$message
$message
Definition: xapiexit.php:31
ILIAS\UI\examples\Symbol\Glyph\Language\language
language()
description: > Example for rendring a language glyph.
Definition: language.php:41
ilRegistrationHashNotFoundException
Class for user related exception handling in ILIAS.
Definition: class.ilRegistrationHashNotFoundException.php:26
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:53
ilAuthPageEditorSettings\getInstance
static getInstance(AuthPageEditorContext $context)
Definition: class.ilAuthPageEditorSettings.php:46
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:222
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:178
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1092
ilAuthFrontend\MIG_EXTERNAL_ACCOUNT
const string MIG_EXTERNAL_ACCOUNT
Definition: class.ilAuthFrontend.php:23
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:29
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:139
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:35
ilStartUpGUI\__construct
__construct(?ilObjUser $user=null, ?ilGlobalTemplateInterface $mainTemplate=null, ?ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:66
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:64
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:211
ilAuthUtils\AUTH_OPENID_CONNECT
const int AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:36
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1636
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
ilStartUpGUI\buildCodeForm
buildCodeForm(?string $username=null)
Definition: class.ilStartUpGUI.php:399
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:680
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30