ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilStartUpGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use Psr\Http\Message\ServerRequestInterface;
22use ILIAS\UICore\PageContentProvider;
23use ILIAS\Refinery\Factory as RefineryFactory;
24use ILIAS\HTTP\Services as HTTPServices;
25use ILIAS\TermsOfService\Consumer as TermsOfService;
26use ILIAS\DataProtection\Consumer as DataProtection;
27use ILIAS\components\Authentication\Logout\ConfigurableLogoutTarget;
28use ILIAS\LegalDocuments\Conductor;
29use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
30use ILIAS\User\Settings\NewAccountMail\Repository as NewAccountMailRepository;
31
37class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
38{
39 private const PROP_USERNAME = 'username';
40 private const PROP_PASSWORD = 'password';
41 private const PROP_AUTH_MODE = 'auth_mode';
42 private const PROP_CODE = 'code';
43 private const PROP_ACCOUNT_MIGRATION = 'account_migration';
44 private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
45 private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
46
47 private static string $forced_cmd = '';
48
49 private ilCtrlInterface $ctrl;
50 private ilLanguage $lng;
51 private ilLogger $logger;
52 private ilGlobalTemplateInterface $mainTemplate;
53 private ilObjUser $user;
54 private ServerRequestInterface $httpRequest;
55 private ILIAS\DI\Container $dic;
56 private ilAuthSession $authSession;
57 private ilAppEventHandler $eventHandler;
58 private ilSetting $setting;
59 private ilAccessHandler $access;
60 private ilDBInterface $db;
61
62 private RefineryFactory $refinery;
63 private HTTPServices $http;
64 private ilHelpGUI $help;
65 private ILIAS\UI\Factory $ui_factory;
66 private ILIAS\UI\Renderer $ui_renderer;
67
68 public function __construct(
69 ?ilObjUser $user = null,
70 ?ilGlobalTemplateInterface $mainTemplate = null,
71 ?ServerRequestInterface $httpRequest = null
72 ) {
73 global $DIC;
74
75 $this->dic = $DIC;
76
77 $this->user = $user ?? $DIC->user();
78 $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
79 $this->httpRequest = $httpRequest ?? $DIC->http()->request();
80 $this->ctrl = $DIC->ctrl();
81 $this->lng = $DIC->language();
82 $this->lng->loadLanguageModule('auth');
83 $this->logger = ilLoggerFactory::getLogger('init');
84 $this->authSession = $DIC['ilAuthSession'];
85 $this->eventHandler = $DIC->event();
86 $this->setting = $DIC->settings();
87 $this->access = $DIC->access();
88 $this->db = $DIC->database();
89 $this->help = $DIC->help();
90 $this->http = $DIC->http();
91 $this->refinery = $DIC->refinery();
92 $this->ui_factory = $DIC->ui()->factory();
93 $this->ui_renderer = $DIC->ui()->renderer();
94
95 $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
96 $this->user->setLanguage($this->lng->getLangKey());
97 $this->help->setScreenIdComponent('init');
98 }
99
100 public static function setForcedCommand(string $cmd): void
101 {
102 self::$forced_cmd = $cmd;
103 }
104
105 private function checkForcedCommand(string $cmd): string
106 {
107 if (self::$forced_cmd) {
108 $cmd = self::$forced_cmd;
109 self::$forced_cmd = '';
110 }
111
112 return $cmd;
113 }
114
115 private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
116 {
117 return $this->refinery->custom()->transformation(static function (array $values): array {
118 return array_merge(...$values);
119 });
120 }
121
122 private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
123 {
124 return $this->refinery->custom()->transformation(static function (array $values): array {
125 $processed_values = array_merge(
126 ilArrayUtil::stripSlashesRecursive($values),
127 isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
128 );
129
130 return $processed_values;
131 });
132 }
133
134 private function initTargetFromQuery(): string
135 {
136 return $this->http->wrapper()->query()->retrieve(
137 'target',
138 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
139 );
140 }
141
142 public function getUnsafeGetCommands(): array
143 {
144 return [
145 'doLogout'
146 ];
147 }
148
149 public function getSafePostCommands(): array
150 {
151 return [
152 'doStandardAuthentication',
153 'doLTIAuthentication'
154 ];
155 }
156
157 public function executeCommand(): void
158 {
159 $cmd = $this->checkForcedCommand($this->ctrl->getCmd('processIndexPHP'));
160
161 $next_class = $this->ctrl->getNextClass($this) ?? '';
162
163 switch (strtolower($next_class)) {
164 case strtolower(ilLoginPageGUI::class):
165 break;
166
167 case strtolower(ilAccountRegistrationGUI::class):
168 $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
169 return;
170
171 case strtolower(ilPasswordAssistanceGUI::class):
172 $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
173 return;
174
175 case strtolower(ilAccessibilityControlConceptGUI::class):
176 $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
177 return;
178
179 default:
180 if (method_exists($this, $cmd)) {
181 $this->$cmd();
182 return;
183 }
184 }
185
186 // because this class now implements ilCtrlSecurityInterface,
187 // it may occur that commands are null, therefore I added
188 // this as a fallback method.
189 $this->showLoginPageOrStartupPage();
190 }
191
192 private function getLogger(): ilLogger
193 {
194 return $this->logger;
195 }
196
197 private function jumpToRegistration(): void
198 {
199 $this->ctrl->redirectByClass(ilAccountRegistrationGUI::class);
200 }
201
202 private function jumpToPasswordAssistance(): void
203 {
204 $this->ctrl->saveParameterByClass(ilPasswordAssistanceGUI::class, 'key');
205 $this->ctrl->redirectByClass(ilPasswordAssistanceGUI::class);
206 }
207
208 private function showLoginPageOrStartupPage(): void
209 {
218 if ($this->authSession->isValid() && $this->authSession->getUserId() > 0 && !$this->user->isAnonymous()) {
219 ilInitialisation::redirectToStartingPage();
220 }
221
222 $is_forced_login = $this->http->wrapper()->query()->retrieve(
223 'cmd',
224 $this->refinery->byTrying([
225 $this->refinery->kindlyTo()->string(),
226 $this->refinery->always(
227 $this->http->wrapper()->post()->retrieve(
228 'cmd',
229 $this->refinery->byTrying([
230 $this->refinery->kindlyTo()->string(),
231 $this->refinery->always('')
232 ])
233 )
234 )
235 ])
236 ) === 'force_login';
237
238 if ($is_forced_login) {
239 // Only allow this for anonymous user, see: showLoginPageOrStartupPage
240 $this->logger->debug('Force login');
241 $messages = [];
242 if ($this->authSession->isValid()) {
243 $messages = $this->retrieveMessagesFromSession();
244 $this->logger->debug('Valid session -> logout current user');
245 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
246 $this->authSession->logout();
247
248 $this->eventHandler->raise(
249 'components/ILIAS/Authentication',
250 'afterLogout',
251 [
252 'username' => $this->user->getLogin(),
253 'is_explicit_logout' => false,
254 ]
255 );
256
257 $this->dic->user()->setId($this->authSession->getUserId());
258 $this->dic->user()->read();
259 }
260
261 $this->logger->debug('Show login page');
262 foreach ($messages as $type => $content) {
263 $this->mainTemplate->setOnScreenMessage($type, $content);
264 }
265
266 $this->showLoginPage();
267 return;
268 }
269
270 if ($this->authSession->isValid()) {
271 $this->logger->debug('Valid session -> redirect to starting page');
272 ilInitialisation::redirectToStartingPage();
273 return;
274 }
275
276 $this->logger->debug('No valid session -> show login');
277 $this->showLoginPage();
278 }
279
280 private function showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
281 {
282 global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
283
284 $this->help->setSubScreenId('login');
285
286 $this->getLogger()->debug('Showing login page');
287
288 $extUid = $this->http->wrapper()->query()->retrieve(
289 'ext_uid',
290 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
291 );
292
293 $soapPw = $this->http->wrapper()->query()->retrieve(
294 'soap_pw',
295 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
296 );
297
298 $credentials = new ilAuthFrontendCredentialsSoap(
299 $GLOBALS['DIC']->http()->request(),
300 $this->ctrl,
301 $this->setting
302 );
303
304 $credentials->setUsername($extUid);
305 $credentials->setPassword($soapPw);
306 $credentials->tryAuthenticationOnLoginPage();
307
308 $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
309 $frontend->tryAuthenticationOnLoginPage();
310
311 $tpl = self::initStartUpTemplate('tpl.login.html');
312 $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
313 $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
314
315 $page_editor_html = $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGIN);
316 $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
317 $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
318 $page_editor_html = $this->showLoginForm($page_editor_html, $form);
319 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
320 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
321 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
322 $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
323 $page_editor_html = $this->purgePlaceholders($page_editor_html);
324
325 // check expired session and send message
326 if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
327 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
328 } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
329 $this->lng->loadLanguageModule('registration');
330 $message_key = $this->http->wrapper()->query()->retrieve(
331 'reg_confirmation_msg',
332 $this->refinery->kindlyTo()->string()
333 );
334 $message_type = $message_key === 'reg_account_confirmation_successful' ?
335 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
336 $this->mainTemplate->setOnScreenMessage(
337 $message_type,
338 $this->lng->txt($message_key)
339 );
340 }
341
342 if ($page_editor_html !== '') {
343 $tpl->setVariable('LPE', $page_editor_html);
344 }
345
346 if ($this->authSession->isExpired()) {
347 // The usr_id is is still the one of the former logged-in user, so we have to unset it
348 $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
349 $this->dic->user()->setId($this->authSession->getUserId());
350 $this->dic->user()->read();
351 }
352
353 $this->mainTemplate->setPermanentLink('auth', null, 'login');
354 self::printToGlobalTemplate($tpl);
355 }
356
360 public static function printToGlobalTemplate($tpl): void
361 {
362 global $DIC;
363 $gtpl = $DIC['tpl'];
364 $gtpl->setContent($tpl->get());
365 $gtpl->printToStdout('DEFAULT', false, true);
366 }
367
371 private function retrieveMessagesFromSession(): array
372 {
373 $messages = [];
374 $message_types = [
375 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
376 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
377 ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
378 ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
379 ];
380
381 foreach ($message_types as $message_type) {
382 if (ilSession::get($message_type)) {
383 $messages[$message_type] = ilSession::get($message_type);
384 }
385 }
386
387 return $messages;
388 }
389
390 private function showCodeForm(
391 ?string $username = null,
392 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
393 ): void {
394 $this->help->setSubScreenId('code_input');
395
396 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
397
398 $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
399 $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
400 self::printToGlobalTemplate($tpl);
401 }
402
403 private function buildCodeForm(?string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
404 {
405 $this->lng->loadLanguageModule('auth');
406
407 $field_factory = $this->ui_factory->input()->field();
408
409 $username_field = $field_factory
410 ->hidden()
411 ->withRequired(true);
412 if ($username !== null) {
413 $username_field = $username_field->withValue($username);
414 }
415
416 return $this->ui_factory
417 ->input()
418 ->container()
419 ->form()
420 ->standard(
421 $this->ctrl->getFormAction($this, 'processCode'),
422 [
423 $field_factory->section(
424 [
425 self::PROP_CODE => $field_factory
426 ->text(
427 $this->lng->txt('auth_account_code'),
428 $this->lng->txt('auth_account_code_info')
429 )
430 ->withRequired(true),
431 // #11658
432 self::PROP_USERNAME => $username_field,
433 ],
434 $this->lng->txt('auth_account_code_title'),
435 ),
436 ]
437 )
438 ->withSubmitLabel($this->lng->txt('send'))
439 ->withAdditionalTransformation($this->mergeValuesTrafo())
440 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
441 }
442
443 private function processCode(): void
444 {
445 $form = $this->buildCodeForm();
446 $form_valid = false;
447 $form_data = null;
448 if ($this->http->request()->getMethod() === 'POST') {
449 $form = $form->withRequest($this->http->request());
450 $form_data = $form->getData();
451 $form_valid = $form_data !== null;
452 }
453
454 $uname = null;
455 if ($form_valid) {
456 $code = $form_data[self::PROP_CODE];
457 $uname = $form_data[self::PROP_USERNAME];
458 if (ilRegistrationCode::isUnusedCode($code)) {
459 $valid_until = ilRegistrationCode::getCodeValidUntil($code);
460 if (!$user_id = ilObjUser::_lookupId($uname)) {
461 $this->showLoginPage();
462 return;
463 }
464 $invalid_code = false;
465 $user = new ilObjUser($user_id);
466 if ($valid_until === '0') {
467 $user->setTimeLimitUnlimited(true);
468 } else {
469 if (is_numeric($valid_until)) {
470 $valid_until = strtotime('+' . $valid_until . 'days');
471 } else {
472 $valid_until = explode('-', $valid_until);
473 $valid_until = mktime(
474 23,
475 59,
476 59,
477 (int) $valid_until[1],
478 (int) $valid_until[2],
479 (int) $valid_until[0]
480 );
481 if ($valid_until < time()) {
482 $invalid_code = true;
483 }
484 }
485
486 if (!$invalid_code) {
487 $user->setTimeLimitUnlimited(false);
488 $user->setTimeLimitUntil($valid_until);
489 }
490 }
491
492 if (!$invalid_code) {
493 $user->setActive(true);
494 ilRegistrationCode::useCode($code);
495 // apply registration code role assignments
496 ilRegistrationCode::applyRoleAssignments($user, $code);
497 // apply registration code tie limits
498 ilRegistrationCode::applyAccessLimits($user, $code);
499
500 $user->update();
501
502 $this->ctrl->setParameter($this, 'cu', 1);
503 $this->lng->loadLanguageModule('auth');
504 $this->mainTemplate->setOnScreenMessage(
505 'success',
506 $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
507 true
508 );
509 $this->ctrl->redirect($this, 'showLoginPage');
510 }
511 }
512
513 $this->lng->loadLanguageModule('user');
514 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
515 } else {
516 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
517 }
518
519 $this->showCodeForm($uname, $form);
520 }
521
522 private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
523 {
524 $field_factory = $this->ui_factory->input()->field();
525
526 $fields = [];
527 $det = ilAuthModeDetermination::_getInstance();
528 if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
529 $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
530 $visible_auth_methods = [];
531 foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
532 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
533 continue;
534 }
535
536 $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
537
538 if (isset($option['checked'])) {
539 $auth_mode = $auth_mode->withValue($key);
540 }
541 $visible_auth_methods[] = $key;
542 }
543
544 if (count($visible_auth_methods) === 1) {
545 $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
546 }
547
548 $fields[self::PROP_AUTH_MODE] = $auth_mode;
549 }
550
551 $fields += [
552 self::PROP_USERNAME => $field_factory
553 ->text($this->lng->txt('username'))
554 ->withRequired(
555 true,
556 $this->refinery->custom()->constraint(
557 static function (string $value): bool {
558 return $value !== '';
559 },
560 static function (Closure $lng, string $value): string {
561 return $lng('auth_required_username');
562 }
563 )
564 ),
565 self::PROP_PASSWORD => $field_factory
566 ->password($this->lng->txt('password'))
567 ->withRevelation(true)
568 ->withRequired(
569 true,
570 $this->refinery->custom()->constraint(
571 static function (string $value): bool {
572 return $value !== '';
573 },
574 static function (Closure $lng, string $value): string {
575 return $lng('auth_required_password');
576 }
577 )
578 )
579 ->withAdditionalTransformation(
580 $this->refinery->custom()->transformation(
581 static function (ILIAS\Data\Password $value): string {
582 return $value->toString();
583 }
584 )
585 ),
586 ];
587
588 $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias_via_login_form'))];
589
590 return $this->ui_factory
591 ->input()
592 ->container()
593 ->form()
594 ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
595 ->withDedicatedName('login_form')
596 ->withSubmitLabel($this->lng->txt('log_in'))
597 ->withAdditionalTransformation($this->mergeValuesTrafo())
598 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
599 }
600
601 private function doLTIAuthentication(): void
602 {
603 $this->getLogger()->debug('Trying lti authentication');
604
605 $credentials = new ilAuthFrontendCredentialsLTI();
606 $credentials->initFromRequest();
607
608 $provider_factory = new ilAuthProviderFactory();
609 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
610
611 $status = ilAuthStatus::getInstance();
612
613 $frontend_factory = new ilAuthFrontendFactory();
614 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
615 $frontend = $frontend_factory->getFrontend(
616 $this->authSession,
617 $status,
618 $credentials,
619 [$provider]
620 );
621 $frontend->authenticate();
622
623 setcookie(session_name(), session_id(), [
624 'expires' => 0,
625 'path' => rtrim(IL_COOKIE_PATH, '/'),
626 'domain' => IL_COOKIE_DOMAIN,
627 'secure' => true,
628 'httponly' => true,
629 'samesite' => 'None'
630 ]);
631
632 $lti_context_ids = ilSession::get("lti_context_ids");
633
634 if (is_array($lti_context_ids) && isset($lti_context_ids[0])) {
635 $ref_id = $lti_context_ids[0];
636 $obj_type = ilObject::_lookupType($ref_id, true);
637 ilSession::set('orig_request_target', "goto.php?target=" . $obj_type . "_" . $ref_id . "&lti_context_id=" . $ref_id);
638 }
639
640 switch ($status->getStatus()) {
641 case ilAuthStatus::STATUS_AUTHENTICATED:
642 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
643 ilInitialisation::redirectToStartingPage();
644
645 // no break
646 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
647 $this->ctrl->redirect($this, 'showAccountMigration');
648
649 // no break
650 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
651 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
652 $this->ctrl->redirect($this, 'showLoginPage');
653 }
654
655 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
656 $this->showLoginPage();
657 }
658
659 private function doApacheAuthentication(): void
660 {
661 $this->getLogger()->debug('Trying apache authentication');
662
663 $credentials = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
664 $credentials->initFromRequest();
665
666 $provider_factory = new ilAuthProviderFactory();
667 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
668
669 $status = ilAuthStatus::getInstance();
670
671 $frontend_factory = new \ilAuthFrontendFactory();
672 $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
673 $frontend = $frontend_factory->getFrontend(
674 $this->authSession,
675 $status,
676 $credentials,
677 [$provider]
678 );
679 $frontend->authenticate();
680
681 switch ($status->getStatus()) {
682 case ilAuthStatus::STATUS_AUTHENTICATED:
683 if ($credentials->hasValidTargetUrl()) {
684 $this->logger->debug(
685 sprintf(
686 'Authentication successful. Redirecting to starting page: %s',
687 $credentials->getTargetUrl()
688 )
689 );
690 $this->ctrl->redirectToURL($credentials->getTargetUrl());
691 }
692 $this->logger->debug(
693 'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
694 );
695 ilInitialisation::redirectToStartingPage();
696
697 // no break
698 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
699 $this->ctrl->redirect($this, 'showAccountMigration');
700
701 // no break
702 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
703 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
704 $this->ctrl->redirectToURL(
705 ilUtil::appendUrlParameterString(
706 $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
707 'passed_sso=1'
708 )
709 );
710 }
711
712 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
713 $this->showLoginPage();
714 }
715
716 private function doStandardAuthentication(): void
717 {
718 $form = $this->buildStandardLoginForm();
719 $form_valid = false;
720 $form_data = null;
721 if ($this->http->request()->getMethod() === 'POST') {
722 $form = $form->withRequest($this->http->request());
723 $form_data = $form->getData();
724 $form_valid = $form_data !== null;
725 }
726
727 if (!$form_valid) {
728 $this->showLoginPage($form);
729 return;
730 }
731
732 $this->getLogger()->debug('Trying to authenticate user.');
733
734 $auth_callback = function () use ($form_data) {
735 $credentials = new ilAuthFrontendCredentials();
736 $credentials->setUsername($form_data[self::PROP_USERNAME]);
737 $credentials->setPassword($form_data[self::PROP_PASSWORD]);
738
739 $det = ilAuthModeDetermination::_getInstance();
740 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
741 $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
742 }
743
744 $provider_factory = new ilAuthProviderFactory();
745 $providers = $provider_factory->getProviders($credentials);
746
747 $status = ilAuthStatus::getInstance();
748
749 $frontend_factory = new ilAuthFrontendFactory();
750 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
751 $frontend = $frontend_factory->getFrontend(
752 $this->authSession,
753 $status,
754 $credentials,
755 $providers
756 );
757 $frontend->authenticate();
758
759 return $status;
760 };
761
762 if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
763 $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
764 $status = $duration->stretch($auth_callback);
765 } else {
766 $status = $auth_callback();
767 }
768
769 switch ($status->getStatus()) {
770 case ilAuthStatus::STATUS_AUTHENTICATED:
771 ilLoggerFactory::getLogger('auth')->debug(
772 'Authentication successful; Redirecting to starting page.'
773 );
774 ilInitialisation::redirectToStartingPage();
775
776 // no break
777 case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
778 $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
779 $this->showLoginPage($this->buildCodeForm($uname));
780 return;
781
782 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
783 $this->ctrl->redirect($this, 'showAccountMigration');
784
785 // no break
786 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
787 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
788 $this->showLoginPage($form);
789 }
790 }
791
792 private function showLoginForm(
793 string $page_editor_html,
794 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
795 ): string {
796 global $tpl;
797
798 return $this->substituteLoginPageElements(
799 $tpl,
800 $page_editor_html,
801 $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
802 '[list-login-form]',
803 'LOGIN_FORM'
804 );
805 }
806
807 private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
808 {
809 if ($page_editor_html !== '') {
810 return $page_editor_html;
811 }
812
813 return $page_editor_html;
814 }
815
816 private function showShibbolethLoginForm(string $page_editor_html): string
817 {
818 $target = $this->initTargetFromQuery();
819
820 if ($this->setting->get('shib_active')) {
821 $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'components/ILIAS/Init');
822
823 $tpl->setVariable(
824 'SHIB_FORMACTION',
825 './shib_login.php'
826 ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
827 $federation_name = $this->setting->get('shib_federation_name');
828 $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
829 'administrator'
830 ) . '</a>.';
831 if ($this->setting->get('shib_hos_type') === 'external_wayf') {
832 $tpl->setCurrentBlock('shibboleth_login');
833 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
834 $tpl->setVariable('IL_TARGET', $target);
835 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
836 $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
837 $tpl->setVariable(
838 'TXT_SHIB_LOGIN_INSTRUCTIONS',
839 sprintf(
840 $this->lng->txt('shib_general_login_instructions'),
841 $federation_name,
842 $admin_mail
843 )
844 );
845 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
846 $tpl->parseCurrentBlock();
847 } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
848 $tpl->setCurrentBlock('shibboleth_custom_login');
849 $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
850 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
851 $tpl->parseCurrentBlock();
852 } else {
853 $tpl->setCurrentBlock('shibboleth_wayf_login');
854 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
855 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
856 $tpl->setVariable(
857 'TXT_SELECT_HOME_ORGANIZATION',
858 sprintf(
859 $this->lng->txt('shib_select_home_organization'),
860 $this->setting->get('shib_federation_name')
861 )
862 );
863 $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
864 $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
865 $tpl->setVariable(
866 'TXT_SHIB_LOGIN_INSTRUCTIONS',
867 sprintf(
868 $this->lng->txt('shib_general_wayf_login_instructions'),
869 $admin_mail
870 )
871 );
872 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
873
874 $ilShibbolethWAYF = new ilShibbolethWAYF();
875
876 $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
877 $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
878 $tpl->setVariable('ILW_TARGET', $target);
879 $tpl->parseCurrentBlock();
880 }
881
882 return $this->substituteLoginPageElements(
883 $GLOBALS['tpl'],
884 $page_editor_html,
885 $tpl->get(),
886 '[list-shibboleth-login-form]',
887 'SHIB_LOGIN_FORM'
888 );
889 }
890
891 return $page_editor_html;
892 }
893
897 private function substituteLoginPageElements(
898 $tpl,
899 string $page_editor_html,
900 string $element_html,
901 string $placeholder,
902 string $fallback_tplvar
903 ): string {
904 if ($page_editor_html === '') {
905 $tpl->setVariable($fallback_tplvar, $element_html);
906 return $page_editor_html;
907 }
908
909 if (stripos($page_editor_html, $placeholder) === false) {
910 $tpl->setVariable($fallback_tplvar, $element_html);
911 return $page_editor_html;
912 }
913
914 return str_replace($placeholder, $element_html, $page_editor_html);
915 }
916
917 private function getAuthPageEditorHtml(AuthPageEditorContext $ipe_context): string
918 {
919 $ipe_settings = ilAuthPageEditorSettings::getInstance($ipe_context);
920
921 $ipe_language = $ipe_settings->getIliasEditorLanguage($this->lng->getLangKey());
922 if (!$ipe_language) {
923 return '';
924 }
925
926 // if page does not exist, return nothing
927 if (!ilPageUtil::_existsAndNotEmpty($ipe_context->pageType(), ilLanguage::lookupId($ipe_language))) {
928 return '';
929 }
930
931 $this->dic->contentStyle()->gui()->addCss($this->mainTemplate, ilObjAuthSettings::getAuthSettingsRefId());
932
933 $page_gui = new ($ipe_context->pageUiClass())(ilLanguage::lookupId($ipe_language));
934
935 $page_gui->setStyleId(0);
936
937 $page_gui->setPresentationTitle('');
938 $page_gui->setTemplateOutput(false);
939 $page_gui->setHeader('');
940
941 return $page_gui->showPage();
942 }
943
944 private function showRegistrationLinks(string $page_editor_html): string
945 {
946 global $tpl;
947
948 $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'components/ILIAS/Init');
949
950 // allow new registrations?
951 if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
952 $rtpl->setCurrentBlock('new_registration');
953 $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
954 $rtpl->setVariable(
955 'CMD_REGISTER',
956 $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
957 );
958 $rtpl->parseCurrentBlock();
959 }
960 // allow password assistance? Surpress option if Authmode is not local database
961 if ($this->setting->get('password_assistance')) {
962 $rtpl->setCurrentBlock('password_assistance');
963 $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
964 $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
965 $rtpl->setVariable(
966 'CMD_FORGOT_PASSWORD',
967 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
968 );
969 $rtpl->setVariable(
970 'CMD_FORGOT_USERNAME',
971 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
972 );
973 $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
974 $rtpl->parseCurrentBlock();
975 }
976
977 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
978 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
979 $rtpl->setCurrentBlock('homelink');
980 $rtpl->setVariable(
981 'CLIENT_ID',
982 '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
983 );
984 $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
985 $rtpl->parseCurrentBlock();
986 }
987
988 return $this->substituteLoginPageElements(
989 $tpl,
990 $page_editor_html,
991 $rtpl->get(),
992 '[list-registration-link]',
993 'REG_PWD_CLIENT_LINKS'
994 );
995 }
996
997 private function showLegalDocumentsLinks(string $page_editor_html): string
998 {
999 global $tpl;
1000 global $DIC;
1001
1002 if (0 === $this->user->getId()) {
1003 $this->user->setId(ANONYMOUS_USER_ID);
1004 }
1005
1006 $page_editor_html = $this->substituteLoginPageElements(
1007 $tpl,
1008 $page_editor_html,
1009 $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
1010 '[list-user-agreement]',
1011 'USER_AGREEMENT'
1012 );
1013 $page_editor_html = $this->substituteLoginPageElements(
1014 $tpl,
1015 $page_editor_html,
1016 $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
1017 '[list-dpro-agreement]',
1018 'DPRO_AGREEMENT'
1019 );
1020
1021 return $page_editor_html;
1022 }
1023
1024 private function purgePlaceholders(string $page_editor_html): string
1025 {
1026 return str_replace(
1027 [
1028 '[list-language-selection]',
1029 '[list-registration-link]',
1030 '[list-user-agreement]',
1031 '[list-dpro-agreement]',
1032 '[list-login-form]',
1033 '[list-saml-login]',
1034 '[list-shibboleth-login-form]',
1035 '[list-openid-connect-login]'
1036 ],
1037 '',
1038 $page_editor_html
1039 );
1040 }
1041
1042 private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1043 {
1044 $field_factory = $this->ui_factory->input()->field();
1045
1046 $keep = $field_factory->group(
1047 [
1048 self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1049 self::PROP_PASSWORD => $field_factory
1050 ->password($this->lng->txt('password'))
1051 ->withRequired(true)
1052 ->withRevelation(true)
1053 ->withAdditionalTransformation(
1054 $this->refinery->custom()->transformation(
1055 static function (ILIAS\Data\Password $value): string {
1056 return $value->toString();
1057 }
1058 )
1059 ),
1060 ],
1061 $this->lng->txt('auth_account_migration_keep'),
1062 $this->lng->txt('auth_info_migrate')
1063 );
1064
1065 $new = $field_factory->group(
1066 [],
1067 $this->lng->txt('auth_account_migration_new'),
1068 $this->lng->txt('auth_info_add')
1069 );
1070
1071 $fields = [
1072 self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1073 [
1074 self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1075 self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1076 ],
1077 $this->lng->txt('auth_account_migration_name')
1078 )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1079 ];
1080
1081 $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1082
1083 return $this->ui_factory->input()
1084 ->container()
1085 ->form()
1086 ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1087 ->withDedicatedName('login_form')
1088 ->withSubmitLabel($this->lng->txt('save'))
1089 ->withAdditionalTransformation($this->mergeValuesTrafo())
1090 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1091 }
1092
1093 private function showAccountMigration(
1094 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1095 string $message = ''
1096 ): void {
1097 $this->help->setSubScreenId('account_migration');
1098
1099 $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1100 $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1101
1102 if ($message !== '') {
1103 $this->mainTemplate->setOnScreenMessage('failure', $message);
1104 }
1105
1106 self::printToGlobalTemplate($tpl);
1107 }
1108
1109 private function migrateAccount(): void
1110 {
1111 $form = $this->buildAccountMigrationForm();
1112 $form_valid = false;
1113 $form_data = null;
1114 if ($this->http->request()->getMethod() === 'POST') {
1115 $form = $form->withRequest($this->http->request());
1116 $form_data = $form->getData();
1117 $form_valid = $form_data !== null;
1118 }
1119
1120 if (!$form_valid) {
1121 $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1122 return;
1123 }
1124
1125 $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1126 $account_migration_mode = $account_migration[0];
1127 if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1128 $this->doMigration($account_migration[1]);
1129 } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1130 $this->doMigrationNewAccount();
1131 } else {
1132 $this->showAccountMigration(
1133 $form,
1134 $this->lng->txt('form_input_not_valid')
1135 );
1136 }
1137 }
1138
1139 private function doMigrationNewAccount(): void
1140 {
1141 $credentials = new ilAuthFrontendCredentials();
1142 $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1143
1144 $provider_factory = new ilAuthProviderFactory();
1145 $provider = $provider_factory->getProviderByAuthMode(
1146 $credentials,
1147 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1148 );
1149
1150 $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1151
1152 $status = ilAuthStatus::getInstance();
1153
1154 $frontend_factory = new ilAuthFrontendFactory();
1155 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1156 $frontend = $frontend_factory->getFrontend(
1157 $GLOBALS['DIC']['ilAuthSession'],
1158 $status,
1159 $credentials,
1160 [$provider]
1161 );
1162
1163 if ($frontend->migrateAccountNew()) {
1164 ilInitialisation::redirectToStartingPage();
1165 }
1166
1167 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1168 $this->ctrl->redirect($this, 'showAccountMigration');
1169 }
1170
1174 private function doMigration(array $migration_request_data): void
1175 {
1176 $username = $migration_request_data[self::PROP_USERNAME];
1177 $password = $migration_request_data[self::PROP_PASSWORD];
1178
1179 $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1180
1181 $credentials = new ilAuthFrontendCredentials();
1182 $credentials->setUsername($username);
1183 $credentials->setPassword($password);
1184
1185 $provider_factory = new ilAuthProviderFactory();
1186 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1187
1188 $status = ilAuthStatus::getInstance();
1189
1190 $frontend_factory = new ilAuthFrontendFactory();
1191 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1192 $frontend = $frontend_factory->getFrontend(
1193 $this->authSession,
1194 $status,
1195 $credentials,
1196 [$provider]
1197 );
1198 $frontend->authenticate();
1199
1200 switch ($status->getStatus()) {
1201 case ilAuthStatus::STATUS_AUTHENTICATED:
1202 $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1203
1204 $provider = $provider_factory->getProviderByAuthMode(
1205 $credentials,
1206 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1207 );
1208 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1209 $frontend = $frontend_factory->getFrontend(
1210 $GLOBALS['DIC']['ilAuthSession'],
1211 $status,
1212 $credentials,
1213 [$provider]
1214 );
1215
1216 if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1217 ilInitialisation::redirectToStartingPage();
1218 }
1219
1220 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1221 $this->ctrl->redirect($this, 'showAccountMigration');
1222
1223 // no break
1224 default:
1225 $this->getLogger()->info('Account migration failed for user ' . $username);
1226 $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1227 }
1228 }
1229
1230 private function showLogout(): void
1231 {
1232 if (!$this->authSession->isExpired() &&
1233 $this->authSession->isAuthenticated() &&
1234 !ilObjUser::_isAnonymous($this->authSession->getUserId())) {
1235 $this->ctrl->redirectToURL(ilUserUtil::getStartingPointAsUrl());
1236 }
1237
1238 $this->help->setSubScreenId('logout');
1239
1240 $tpl = self::initStartUpTemplate('tpl.logout.html');
1241 $client_id = $this->http->wrapper()->query()->retrieve(
1242 'client_id',
1243 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1244 );
1245
1246 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1247 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1248 $tpl->setCurrentBlock('homelink');
1249 $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1250 $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1251 $tpl->parseCurrentBlock();
1252 }
1253
1254 $tpl->setVariable('LPE', $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGOUT));
1255 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1256 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1257 $tpl->setVariable(
1258 'CLIENT_ID',
1259 '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1260 );
1261
1262 self::printToGlobalTemplate($tpl);
1263 }
1264
1265 private function doLogout(): void
1266 {
1268 $legal_documents = $this->dic['legalDocuments'];
1269
1270 $this->eventHandler->raise(
1271 'components/ILIAS/Authentication',
1272 'beforeLogout',
1273 [
1274 'user_id' => $this->user->getId()
1275 ]
1276 );
1277
1278 $user_language = $this->user->getLanguage();
1279
1280 $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1281
1282 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1283 $this->authSession->logout();
1284
1285 $target = new ConfigurableLogoutTarget(
1286 $this->ctrl,
1287 new ilSetting('auth'),
1288 $this->access,
1289 ilUtil::_getHttpPath()
1290 );
1291 $target = $legal_documents->logoutTarget($target);
1292 $url = $target->asURI();
1293
1294 $this->eventHandler->raise(
1295 'components/ILIAS/Authentication',
1296 'afterLogout',
1297 [
1298 'username' => $this->user->getLogin(),
1299 'is_explicit_logout' => true,
1300 'used_external_auth_mode' => $used_external_auth_mode,
1301 'logout_target' => $url
1302 ]
1303 );
1304
1305 $this->mainTemplate->setOnScreenMessage(
1306 $this->mainTemplate::MESSAGE_TYPE_INFO,
1307 $this->lng->txt('logout_text') . $legal_documents->logoutText(),
1308 true
1309 );
1310
1311 // reset cookie
1312 ilUtil::setCookie('ilClientId', '');
1313
1314 $this->ctrl->setParameter($this, 'lang', $user_language);
1315 $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1316 $this->ctrl->redirectToURL((string) $url);
1317 }
1318
1319 protected function showLegalDocuments(): void
1320 {
1321 global $DIC;
1322 $tpl = self::initStartUpTemplate(['agreement.html', 'components/ILIAS/LegalDocuments'], true, false);
1323 $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1324 self::printToGlobalTemplate($tpl);
1325 }
1326
1327 private function processIndexPHP(): void
1328 {
1329 if ($this->authSession->isValid()) {
1330 if (!$this->user->isAnonymous() || (
1331 ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1332 $this->httpRequest->getServerParams()['SERVER_NAME']
1333 ) && $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)
1334 )) {
1335 ilInitialisation::redirectToStartingPage();
1336 return;
1337 }
1338 }
1339
1340 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1341 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1342 ilInitialisation::goToPublicSection();
1343 }
1344
1345 $this->showLoginPage();
1346 }
1347
1351 public static function _checkGoto(string $a_target)
1352 {
1353 global $DIC;
1354
1355 $component_factory = $DIC['component.factory'];
1356
1357 $access = $DIC->access();
1358
1359 foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1361 $gui_class = $ui_plugin->getUIClassInstance();
1362 $resp = $gui_class->checkGotoHook($a_target);
1363 if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1364 $a_target = $resp['target'];
1365 break;
1366 }
1367 }
1368
1369 if ($a_target === '') {
1370 return false;
1371 }
1372
1373 $t_arr = explode('_', $a_target);
1374 $type = $t_arr[0];
1375
1376 if ($type === 'git') {
1377 $type = 'glo';
1378 }
1379
1380 if ($type === 'pg' | $type === 'st') {
1381 $type = 'lm';
1382 }
1383
1384 $class = $DIC['objDefinition']->getClassName($type);
1385 if ($class === '') {
1386 return false;
1387 }
1388
1389 $location = $DIC['objDefinition']->getLocation($type);
1390 $full_class = 'ilObj' . $class . 'Access';
1391
1392 $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1393
1394 // if no access and repository object => check for parent course/group
1395 if (!$ret &&
1396 isset($t_arr[1]) &&
1397 !str_contains($a_target, '_wsp') &&
1398 !$DIC->user()->isAnonymous() && // #10637
1399 !$DIC['objDefinition']->isAdministrationObject($type) &&
1400 $DIC['objDefinition']->isRBACObject($type)) {
1401 $ref_id = 0;
1402 // original type 'pg' => pg_<page_id>[_<ref_id>]
1403 if ($t_arr[0] === 'pg') {
1404 if (isset($t_arr[2])) {
1405 $ref_id = (int) $t_arr[2];
1406 } else {
1407 $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1408 $ref_ids = ilObject::_getAllReferences($lm_id);
1409 if ($ref_ids) {
1410 $ref_id = array_shift($ref_ids);
1411 }
1412 }
1413 } else {
1414 $ref_id = (int) $t_arr[1];
1415 }
1416
1417 if ($ref_id < 1) {
1418 return false;
1419 }
1420
1421 $block_obj = [];
1422
1423 // walk path to find parent container
1424 $path = $DIC->repositoryTree()->getPathId($ref_id);
1425 array_pop($path);
1426 foreach ($path as $path_ref_id) {
1427 $redirect_infopage = false;
1428 $add_member_role = false;
1429
1430 $ptype = ilObject::_lookupType($path_ref_id, true);
1431 $pobj_id = ilObject::_lookupObjId($path_ref_id);
1432
1433 // core checks: timings/object-specific
1434 if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1435 !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1436 // object in path is inaccessible - aborting
1437 return false;
1438 } elseif ($ptype === 'crs') {
1439 // check if already participant
1440 $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1441 if (!$participants->isAssigned()) {
1442 // subscription currently possible?
1443 if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1444 $block_obj[] = $path_ref_id;
1445 $add_member_role = true;
1446 } else {
1447 $redirect_infopage = true;
1448 }
1449 }
1450 } elseif ($ptype === 'grp') {
1451 // check if already participant
1452 if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1453 // subscription currently possible?
1454 $group_obj = new ilObjGroup($path_ref_id);
1455 if ($group_obj->isRegistrationEnabled()) {
1456 $block_obj[] = $path_ref_id;
1457 $add_member_role = true;
1458 } else {
1459 $redirect_infopage = true;
1460 }
1461 }
1462 }
1463
1464 // add members roles for all 'blocking' objects
1465 if ($add_member_role) {
1466 // cannot join? goto will never work, so redirect to current object
1467 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1468 if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1469 $redirect_infopage = true;
1470 } else {
1471 $DIC->rbac()->system()->addTemporaryRole(
1472 $DIC->user()->getId(),
1473 ilParticipants::getDefaultMemberRole($path_ref_id)
1474 );
1475 }
1476 }
1477
1478 // redirect to infopage of 1st blocking object in path
1479 if ($redirect_infopage) {
1480 if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1481 ilUtil::redirect(
1482 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1483 );
1484 } else {
1485 return false;
1486 }
1487 }
1488 }
1489
1490 // check if access will be possible with all (possible) member roles added
1491 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1492 if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1493 // this won't work with lm-pages (see above)
1494 // keep original target
1495 ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1496
1497 // redirect to 1st non-member object in path
1498 ilUtil::redirect(
1499 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1500 );
1501 }
1502 }
1503
1504 return $ret;
1505 }
1506
1507 private function confirmRegistration(): void
1508 {
1509 $this->lng->loadLanguageModule('registration');
1510
1511 ilUtil::setCookie('iltest', 'cookie', false);
1512 $regitration_hash = trim(
1513 $this->http->wrapper()->query()->retrieve(
1514 'rh',
1515 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1516 )
1517 );
1518 if ($regitration_hash === '') {
1519 $this->mainTemplate->setOnScreenMessage(
1520 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1521 $this->lng->txt('reg_confirmation_hash_not_passed'),
1522 true
1523 );
1524 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1525 }
1526
1527 try {
1528 $oRegSettings = new ilRegistrationSettings();
1529
1530 $usr_id = ilObjUser::_verifyRegistrationHash(trim($regitration_hash));
1532 $user = ilObjectFactory::getInstanceByObjId($usr_id);
1533 $user->setActive(true);
1534 $password = '';
1535 if ($oRegSettings->passwordGenerationEnabled()) {
1536 $passwords = ilSecuritySettingsChecker::generatePasswords(1);
1537 $password = $passwords[0];
1538 $user->setPasswd($password, ilObjUser::PASSWD_PLAIN);
1539 $user->setLastPasswordChangeTS(time());
1540 }
1541 $user->update();
1542
1543 $accountMail = (new ilAccountRegistrationMail(
1544 $oRegSettings,
1545 ilLoggerFactory::getLogger('user')
1546 ))->withEmailConfirmationRegistrationMode();
1547
1548 if ($user->getPref('reg_target') ?? '') {
1549 $accountMail = $accountMail->withPermanentLinkTarget($user->getPref('reg_target'));
1550 }
1551
1552 $accountMail->send($user, $password);
1553
1554 $this->mainTemplate->setOnScreenMessage(
1555 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
1556 $this->lng->txt('reg_account_confirmation_successful'),
1557 true
1558 );
1559 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1560 } catch (ilRegConfirmationLinkExpiredException $exception) {
1561 $soap_client = new ilSoapClient();
1562 $soap_client->setResponseTimeout(1);
1563 $soap_client->enableWSDL(true);
1564 $soap_client->init();
1565
1566 $this->logger->info(
1567 'Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...'
1568 );
1569
1570 $soap_client->call(
1571 'deleteExpiredDualOptInUserObjects',
1572 [
1573 $_COOKIE[session_name()] . '::' . CLIENT_ID,
1574 $exception->getCode() // user id
1575 ]
1576 );
1577
1578 $this->mainTemplate->setOnScreenMessage(
1579 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1580 $this->lng->txt($exception->getMessage()),
1581 true
1582 );
1583 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1584 } catch (ilRegistrationHashNotFoundException $exception) {
1585 $this->mainTemplate->setOnScreenMessage(
1586 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
1587 $this->lng->txt($exception->getMessage()),
1588 true
1589 );
1590 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1591 }
1592 }
1593
1598 public static function initStartUpTemplate(
1599 $a_tmpl,
1600 bool $a_show_back = false,
1601 bool $a_show_logout = false
1602 ): ilGlobalTemplateInterface {
1603 global $DIC;
1604
1605 $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1606
1607 $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'components/ILIAS/Init');
1608
1609 $view_title = $DIC->language()->txt('login_to_ilias');
1610 if ($a_show_back) {
1611 // #13400
1612 $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1613
1614 $tpl->setCurrentBlock('link_item_bl');
1615 $tpl->setVariable('LINK_TXT', $view_title);
1616 $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1617 $tpl->parseCurrentBlock();
1618
1619 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1620 $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1621 $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1622 $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1623 $tpl->parseCurrentBlock();
1624 }
1625 } elseif ($a_show_logout) {
1626 $view_title = $DIC->language()->txt('logout');
1627 $tpl->setCurrentBlock('link_item_bl');
1628 $tpl->setVariable('LINK_TXT', $view_title);
1629 $tpl->setVariable('LINK_URL', self::logoutUrl());
1630 $tpl->parseCurrentBlock();
1631 }
1632
1633 if (is_array($a_tmpl)) {
1634 $template_file = $a_tmpl[0];
1635 $template_dir = $a_tmpl[1];
1636 } else {
1637 $template_file = $a_tmpl;
1638 $template_dir = 'components/ILIAS/Init';
1639 }
1640
1641 $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1642
1643 PageContentProvider::setViewTitle($view_title);
1644 $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1645 if ($short_title === '') {
1646 $short_title = 'ILIAS';
1647 }
1648 PageContentProvider::setShortTitle($short_title);
1649
1650 $header_title = ilObjSystemFolder::_getHeaderTitle();
1651 PageContentProvider::setTitle($header_title);
1652
1653 return $tpl;
1654 }
1655
1656 private function showSamlLoginForm(string $page_editor_html): string
1657 {
1658 if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1659 $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'components/ILIAS/Saml');
1660
1661 $return = '';
1662 $target = $this->initTargetFromQuery();
1663 if ($target !== '') {
1664 $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1665 }
1666
1667 $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1668 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1669 $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1670 $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1671 $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1672
1673 return $this->substituteLoginPageElements(
1674 $GLOBALS['tpl'],
1675 $page_editor_html,
1676 $tpl->get(),
1677 '[list-saml-login]',
1678 'SAML_LOGIN_FORM'
1679 );
1680 }
1681
1682 return $page_editor_html;
1683 }
1684
1685 private function showOpenIdConnectLoginForm(string $page_editor_html): string
1686 {
1687 $oidc_settings = ilOpenIdConnectSettings::getInstance();
1688 if ($oidc_settings->getActive()) {
1689 $tpl = new ilTemplate('tpl.login_element.html', true, true, 'components/ILIAS/OpenIdConnect');
1690
1691 $this->lng->loadLanguageModule('auth');
1692 $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1693
1694 $target = $this->initTargetFromQuery();
1695 $target_str = empty($target) ? '' : ('?target=' . $target);
1696 switch ($oidc_settings->getLoginElementType()) {
1697 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1698 $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1699 $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1700 break;
1701
1702 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1703 $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1704 $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1705 break;
1706 }
1707
1708 return $this->substituteLoginPageElements(
1709 $GLOBALS['tpl'],
1710 $page_editor_html,
1711 $tpl->get(),
1712 '[list-openid-connect-login]',
1713 'OPEN_ID_CONNECT_LOGIN_FORM'
1714 );
1715 }
1716
1717 return $page_editor_html;
1718 }
1719
1720 private function doOpenIdConnectAuthentication(): void
1721 {
1722 $this->getLogger()->debug('Trying openid connect authentication');
1723
1724 $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1725 $credentials->initFromRequest();
1726
1727 $provider_factory = new ilAuthProviderFactory();
1728 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1729
1730 $status = ilAuthStatus::getInstance();
1731
1732 $frontend_factory = new ilAuthFrontendFactory();
1733 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1734 $frontend = $frontend_factory->getFrontend(
1735 $this->authSession,
1736 $status,
1737 $credentials,
1738 [$provider]
1739 );
1740 $frontend->authenticate();
1741
1742 switch ($status->getStatus()) {
1743 case ilAuthStatus::STATUS_AUTHENTICATED:
1744 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1745 if ($credentials->getRedirectionTarget()) {
1746 ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1747 }
1748 ilInitialisation::redirectToStartingPage();
1749
1750 // no break
1751 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1752 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1753 $this->ctrl->redirect($this, 'showLoginPage');
1754 }
1755
1756 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1757 $this->showLoginPage();
1758 }
1759
1760 private function doSamlAuthentication(): void
1761 {
1762 $this->getLogger()->debug('Trying saml authentication');
1763 $request = $this->httpRequest;
1764 $params = $request->getQueryParams();
1765
1766 $factory = new ilSamlAuthFactory();
1767 $auth = $factory->auth();
1768
1769 if (isset($params['action']) && $params['action'] === 'logout') {
1770 $logout_url = $params['logout_url'] ?? '';
1771 $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1772 $auth->logout($logout_url);
1773 }
1774
1775 if (isset($params['target']) && !isset($params['returnTo'])) {
1776 $params['returnTo'] = $params['target'];
1777 }
1778
1779 if (isset($params['returnTo'])) {
1780 $auth->storeParam('target', $params['returnTo']);
1781 }
1782
1783 $this->logger->debug('Started SAML authentication request');
1784 if (!$auth->isAuthenticated()) {
1785 ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1786 if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1787 $activeIdps = ilSamlIdp::getActiveIdpList();
1788 if (count($activeIdps) === 1) {
1789 $idp = current($activeIdps);
1790
1791 ilLoggerFactory::getLogger('auth')->debug(
1792 sprintf(
1793 'Found exactly one active IDP with id %s: %s',
1794 $idp->getIdpId(),
1795 $idp->getEntityId()
1796 )
1797 );
1798
1799 $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1800 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1801 $this->ctrl->setTargetScript('saml.php');
1802 $this->ctrl->redirect($this, 'doSamlAuthentication');
1803 } elseif ($activeIdps === []) {
1804 $this->logger->debug('Did not find any active IDP, skipp authentication process');
1805 $this->ctrl->redirect($this, 'showLoginPage');
1806 } else {
1807 $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1808 $this->showSamlIdpSelection($auth, $activeIdps);
1809 return;
1810 }
1811 }
1812
1813 $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1814 $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1815 }
1816
1817 $auth = $factory->auth();
1818
1819 $this->logger->debug('Checking SAML authentication status...');
1820 $auth->protectResource();
1821 $this->logger->debug(
1822 'SAML authentication successful, continuing with ILIAS internal authentication process...'
1823 );
1824
1825 $idpId = (int) $auth->getParam('idpId');
1826
1827 $this->logger->debug(
1828 sprintf(
1829 'Internal SAML IDP id fetched from session: %s',
1830 $idpId
1831 )
1832 );
1833
1834 if ($idpId < 1) {
1835 $this->logger->debug(
1836 'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1837 );
1838 $authData = $auth->getAuthDataArray();
1839 if (isset($authData['saml:sp:IdP'])) {
1840 $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1841 $this->logger->debug(
1842 sprintf(
1843 'Searching active ILIAS IDP by entity id "%s" results in: %s',
1844 $authData['saml:sp:IdP'],
1845 $idpId
1846 )
1847 );
1848 } else {
1849 $this->logger->debug(
1850 'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1851 );
1852 }
1853 }
1854
1855 $target = $auth->popParam('target');
1856
1857 $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1858
1859 $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1860 $credentials->initFromRequest();
1861
1862 $provider_factory = new ilAuthProviderFactory();
1863 $provider = $provider_factory->getProviderByAuthMode(
1864 $credentials,
1865 ilUtil::stripSlashes(
1866 ilAuthUtils::AUTH_SAML . '_' . $idpId
1867 )
1868 );
1869
1870 if ($target) {
1871 $credentials->setReturnTo($target);
1872 } else {
1873 $target = $credentials->getReturnTo();
1874 }
1875
1876 $status = ilAuthStatus::getInstance();
1877
1878 $frontend_factory = new ilAuthFrontendFactory();
1879 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1880 $frontend = $frontend_factory->getFrontend(
1881 $this->authSession,
1882 $status,
1883 $credentials,
1884 [$provider]
1885 );
1886 $frontend->authenticate();
1887
1888 switch ($status->getStatus()) {
1889 case ilAuthStatus::STATUS_AUTHENTICATED:
1890 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1891 ilInitialisation::redirectToStartingPage($target ?? '');
1892
1893 // no break
1894 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1895 $this->ctrl->redirect($this, 'showAccountMigration');
1896
1897 // no break
1898 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1899 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1900 $this->ctrl->redirect($this, 'showLoginPage');
1901 }
1902
1903 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1904 $this->showLoginPage();
1905 }
1906
1910 private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
1911 {
1912 $this->help->setSubScreenId('saml_idp_selection');
1913
1914 self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'components/ILIAS/Saml']);
1915
1916 $this->ctrl->setTargetScript('saml.php');
1917 $items = [];
1918 foreach ($idps as $idp) {
1919 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1920 $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
1921
1922 $items[] = $this->ui_factory->link()->standard(
1923 $idp->getEntityId(),
1924 $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
1925 );
1926 }
1927
1928 $components = [
1929 $this->ui_factory->panel()->standard(
1930 $this->lng->txt('auth_saml_idp_selection_table_title'),
1931 [
1932 $this->ui_factory->messageBox()->info($this->lng->txt('auth_saml_idp_selection_table_desc')),
1933 $this->ui_factory->listing()->unordered(
1934 array_map(
1935 fn($item) => $this->ui_renderer->render($item),
1936 $items
1937 )
1938 )
1939 ]
1940 )
1941 ];
1942
1943 $this->mainTemplate->setVariable('CONTENT', $this->ui_renderer->render($components));
1944 $this->mainTemplate->printToStdout('DEFAULT', false);
1945 }
1946
1952 public static function logoutUrl(array $parameters = []): string
1953 {
1954 global $DIC;
1955
1956 $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
1957 $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
1958
1959 $DIC->ctrl()->setTargetScript('logout.php');
1960 $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
1961 $DIC->ctrl()->setTargetScript('ilias.php');
1962
1963 return $url;
1964 }
1965}
IL_COOKIE_PATH
const IL_COOKIE_PATH(isset($_GET['client_id']))
Definition: index.php:47
$duration
$duration
Definition: LOMStructure.php:54
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
$location
$location
Definition: buildRTE.php:22
$components
$components
Definition: build_bootstrap.php:58
ILIAS\DI\Container
Customizing of pimple-DIC for ILIAS.
Definition: Container.php:36
ILIAS\Data\Color\Factory
Builds a Color from either hex- or rgb values.
Definition: Factory.php:31
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ILIAS\HTTP\Services
Class Services.
Definition: Services.php:38
true
return true
Definition: class.ilIniFile.php:164
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:24
ilAccountRegistrationGUI
Class ilAccountRegistrationGUI.
Definition: class.ilAccountRegistrationGUI.php:34
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:28
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:52
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:60
ilAuthFrontendCredentialsLTI
Auth credentials for lti oauth based authentication.
Definition: class.ilAuthFrontendCredentialsLTI.php:28
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthFrontend\MIG_TRIGGER_AUTHMODE
const string MIG_TRIGGER_AUTHMODE
Definition: class.ilAuthFrontend.php:26
ilAuthFrontend\MIG_EXTERNAL_ACCOUNT
const string MIG_EXTERNAL_ACCOUNT
Definition: class.ilAuthFrontend.php:25
ilAuthPageEditorSettings\getInstance
static getInstance(AuthPageEditorContext $context)
Definition: class.ilAuthPageEditorSettings.php:46
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:395
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:36
ilAuthUtils\AUTH_OPENID_CONNECT
const int AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:38
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:365
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:45
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:30
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:117
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:29
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:909
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1853
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:563
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:337
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:569
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:561
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:32
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1569
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjUser\_isAnonymous
static _isAnonymous(int $usr_id)
Definition: class.ilObjUser.php:1756
ilObjUser\getPref
getPref(string $a_keyword)
Definition: class.ilObjUser.php:474
ilObjUser\_verifyRegistrationHash
static _verifyRegistrationHash(string $a_hash)
Definition: class.ilObjUser.php:2295
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1101
ilObjUser\setLastPasswordChangeTS
setLastPasswordChangeTS(int $a_last_password_change_ts)
Definition: class.ilObjUser.php:930
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:906
ilObjUser\setActive
setActive(bool $active, int $owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1048
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:47
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $unlimited)
Definition: class.ilObjUser.php:1111
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:2729
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:826
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages)
Definition: class.ilPageUtil.php:31
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
ilRegConfirmationLinkExpiredException
Class for user related exception handling in ILIAS.
Definition: class.ilRegConfirmationLinkExpiredException.php:26
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:129
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:142
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:87
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:211
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:178
ilRegistrationHashNotFoundException
Class for user related exception handling in ILIAS.
Definition: class.ilRegistrationHashNotFoundException.php:27
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:223
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:209
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:33
ilStartUpGUI
@ilCtrl_Calls ilStartUpGUI: ilAccountRegistrationGUI, ilPasswordAssistanceGUI, ilLoginPageGUI,...
Definition: class.ilStartUpGUI.php:38
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:816
ilStartUpGUI\$forced_cmd
static string $forced_cmd
Definition: class.ilStartUpGUI.php:47
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:897
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:54
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:49
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:1952
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:807
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1685
ilStartUpGUI\$db
ilDBInterface $db
Definition: class.ilStartUpGUI.php:60
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:57
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:63
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:45
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:792
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection,...
Definition: class.ilStartUpGUI.php:1598
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:44
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:52
ilStartUpGUI\getAuthPageEditorHtml
getAuthPageEditorHtml(AuthPageEditorContext $ipe_context)
Definition: class.ilStartUpGUI.php:917
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:66
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:149
ilStartUpGUI\checkForcedCommand
checkForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:105
ilStartUpGUI\setForcedCommand
static setForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:100
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:360
ilStartUpGUI\__construct
__construct(?ilObjUser $user=null, ?ilGlobalTemplateInterface $mainTemplate=null, ?ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:68
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:59
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:56
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:65
ilStartUpGUI\showAccountMigration
showAccountMigration(?ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1093
ilStartUpGUI\buildCodeForm
buildCodeForm(?string $username=null)
Definition: class.ilStartUpGUI.php:403
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1656
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1174
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:142
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:62
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:55
ilStartUpGUI\showLoginPage
showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:280
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1024
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:1910
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:997
ilStartUpGUI\showCodeForm
showCodeForm(?string $username=null, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:390
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:43
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:944
ilTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilTemplate.php:31
ilUserUtil\getStartingPointAsUrl
static getStartingPointAsUrl()
Definition: class.ilUserUtil.php:212
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1328
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:397
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:381
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:944
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1281
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:31
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilCtrlBaseClassInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlBaseClassInterface.php:38
ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:30
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
$client_id
$client_id
Definition: ltiauth.php:67
$ref_id
$ref_id
Definition: ltiauth.php:66
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:31
$path
$path
Definition: ltiservices.php:30
$provider
$provider
Definition: ltitoken.php:80
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\UI\Implementation\Component\Input\ViewControl\withAdditionalTransformation
withAdditionalTransformation(Transformation $trafo)
@inheritDoc
Definition: GroupDecorator.php:57
ILIAS
Interface Observer \BackgroundTasks Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
$lng
global $lng
Definition: privfeed.php:31
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23
$DIC
global $DIC
Definition: shib_login.php:26
$url
$url
Definition: shib_logout.php:68
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$messages
$messages
Definition: xapiexit.php:21
$message
$message
Definition: xapiexit.php:31
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
$param
$param
Definition: xapitoken.php:46