ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilStartUpGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Registration\DualOptIn\Exception\DualOptInException;
22use ILIAS\Registration\DualOptIn\Repository\PendingRegistrationDatabaseRepository;
23use ILIAS\Registration\DualOptIn\Service\DualOptInServiceImpl;
24use ILIAS\Registration\DualOptIn\ValueObjects\PendingRegistrationHash;
25use Psr\Http\Message\ServerRequestInterface;
26use ILIAS\UICore\PageContentProvider;
27use ILIAS\Refinery\Factory as RefineryFactory;
28use ILIAS\HTTP\Services as HTTPServices;
29use ILIAS\TermsOfService\Consumer as TermsOfService;
30use ILIAS\DataProtection\Consumer as DataProtection;
31use ILIAS\components\Authentication\Logout\ConfigurableLogoutTarget;
32use ILIAS\LegalDocuments\Conductor;
33use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
34use ILIAS\AuthApache\AuthFrontendCredentialsApache;
35
41class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
42{
43 private const PROP_USERNAME = 'username';
44 private const PROP_PASSWORD = 'password';
45 private const PROP_AUTH_MODE = 'auth_mode';
46 private const PROP_CODE = 'code';
47 private const PROP_ACCOUNT_MIGRATION = 'account_migration';
48 private const PROP_ACCOUNT_MIGRATION_NEW = 'account_migration_new';
49 private const PROP_ACCOUNT_MIGRATION_MIGRATE = 'account_migration_migrate';
50
51 private static string $forced_cmd = '';
52
53 private ilCtrlInterface $ctrl;
54 private ilLanguage $lng;
55 private ilLogger $logger;
56 private ilGlobalTemplateInterface $mainTemplate;
57 private ilObjUser $user;
58 private ServerRequestInterface $httpRequest;
59 private ILIAS\DI\Container $dic;
60 private ilAuthSession $authSession;
61 private ilAppEventHandler $eventHandler;
62 private ilSetting $setting;
63 private ilAccessHandler $access;
64 private ilDBInterface $db;
65
66 private RefineryFactory $refinery;
67 private HTTPServices $http;
68 private ilHelpGUI $help;
69 private ILIAS\UI\Factory $ui_factory;
70 private ILIAS\UI\Renderer $ui_renderer;
71
72 public function __construct(
73 ?ilObjUser $user = null,
74 ?ilGlobalTemplateInterface $mainTemplate = null,
75 ?ServerRequestInterface $httpRequest = null
76 ) {
77 global $DIC;
78
79 $this->dic = $DIC;
80
81 $this->user = $user ?? $DIC->user();
82 $this->mainTemplate = $mainTemplate ?? $DIC->ui()->mainTemplate();
83 $this->httpRequest = $httpRequest ?? $DIC->http()->request();
84 $this->ctrl = $DIC->ctrl();
85 $this->lng = $DIC->language();
86 $this->lng->loadLanguageModule('auth');
87 $this->logger = ilLoggerFactory::getLogger('init');
88 $this->authSession = $DIC['ilAuthSession'];
89 $this->eventHandler = $DIC->event();
90 $this->setting = $DIC->settings();
91 $this->access = $DIC->access();
92 $this->db = $DIC->database();
93 $this->help = $DIC->help();
94 $this->http = $DIC->http();
95 $this->refinery = $DIC->refinery();
96 $this->ui_factory = $DIC->ui()->factory();
97 $this->ui_renderer = $DIC->ui()->renderer();
98
99 $this->ctrl->saveParameter($this, ['rep_ref_id', 'lang', 'target', 'client_id']);
100 $this->user->setLanguage($this->lng->getLangKey());
101 $this->help->setScreenIdComponent('init');
102 }
103
104 public static function setForcedCommand(string $cmd): void
105 {
106 self::$forced_cmd = $cmd;
107 }
108
109 private function checkForcedCommand(string $cmd): string
110 {
111 if (self::$forced_cmd) {
112 $cmd = self::$forced_cmd;
113 self::$forced_cmd = '';
114 }
115
116 return $cmd;
117 }
118
119 private function mergeValuesTrafo(): ILIAS\Refinery\Transformation
120 {
121 return $this->refinery->custom()->transformation(static function (array $values): array {
122 return array_merge(...$values);
123 });
124 }
125
126 private function saniziteArrayElementsTrafo(): ILIAS\Refinery\Transformation
127 {
128 return $this->refinery->custom()->transformation(static function (array $values): array {
129 $processed_values = array_merge(
130 ilArrayUtil::stripSlashesRecursive($values),
131 isset($values[self::PROP_PASSWORD]) ? [self::PROP_PASSWORD => $values[self::PROP_PASSWORD]] : []
132 );
133
134 return $processed_values;
135 });
136 }
137
138 private function initTargetFromQuery(): string
139 {
140 return $this->http->wrapper()->query()->retrieve(
141 'target',
142 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
143 );
144 }
145
146 public function getUnsafeGetCommands(): array
147 {
148 return [
149 'doLogout'
150 ];
151 }
152
153 public function getSafePostCommands(): array
154 {
155 return [
156 'doStandardAuthentication',
157 'doLTIAuthentication'
158 ];
159 }
160
161 public function executeCommand(): void
162 {
163 $cmd = $this->checkForcedCommand($this->ctrl->getCmd('processIndexPHP'));
164
165 $next_class = $this->ctrl->getNextClass($this) ?? '';
166
167 switch (strtolower($next_class)) {
168 case strtolower(ilLoginPageGUI::class):
169 break;
170
171 case strtolower(ilAccountRegistrationGUI::class):
172 $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
173 return;
174
175 case strtolower(ilPasswordAssistanceGUI::class):
176 $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
177 return;
178
179 case strtolower(ilAccessibilityControlConceptGUI::class):
180 $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
181 return;
182
183 default:
184 if (method_exists($this, $cmd)) {
185 $this->$cmd();
186 return;
187 }
188 }
189
190 // because this class now implements ilCtrlSecurityInterface,
191 // it may occur that commands are null, therefore I added
192 // this as a fallback method.
193 $this->showLoginPageOrStartupPage();
194 }
195
196 private function getLogger(): ilLogger
197 {
198 return $this->logger;
199 }
200
201 private function jumpToRegistration(): void
202 {
203 $this->ctrl->redirectByClass(ilAccountRegistrationGUI::class);
204 }
205
206 private function jumpToPasswordAssistance(): void
207 {
208 $this->ctrl->saveParameterByClass(ilPasswordAssistanceGUI::class, 'key');
209 $this->ctrl->redirectByClass(ilPasswordAssistanceGUI::class);
210 }
211
212 private function showLoginPageOrStartupPage(): void
213 {
222 if ($this->authSession->isValid() && $this->authSession->getUserId() > 0 && !$this->user->isAnonymous()) {
223 ilInitialisation::redirectToStartingPage();
224 }
225
226 $is_forced_login = $this->http->wrapper()->query()->retrieve(
227 'cmd',
228 $this->refinery->byTrying([
229 $this->refinery->kindlyTo()->string(),
230 $this->refinery->always(
231 $this->http->wrapper()->post()->retrieve(
232 'cmd',
233 $this->refinery->byTrying([
234 $this->refinery->kindlyTo()->string(),
235 $this->refinery->always('')
236 ])
237 )
238 )
239 ])
240 ) === 'force_login';
241
242 if ($is_forced_login) {
243 // Only allow this for anonymous user, see: showLoginPageOrStartupPage
244 $this->logger->debug('Force login');
245 $messages = [];
246 if ($this->authSession->isValid()) {
247 $messages = $this->retrieveMessagesFromSession();
248 $this->logger->debug('Valid session -> logout current user');
249 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
250 $this->authSession->logout();
251
252 $this->eventHandler->raise(
253 'components/ILIAS/Authentication',
254 'afterLogout',
255 [
256 'username' => $this->user->getLogin(),
257 'is_explicit_logout' => false,
258 ]
259 );
260
261 $this->dic->user()->setId($this->authSession->getUserId());
262 $this->dic->user()->read();
263 }
264
265 $this->logger->debug('Show login page');
266 foreach ($messages as $type => $content) {
267 $this->mainTemplate->setOnScreenMessage($type, $content);
268 }
269
270 $this->showLoginPage();
271 return;
272 }
273
274 if ($this->authSession->isValid()) {
275 $this->logger->debug('Valid session -> redirect to starting page');
276 ilInitialisation::redirectToStartingPage();
277 return;
278 }
279
280 $this->logger->debug('No valid session -> show login');
281 $this->showLoginPage();
282 }
283
284 private function showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form = null): void
285 {
286 global $tpl; // Don't remove this, the global variables will be replaced with a ilGlobalTemplate instnace
287
288 $this->help->setSubScreenId('login');
289
290 $this->getLogger()->debug('Showing login page');
291
292 $extUid = $this->http->wrapper()->query()->retrieve(
293 'ext_uid',
294 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
295 );
296
297 $soapPw = $this->http->wrapper()->query()->retrieve(
298 'soap_pw',
299 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
300 );
301
302 $credentials = new ilAuthFrontendCredentialsSoap(
303 $GLOBALS['DIC']->http()->request(),
304 $this->ctrl,
305 $this->setting
306 );
307
308 $credentials->setUsername($extUid);
309 $credentials->setPassword($soapPw);
310 $credentials->tryAuthenticationOnLoginPage();
311
312 $frontend = new AuthFrontendCredentialsApache($this->http, $this->refinery, $this->ctrl);
313 $frontend->tryAuthenticationOnLoginPage();
314
315 $tpl = self::initStartUpTemplate('tpl.login.html');
316 $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
317 $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
318
319 $page_editor_html = $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGIN);
320 $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
321 $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
322 $page_editor_html = $this->showLoginForm($page_editor_html, $form);
323 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
324 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
325 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
326 $page_editor_html = $this->showLegalDocumentsLinks($page_editor_html);
327 $page_editor_html = $this->purgePlaceholders($page_editor_html);
328
329 // check expired session and send message
330 if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
331 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
332 } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
333 $this->lng->loadLanguageModule('registration');
334 $message_key = $this->http->wrapper()->query()->retrieve(
335 'reg_confirmation_msg',
336 $this->refinery->kindlyTo()->string()
337 );
338 $message_type = $message_key === 'reg_account_confirmation_successful' ?
339 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
340 $this->mainTemplate->setOnScreenMessage(
341 $message_type,
342 $this->lng->txt($message_key)
343 );
344 }
345
346 if ($page_editor_html !== '') {
347 $tpl->setVariable('LPE', $page_editor_html);
348 }
349
350 if ($this->authSession->isExpired()) {
351 // The usr_id is is still the one of the former logged-in user, so we have to unset it
352 $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
353 $this->dic->user()->setId($this->authSession->getUserId());
354 $this->dic->user()->read();
355 }
356
357 $this->mainTemplate->setPermanentLink('auth', null, 'login');
358 self::printToGlobalTemplate($tpl);
359 }
360
364 public static function printToGlobalTemplate($tpl): void
365 {
366 global $DIC;
367 $gtpl = $DIC['tpl'];
368 $gtpl->setContent($tpl->get());
369 $gtpl->printToStdout('DEFAULT', false, true);
370 }
371
375 private function retrieveMessagesFromSession(): array
376 {
377 $messages = [];
378 $message_types = [
379 ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE,
380 ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS,
381 ilGlobalTemplateInterface::MESSAGE_TYPE_INFO,
382 ilGlobalTemplateInterface::MESSAGE_TYPE_QUESTION
383 ];
384
385 foreach ($message_types as $message_type) {
386 if (ilSession::get($message_type)) {
387 $messages[$message_type] = ilSession::get($message_type);
388 }
389 }
390
391 return $messages;
392 }
393
394 private function showCodeForm(
395 ?string $username = null,
396 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
397 ): void {
398 $this->help->setSubScreenId('code_input');
399
400 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('time_limit_reached'));
401
402 $tpl = self::initStartUpTemplate('tpl.login_reactivate_code.html');
403 $tpl->setVariable('FORM', $this->ui_renderer->render($form ?? $this->buildCodeForm($username)));
404 self::printToGlobalTemplate($tpl);
405 }
406
407 private function buildCodeForm(?string $username = null): ILIAS\UI\Component\Input\Container\Form\Form
408 {
409 $this->lng->loadLanguageModule('auth');
410
411 $field_factory = $this->ui_factory->input()->field();
412
413 $username_field = $field_factory
414 ->hidden()
415 ->withRequired(true);
416 if ($username !== null) {
417 $username_field = $username_field->withValue($username);
418 }
419
420 return $this->ui_factory
421 ->input()
422 ->container()
423 ->form()
424 ->standard(
425 $this->ctrl->getFormAction($this, 'processCode'),
426 [
427 $field_factory->section(
428 [
429 self::PROP_CODE => $field_factory
430 ->text(
431 $this->lng->txt('auth_account_code'),
432 $this->lng->txt('auth_account_code_info')
433 )
434 ->withRequired(true),
435 // #11658
436 self::PROP_USERNAME => $username_field,
437 ],
438 $this->lng->txt('auth_account_code_title'),
439 ),
440 ]
441 )
442 ->withSubmitLabel($this->lng->txt('send'))
443 ->withAdditionalTransformation($this->mergeValuesTrafo())
444 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
445 }
446
447 private function processCode(): void
448 {
449 $form = $this->buildCodeForm();
450 $form_valid = false;
451 $form_data = null;
452 if ($this->http->request()->getMethod() === 'POST') {
453 $form = $form->withRequest($this->http->request());
454 $form_data = $form->getData();
455 $form_valid = $form_data !== null;
456 }
457
458 $uname = null;
459 if ($form_valid) {
460 $code = $form_data[self::PROP_CODE];
461 $uname = $form_data[self::PROP_USERNAME];
462 if (ilRegistrationCode::isUnusedCode($code)) {
463 $valid_until = ilRegistrationCode::getCodeValidUntil($code);
464 if (!$user_id = ilObjUser::_lookupId($uname)) {
465 $this->showLoginPage();
466 return;
467 }
468 $invalid_code = false;
469 $user = new ilObjUser($user_id);
470 if ($valid_until === '0') {
471 $user->setTimeLimitUnlimited(true);
472 } else {
473 if (is_numeric($valid_until)) {
474 $valid_until = strtotime('+' . $valid_until . 'days');
475 } else {
476 $valid_until = explode('-', $valid_until);
477 $valid_until = mktime(
478 23,
479 59,
480 59,
481 (int) $valid_until[1],
482 (int) $valid_until[2],
483 (int) $valid_until[0]
484 );
485 if ($valid_until < time()) {
486 $invalid_code = true;
487 }
488 }
489
490 if (!$invalid_code) {
491 $user->setTimeLimitUnlimited(false);
492 $user->setTimeLimitUntil($valid_until);
493 }
494 }
495
496 if (!$invalid_code) {
497 $user->setActive(true);
498 ilRegistrationCode::useCode($code);
499 // apply registration code role assignments
500 ilRegistrationCode::applyRoleAssignments($user, $code);
501 // apply registration code tie limits
502 ilRegistrationCode::applyAccessLimits($user, $code);
503
504 $user->update();
505
506 $this->ctrl->setParameter($this, 'cu', 1);
507 $this->lng->loadLanguageModule('auth');
508 $this->mainTemplate->setOnScreenMessage(
509 'success',
510 $GLOBALS['DIC']->language()->txt('auth_activation_code_success'),
511 true
512 );
513 $this->ctrl->redirect($this, 'showLoginPage');
514 }
515 }
516
517 $this->lng->loadLanguageModule('user');
518 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('user_account_code_not_valid'));
519 } else {
520 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('form_input_not_valid'));
521 }
522
523 $this->showCodeForm($uname, $form);
524 }
525
526 private function buildStandardLoginForm(): ILIAS\UI\Component\Input\Container\Form\Form
527 {
528 $field_factory = $this->ui_factory->input()->field();
529
530 $fields = [];
531 $det = ilAuthModeDetermination::_getInstance();
532 if (ilAuthUtils::_hasMultipleAuthenticationMethods() && $det->isManualSelection()) {
533 $auth_mode = $field_factory->radio($this->lng->txt('auth_selection'))->withRequired(true);
534 $visible_auth_methods = [];
535 foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
536 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
537 continue;
538 }
539
540 $auth_mode = $auth_mode->withOption((string) $key, $option['txt']);
541
542 if (isset($option['checked'])) {
543 $auth_mode = $auth_mode->withValue($key);
544 }
545 $visible_auth_methods[] = $key;
546 }
547
548 if (count($visible_auth_methods) === 1) {
549 $auth_mode = $field_factory->hidden()->withRequired(true)->withValue(current($visible_auth_methods));
550 }
551
552 $fields[self::PROP_AUTH_MODE] = $auth_mode;
553 }
554
555 $fields += [
556 self::PROP_USERNAME => $field_factory
557 ->text($this->lng->txt('username'))
558 ->withRequired(
559 true,
560 $this->refinery->custom()->constraint(
561 static function (string $value): bool {
562 return $value !== '';
563 },
564 static function (Closure $lng, string $value): string {
565 return $lng('auth_required_username');
566 }
567 )
568 ),
569 self::PROP_PASSWORD => $field_factory
570 ->password($this->lng->txt('password'))
571 ->withRevelation(true)
572 ->withRequired(
573 true,
574 $this->refinery->custom()->constraint(
575 static function (string $value): bool {
576 return $value !== '';
577 },
578 static function (Closure $lng, string $value): string {
579 return $lng('auth_required_password');
580 }
581 )
582 )
583 ->withAdditionalTransformation(
584 $this->refinery->custom()->transformation(
585 static function (ILIAS\Data\Password $value): string {
586 return $value->toString();
587 }
588 )
589 ),
590 ];
591
592 $sections = [$field_factory->section($fields, $this->lng->txt('login_to_ilias_via_login_form'))];
593
594 return $this->ui_factory
595 ->input()
596 ->container()
597 ->form()
598 ->standard($this->ctrl->getFormAction($this, 'doStandardAuthentication'), $sections)
599 ->withDedicatedName('login_form')
600 ->withSubmitLabel($this->lng->txt('log_in'))
601 ->withAdditionalTransformation($this->mergeValuesTrafo())
602 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
603 }
604
605 private function doLTIAuthentication(): void
606 {
607 $this->getLogger()->debug('Trying lti authentication');
608
609 $credentials = new ilAuthFrontendCredentialsLTI();
610 $credentials->initFromRequest();
611
612 $provider_factory = new ilAuthProviderFactory();
613 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
614
615 $status = ilAuthStatus::getInstance();
616
617 $frontend_factory = new ilAuthFrontendFactory();
618 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
619 $frontend = $frontend_factory->getFrontend(
620 $this->authSession,
621 $status,
622 $credentials,
623 [$provider]
624 );
625 $frontend->authenticate();
626
627 setcookie(session_name(), session_id(), [
628 'expires' => 0,
629 'path' => rtrim(IL_COOKIE_PATH, '/'),
630 'domain' => IL_COOKIE_DOMAIN,
631 'secure' => true,
632 'httponly' => true,
633 'samesite' => 'None'
634 ]);
635
636 $lti_context_ids = ilSession::get("lti_context_ids");
637
638 if (is_array($lti_context_ids) && isset($lti_context_ids[0])) {
639 $ref_id = $lti_context_ids[0];
640 $obj_type = ilObject::_lookupType($ref_id, true);
641 ilSession::set('orig_request_target', "goto.php?target=" . $obj_type . "_" . $ref_id . "&lti_context_id=" . $ref_id);
642 }
643
644 switch ($status->getStatus()) {
645 case ilAuthStatus::STATUS_AUTHENTICATED:
646 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
647 ilInitialisation::redirectToStartingPage();
648
649 // no break
650 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
651 $this->ctrl->redirect($this, 'showAccountMigration');
652
653 // no break
654 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
655 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
656 $this->ctrl->redirect($this, 'showLoginPage');
657 }
658
659 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
660 $this->showLoginPage();
661 }
662
663 private function doApacheAuthentication(): void
664 {
665 $this->getLogger()->debug('Trying apache authentication');
666
667 $credentials = new AuthFrontendCredentialsApache($this->http, $this->refinery, $this->ctrl);
668 $credentials->initFromRequest();
669
670 $provider_factory = new ilAuthProviderFactory();
671 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
672
673 $status = ilAuthStatus::getInstance();
674
675 $frontend_factory = new \ilAuthFrontendFactory();
676 $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
677 $frontend = $frontend_factory->getFrontend(
678 $this->authSession,
679 $status,
680 $credentials,
681 [$provider]
682 );
683 $frontend->authenticate();
684
685 switch ($status->getStatus()) {
686 case ilAuthStatus::STATUS_AUTHENTICATED:
687 if ($credentials->hasValidTargetUrl()) {
688 $this->logger->debug(
689 sprintf(
690 'Authentication successful. Redirecting to starting page: %s',
691 $credentials->getTargetUrl()
692 )
693 );
694 $this->ctrl->redirectToURL($credentials->getTargetUrl());
695 }
696 $this->logger->debug(
697 'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
698 );
699 ilInitialisation::redirectToStartingPage();
700
701 // no break
702 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
703 $this->ctrl->redirect($this, 'showAccountMigration');
704
705 // no break
706 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
707 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
708 $this->ctrl->redirectToURL(
709 ilUtil::appendUrlParameterString(
710 $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
711 'passed_sso=1'
712 )
713 );
714 }
715
716 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
717 $this->showLoginPage();
718 }
719
720 private function doStandardAuthentication(): void
721 {
722 $form = $this->buildStandardLoginForm();
723 $form_valid = false;
724 $form_data = null;
725 if ($this->http->request()->getMethod() === 'POST') {
726 $form = $form->withRequest($this->http->request());
727 $form_data = $form->getData();
728 $form_valid = $form_data !== null;
729 }
730
731 if (!$form_valid) {
732 $this->showLoginPage($form);
733 return;
734 }
735
736 $this->getLogger()->debug('Trying to authenticate user.');
737
738 $auth_callback = function () use ($form_data) {
739 $credentials = new ilAuthFrontendCredentials();
740 $credentials->setUsername($form_data[self::PROP_USERNAME]);
741 $credentials->setPassword($form_data[self::PROP_PASSWORD]);
742
743 $det = ilAuthModeDetermination::_getInstance();
744 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
745 $credentials->setAuthMode($form_data[self::PROP_AUTH_MODE]);
746 }
747
748 $provider_factory = new ilAuthProviderFactory();
749 $providers = $provider_factory->getProviders($credentials);
750
751 $status = ilAuthStatus::getInstance();
752
753 $frontend_factory = new ilAuthFrontendFactory();
754 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
755 $frontend = $frontend_factory->getFrontend(
756 $this->authSession,
757 $status,
758 $credentials,
759 $providers
760 );
761 $frontend->authenticate();
762
763 return $status;
764 };
765
766 if (($auth_duration = $this->setting->get('auth_duration')) !== null) {
767 $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
768 $status = $duration->stretch($auth_callback);
769 } else {
770 $status = $auth_callback();
771 }
772
773 switch ($status->getStatus()) {
774 case ilAuthStatus::STATUS_AUTHENTICATED:
775 ilLoggerFactory::getLogger('auth')->debug(
776 'Authentication successful; Redirecting to starting page.'
777 );
778 ilInitialisation::redirectToStartingPage();
779
780 // no break
781 case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
782 $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
783 $this->showLoginPage($this->buildCodeForm($uname));
784 return;
785
786 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
787 $this->ctrl->redirect($this, 'showAccountMigration');
788
789 // no break
790 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
791 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
792 $this->showLoginPage($form);
793 }
794 }
795
796 private function showLoginForm(
797 string $page_editor_html,
798 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null
799 ): string {
800 global $tpl;
801
802 $shib_is_default_without_local_login = (
803 (int) $this->setting->get('auth_mode') === ilAuthUtils::AUTH_SHIBBOLETH &&
804 !$this->setting->get('shib_auth_allow_local', '0')
805 );
806
807 if ($shib_is_default_without_local_login) {
808 return $page_editor_html;
809 }
810
811 return $this->substituteLoginPageElements(
812 $tpl,
813 $page_editor_html,
814 $this->ui_renderer->render($form ?? $this->buildStandardLoginForm()),
815 '[list-login-form]',
816 'LOGIN_FORM'
817 );
818 }
819
820 private function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
821 {
822 if ($page_editor_html !== '') {
823 return $page_editor_html;
824 }
825
826 return $page_editor_html;
827 }
828
829 private function showShibbolethLoginForm(string $page_editor_html): string
830 {
831 $target = $this->initTargetFromQuery();
832
833 if ($this->setting->get('shib_active')) {
834 $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'components/ILIAS/Init');
835
836 $tpl->setVariable(
837 'SHIB_FORMACTION',
838 './shib_login.php'
839 ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
840 $federation_name = $this->setting->get('shib_federation_name');
841 $admin_mail = ' <a href="mailto:' . $this->setting->get('admin_email') . '">ILIAS ' . $this->lng->txt(
842 'administrator'
843 ) . '</a>.';
844 if ($this->setting->get('shib_hos_type') === 'external_wayf') {
845 $tpl->setCurrentBlock('shibboleth_login');
846 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
847 $tpl->setVariable('IL_TARGET', $target);
848 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
849 $tpl->setVariable('TXT_SHIB_LOGIN_BUTTON', $this->setting->get('shib_login_button'));
850 $tpl->setVariable(
851 'TXT_SHIB_LOGIN_INSTRUCTIONS',
852 sprintf(
853 $this->lng->txt('shib_general_login_instructions'),
854 $federation_name,
855 $admin_mail
856 )
857 );
858 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
859 $tpl->parseCurrentBlock();
860 } elseif ($this->setting->get('shib_hos_type') == 'embedded_wayf') {
861 $tpl->setCurrentBlock('shibboleth_custom_login');
862 $customInstructions = stripslashes($this->setting->get('shib_login_instructions'));
863 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $customInstructions);
864 $tpl->parseCurrentBlock();
865 } else {
866 $tpl->setCurrentBlock('shibboleth_wayf_login');
867 $tpl->setVariable('TXT_SHIB_LOGIN', $this->lng->txt('login_to_ilias_via_shibboleth'));
868 $tpl->setVariable('TXT_SHIB_FEDERATION_NAME', $this->setting->get('shib_federation_name'));
869 $tpl->setVariable(
870 'TXT_SELECT_HOME_ORGANIZATION',
871 sprintf(
872 $this->lng->txt('shib_select_home_organization'),
873 $this->setting->get('shib_federation_name')
874 )
875 );
876 $tpl->setVariable('TXT_CONTINUE', $this->lng->txt('btn_next'));
877 $tpl->setVariable('TXT_SHIB_HOME_ORGANIZATION', $this->lng->txt('shib_home_organization'));
878 $tpl->setVariable(
879 'TXT_SHIB_LOGIN_INSTRUCTIONS',
880 sprintf(
881 $this->lng->txt('shib_general_wayf_login_instructions'),
882 $admin_mail
883 )
884 );
885 $tpl->setVariable('TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS', $this->setting->get('shib_login_instructions'));
886
887 $ilShibbolethWAYF = new ilShibbolethWAYF();
888
889 $tpl->setVariable('TXT_SHIB_INVALID_SELECTION', $ilShibbolethWAYF->showNotice());
890 $tpl->setVariable('SHIB_IDP_LIST', $ilShibbolethWAYF->generateSelection());
891 $tpl->setVariable('ILW_TARGET', $target);
892 $tpl->parseCurrentBlock();
893 }
894
895 return $this->substituteLoginPageElements(
896 $GLOBALS['tpl'],
897 $page_editor_html,
898 $tpl->get(),
899 '[list-shibboleth-login-form]',
900 'SHIB_LOGIN_FORM'
901 );
902 }
903
904 return $page_editor_html;
905 }
906
910 private function substituteLoginPageElements(
911 $tpl,
912 string $page_editor_html,
913 string $element_html,
914 string $placeholder,
915 string $fallback_tplvar
916 ): string {
917 if ($page_editor_html === '') {
918 $tpl->setVariable($fallback_tplvar, $element_html);
919 return $page_editor_html;
920 }
921
922 if (stripos($page_editor_html, $placeholder) === false) {
923 $tpl->setVariable($fallback_tplvar, $element_html);
924 return $page_editor_html;
925 }
926
927 return str_replace($placeholder, $element_html, $page_editor_html);
928 }
929
930 private function getAuthPageEditorHtml(AuthPageEditorContext $ipe_context): string
931 {
932 $ipe_settings = ilAuthPageEditorSettings::getInstance($ipe_context);
933
934 $ipe_language = $ipe_settings->getIliasEditorLanguage($this->lng->getLangKey());
935 if (!$ipe_language) {
936 return '';
937 }
938
939 // if page does not exist, return nothing
940 if (!ilPageUtil::_existsAndNotEmpty($ipe_context->pageType(), ilLanguage::lookupId($ipe_language))) {
941 return '';
942 }
943
944 $this->dic->contentStyle()->gui()->addCss($this->mainTemplate, ilObjAuthSettings::getAuthSettingsRefId());
945
946 $page_gui = new ($ipe_context->pageUiClass())(ilLanguage::lookupId($ipe_language));
947
948 $page_gui->setStyleId(0);
949
950 $page_gui->setPresentationTitle('');
951 $page_gui->setTemplateOutput(false);
952 $page_gui->setHeader('');
953
954 return $page_gui->showPage();
955 }
956
957 private function showRegistrationLinks(string $page_editor_html): string
958 {
959 global $tpl;
960
961 $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'components/ILIAS/Init');
962
963 // allow new registrations?
964 if (ilRegistrationSettings::_lookupRegistrationType() !== ilRegistrationSettings::IL_REG_DISABLED) {
965 $rtpl->setCurrentBlock('new_registration');
966 $rtpl->setVariable('REGISTER', $this->lng->txt('registration'));
967 $rtpl->setVariable(
968 'CMD_REGISTER',
969 $this->ctrl->getLinkTargetByClass(ilAccountRegistrationGUI::class)
970 );
971 $rtpl->parseCurrentBlock();
972 }
973 // allow password assistance? Surpress option if Authmode is not local database
974 if ($this->setting->get('password_assistance')) {
975 $rtpl->setCurrentBlock('password_assistance');
976 $rtpl->setVariable('FORGOT_PASSWORD', $this->lng->txt('forgot_password'));
977 $rtpl->setVariable('FORGOT_USERNAME', $this->lng->txt('forgot_username'));
978 $rtpl->setVariable(
979 'CMD_FORGOT_PASSWORD',
980 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class)
981 );
982 $rtpl->setVariable(
983 'CMD_FORGOT_USERNAME',
984 $this->ctrl->getLinkTargetByClass(ilPasswordAssistanceGUI::class, 'showUsernameAssistanceForm')
985 );
986 $rtpl->setVariable('LANG_ID', $this->lng->getLangKey());
987 $rtpl->parseCurrentBlock();
988 }
989
990 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
991 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
992 $rtpl->setCurrentBlock('homelink');
993 $rtpl->setVariable(
994 'CLIENT_ID',
995 '?client_id=' . CLIENT_ID . '&lang=' . $this->lng->getLangKey()
996 );
997 $rtpl->setVariable('TXT_HOME', $this->lng->txt('home'));
998 $rtpl->parseCurrentBlock();
999 }
1000
1001 return $this->substituteLoginPageElements(
1002 $tpl,
1003 $page_editor_html,
1004 $rtpl->get(),
1005 '[list-registration-link]',
1006 'REG_PWD_CLIENT_LINKS'
1007 );
1008 }
1009
1010 private function showLegalDocumentsLinks(string $page_editor_html): string
1011 {
1012 global $tpl;
1013 global $DIC;
1014
1015 if (0 === $this->user->getId()) {
1016 $this->user->setId(ANONYMOUS_USER_ID);
1017 }
1018
1019 $page_editor_html = $this->substituteLoginPageElements(
1020 $tpl,
1021 $page_editor_html,
1022 $DIC['legalDocuments']->loginPageHTML(TermsOfService::ID),
1023 '[list-user-agreement]',
1024 'USER_AGREEMENT'
1025 );
1026 $page_editor_html = $this->substituteLoginPageElements(
1027 $tpl,
1028 $page_editor_html,
1029 $DIC['legalDocuments']->loginPageHTML(DataProtection::ID),
1030 '[list-dpro-agreement]',
1031 'DPRO_AGREEMENT'
1032 );
1033
1034 return $page_editor_html;
1035 }
1036
1037 private function purgePlaceholders(string $page_editor_html): string
1038 {
1039 return str_replace(
1040 [
1041 '[list-language-selection]',
1042 '[list-registration-link]',
1043 '[list-user-agreement]',
1044 '[list-dpro-agreement]',
1045 '[list-login-form]',
1046 '[list-saml-login]',
1047 '[list-shibboleth-login-form]',
1048 '[list-openid-connect-login]'
1049 ],
1050 '',
1051 $page_editor_html
1052 );
1053 }
1054
1055 private function buildAccountMigrationForm(): ILIAS\UI\Component\Input\Container\Form\Form
1056 {
1057 $field_factory = $this->ui_factory->input()->field();
1058
1059 $keep = $field_factory->group(
1060 [
1061 self::PROP_USERNAME => $field_factory->text($this->lng->txt('login'))->withRequired(true),
1062 self::PROP_PASSWORD => $field_factory
1063 ->password($this->lng->txt('password'))
1064 ->withRequired(true)
1065 ->withRevelation(true)
1066 ->withAdditionalTransformation(
1067 $this->refinery->custom()->transformation(
1068 static function (ILIAS\Data\Password $value): string {
1069 return $value->toString();
1070 }
1071 )
1072 ),
1073 ],
1074 $this->lng->txt('auth_account_migration_keep'),
1075 $this->lng->txt('auth_info_migrate')
1076 );
1077
1078 $new = $field_factory->group(
1079 [],
1080 $this->lng->txt('auth_account_migration_new'),
1081 $this->lng->txt('auth_info_add')
1082 );
1083
1084 $fields = [
1085 self::PROP_ACCOUNT_MIGRATION => $field_factory->switchableGroup(
1086 [
1087 self::PROP_ACCOUNT_MIGRATION_MIGRATE => $keep,
1088 self::PROP_ACCOUNT_MIGRATION_NEW => $new,
1089 ],
1090 $this->lng->txt('auth_account_migration_name')
1091 )->withRequired(true)->withValue(self::PROP_ACCOUNT_MIGRATION_MIGRATE)
1092 ];
1093
1094 $sections = [$field_factory->section($fields, $this->lng->txt('auth_account_migration'))];
1095
1096 return $this->ui_factory->input()
1097 ->container()
1098 ->form()
1099 ->standard($this->ctrl->getFormAction($this, 'migrateAccount'), $sections)
1100 ->withDedicatedName('login_form')
1101 ->withSubmitLabel($this->lng->txt('save'))
1102 ->withAdditionalTransformation($this->mergeValuesTrafo())
1103 ->withAdditionalTransformation($this->saniziteArrayElementsTrafo());
1104 }
1105
1106 private function showAccountMigration(
1107 ?ILIAS\UI\Component\Input\Container\Form\Form $form = null,
1108 string $message = ''
1109 ): void {
1110 $this->help->setSubScreenId('account_migration');
1111
1112 $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1113 $tpl->setVariable('MIG_FORM', $this->ui_renderer->render($form ?? $this->buildAccountMigrationForm()));
1114
1115 if ($message !== '') {
1116 $this->mainTemplate->setOnScreenMessage('failure', $message);
1117 }
1118
1119 self::printToGlobalTemplate($tpl);
1120 }
1121
1122 private function migrateAccount(): void
1123 {
1124 $form = $this->buildAccountMigrationForm();
1125 $form_valid = false;
1126 $form_data = null;
1127 if ($this->http->request()->getMethod() === 'POST') {
1128 $form = $form->withRequest($this->http->request());
1129 $form_data = $form->getData();
1130 $form_valid = $form_data !== null;
1131 }
1132
1133 if (!$form_valid) {
1134 $this->showAccountMigration($form, $this->lng->txt('form_input_not_valid'));
1135 return;
1136 }
1137
1138 $account_migration = $form_data[self::PROP_ACCOUNT_MIGRATION];
1139 $account_migration_mode = $account_migration[0];
1140 if ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_MIGRATE) {
1141 $this->doMigration($account_migration[1]);
1142 } elseif ($account_migration_mode === self::PROP_ACCOUNT_MIGRATION_NEW) {
1143 $this->doMigrationNewAccount();
1144 } else {
1145 $this->showAccountMigration(
1146 $form,
1147 $this->lng->txt('form_input_not_valid')
1148 );
1149 }
1150 }
1151
1152 private function doMigrationNewAccount(): void
1153 {
1154 $credentials = new ilAuthFrontendCredentials();
1155 $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1156
1157 $provider_factory = new ilAuthProviderFactory();
1158 $provider = $provider_factory->getProviderByAuthMode(
1159 $credentials,
1160 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1161 );
1162
1163 $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1164
1165 $status = ilAuthStatus::getInstance();
1166
1167 $frontend_factory = new ilAuthFrontendFactory();
1168 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1169 $frontend = $frontend_factory->getFrontend(
1170 $GLOBALS['DIC']['ilAuthSession'],
1171 $status,
1172 $credentials,
1173 [$provider]
1174 );
1175
1176 if ($frontend->migrateAccountNew()) {
1177 ilInitialisation::redirectToStartingPage();
1178 }
1179
1180 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1181 $this->ctrl->redirect($this, 'showAccountMigration');
1182 }
1183
1187 private function doMigration(array $migration_request_data): void
1188 {
1189 $username = $migration_request_data[self::PROP_USERNAME];
1190 $password = $migration_request_data[self::PROP_PASSWORD];
1191
1192 $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1193
1194 $credentials = new ilAuthFrontendCredentials();
1195 $credentials->setUsername($username);
1196 $credentials->setPassword($password);
1197
1198 $provider_factory = new ilAuthProviderFactory();
1199 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1200
1201 $status = ilAuthStatus::getInstance();
1202
1203 $frontend_factory = new ilAuthFrontendFactory();
1204 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1205 $frontend = $frontend_factory->getFrontend(
1206 $this->authSession,
1207 $status,
1208 $credentials,
1209 [$provider]
1210 );
1211 $frontend->authenticate();
1212
1213 switch ($status->getStatus()) {
1214 case ilAuthStatus::STATUS_AUTHENTICATED:
1215 $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1216
1217 $provider = $provider_factory->getProviderByAuthMode(
1218 $credentials,
1219 ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1220 );
1221 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1222 $frontend = $frontend_factory->getFrontend(
1223 $GLOBALS['DIC']['ilAuthSession'],
1224 $status,
1225 $credentials,
1226 [$provider]
1227 );
1228
1229 if ($frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])) {
1230 ilInitialisation::redirectToStartingPage();
1231 }
1232
1233 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1234 $this->ctrl->redirect($this, 'showAccountMigration');
1235
1236 // no break
1237 default:
1238 $this->getLogger()->info('Account migration failed for user ' . $username);
1239 $this->showAccountMigration(null, $GLOBALS['lng']->txt('err_wrong_login'));
1240 }
1241 }
1242
1243 private function showLogout(): void
1244 {
1245 if (!$this->authSession->isExpired() &&
1246 $this->authSession->isAuthenticated() &&
1247 !ilObjUser::_isAnonymous($this->authSession->getUserId())) {
1248 $this->ctrl->redirectToURL(ilUserUtil::getStartingPointAsUrl());
1249 }
1250
1251 $this->help->setSubScreenId('logout');
1252
1253 $tpl = self::initStartUpTemplate('tpl.logout.html');
1254 $client_id = $this->http->wrapper()->query()->retrieve(
1255 'client_id',
1256 $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
1257 );
1258
1259 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1260 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1261 $tpl->setCurrentBlock('homelink');
1262 $tpl->setVariable('CLIENT_ID', '?client_id=' . $client_id . '&lang=' . $this->lng->getLangKey());
1263 $tpl->setVariable('TXT_HOME', $this->lng->txt('home'));
1264 $tpl->parseCurrentBlock();
1265 }
1266
1267 $tpl->setVariable('LPE', $this->getAuthPageEditorHtml(AuthPageEditorContext::LOGOUT));
1268 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('logout'));
1269 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('login_to_ilias'));
1270 $tpl->setVariable(
1271 'CLIENT_ID',
1272 '?client_id=' . $client_id . '&cmd=force_login&lang=' . $this->lng->getLangKey()
1273 );
1274
1275 self::printToGlobalTemplate($tpl);
1276 }
1277
1278 private function doLogout(): void
1279 {
1281 $legal_documents = $this->dic['legalDocuments'];
1282
1283 $this->eventHandler->raise(
1284 'components/ILIAS/Authentication',
1285 'beforeLogout',
1286 [
1287 'user_id' => $this->user->getId()
1288 ]
1289 );
1290
1291 $user_language = $this->user->getLanguage();
1292
1293 $used_external_auth_mode = ilSession::get('used_external_auth_mode');
1294
1295 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1296 $this->authSession->logout();
1297
1298 $target = new ConfigurableLogoutTarget(
1299 $this->ctrl,
1300 new ilSetting('auth'),
1301 $this->access,
1302 ilUtil::_getHttpPath()
1303 );
1304 $target = $legal_documents->logoutTarget($target);
1305 $url = $target->asURI();
1306
1307 $this->eventHandler->raise(
1308 'components/ILIAS/Authentication',
1309 'afterLogout',
1310 [
1311 'username' => $this->user->getLogin(),
1312 'is_explicit_logout' => true,
1313 'used_external_auth_mode' => $used_external_auth_mode,
1314 'logout_target' => $url
1315 ]
1316 );
1317
1318 $this->mainTemplate->setOnScreenMessage(
1319 $this->mainTemplate::MESSAGE_TYPE_INFO,
1320 $this->lng->txt('logout_text') . $legal_documents->logoutText(),
1321 true
1322 );
1323
1324 // reset cookie
1325 ilUtil::setCookie('ilClientId', '');
1326
1327 $this->ctrl->setParameter($this, 'lang', $user_language);
1328 $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1329 $this->ctrl->redirectToURL((string) $url);
1330 }
1331
1332 protected function showLegalDocuments(): void
1333 {
1334 global $DIC;
1335 $tpl = self::initStartUpTemplate(['agreement.html', 'components/ILIAS/LegalDocuments'], true, false);
1336 $tpl->setVariable('CONTENT', $DIC['legalDocuments']->agreeContent(self::class, __FUNCTION__));
1337 self::printToGlobalTemplate($tpl);
1338 }
1339
1340 private function processIndexPHP(): void
1341 {
1342 if ($this->authSession->isValid()) {
1343 if (!$this->user->isAnonymous() || (
1344 ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1345 $this->httpRequest->getServerParams()['SERVER_NAME']
1346 ) && $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)
1347 )) {
1348 ilInitialisation::redirectToStartingPage();
1349 return;
1350 }
1351 }
1352
1353 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1354 $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1355 ilInitialisation::goToPublicSection();
1356 }
1357
1358 $this->showLoginPage();
1359 }
1360
1364 public static function _checkGoto(string $a_target)
1365 {
1366 global $DIC;
1367
1368 $component_factory = $DIC['component.factory'];
1369
1370 $access = $DIC->access();
1371
1372 foreach ($component_factory->getActivePluginsInSlot('uihk') as $ui_plugin) {
1374 $gui_class = $ui_plugin->getUIClassInstance();
1375 $resp = $gui_class->checkGotoHook($a_target);
1376 if (isset($resp['target']) && is_string($resp['target']) && $resp['target'] !== '') {
1377 $a_target = $resp['target'];
1378 break;
1379 }
1380 }
1381
1382 if ($a_target === '') {
1383 return false;
1384 }
1385
1386 $t_arr = explode('_', $a_target);
1387 $type = $t_arr[0];
1388
1389 if ($type === 'git') {
1390 $type = 'glo';
1391 }
1392
1393 if ($type === 'pg' | $type === 'st') {
1394 $type = 'lm';
1395 }
1396
1397 $class = $DIC['objDefinition']->getClassName($type);
1398 if ($class === '') {
1399 return false;
1400 }
1401
1402 $location = $DIC['objDefinition']->getLocation($type);
1403 $full_class = 'ilObj' . $class . 'Access';
1404
1405 $ret = call_user_func([$full_class, '_checkGoto'], $a_target);
1406
1407 // if no access and repository object => check for parent course/group
1408 if (!$ret &&
1409 isset($t_arr[1]) &&
1410 !str_contains($a_target, '_wsp') &&
1411 !$DIC->user()->isAnonymous() && // #10637
1412 !$DIC['objDefinition']->isAdministrationObject($type) &&
1413 $DIC['objDefinition']->isRBACObject($type)) {
1414 $ref_id = 0;
1415 // original type 'pg' => pg_<page_id>[_<ref_id>]
1416 if ($t_arr[0] === 'pg') {
1417 if (isset($t_arr[2])) {
1418 $ref_id = (int) $t_arr[2];
1419 } else {
1420 $lm_id = ilLMObject::_lookupContObjID((int) $t_arr[1]);
1421 $ref_ids = ilObject::_getAllReferences($lm_id);
1422 if ($ref_ids) {
1423 $ref_id = array_shift($ref_ids);
1424 }
1425 }
1426 } else {
1427 $ref_id = (int) $t_arr[1];
1428 }
1429
1430 if ($ref_id < 1) {
1431 return false;
1432 }
1433
1434 $block_obj = [];
1435
1436 // walk path to find parent container
1437 $path = $DIC->repositoryTree()->getPathId($ref_id);
1438 array_pop($path);
1439 foreach ($path as $path_ref_id) {
1440 $redirect_infopage = false;
1441 $add_member_role = false;
1442
1443 $ptype = ilObject::_lookupType($path_ref_id, true);
1444 $pobj_id = ilObject::_lookupObjId($path_ref_id);
1445
1446 // core checks: timings/object-specific
1447 if (!$access->doActivationCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype) ||
1448 !$access->doStatusCheck('read', '', $path_ref_id, $DIC->user()->getId(), $pobj_id, $ptype)) {
1449 // object in path is inaccessible - aborting
1450 return false;
1451 } elseif ($ptype === 'crs') {
1452 // check if already participant
1453 $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $DIC->user()->getId());
1454 if (!$participants->isAssigned()) {
1455 // subscription currently possible?
1456 if (ilObjCourse::_isActivated($pobj_id) && ilObjCourse::_registrationEnabled($pobj_id)) {
1457 $block_obj[] = $path_ref_id;
1458 $add_member_role = true;
1459 } else {
1460 $redirect_infopage = true;
1461 }
1462 }
1463 } elseif ($ptype === 'grp') {
1464 // check if already participant
1465 if (!ilGroupParticipants::_isParticipant($path_ref_id, $DIC->user()->getId())) {
1466 // subscription currently possible?
1467 $group_obj = new ilObjGroup($path_ref_id);
1468 if ($group_obj->isRegistrationEnabled()) {
1469 $block_obj[] = $path_ref_id;
1470 $add_member_role = true;
1471 } else {
1472 $redirect_infopage = true;
1473 }
1474 }
1475 }
1476
1477 // add members roles for all 'blocking' objects
1478 if ($add_member_role) {
1479 // cannot join? goto will never work, so redirect to current object
1480 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $path_ref_id);
1481 if (!$DIC->rbac()->system()->checkAccess('join', $path_ref_id)) {
1482 $redirect_infopage = true;
1483 } else {
1484 $DIC->rbac()->system()->addTemporaryRole(
1485 $DIC->user()->getId(),
1486 ilParticipants::getDefaultMemberRole($path_ref_id)
1487 );
1488 }
1489 }
1490
1491 // redirect to infopage of 1st blocking object in path
1492 if ($redirect_infopage) {
1493 if ($DIC->rbac()->system()->checkAccess('visible', $path_ref_id)) {
1494 ilUtil::redirect(
1495 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . $path_ref_id . '&cmd=infoScreen'
1496 );
1497 } else {
1498 return false;
1499 }
1500 }
1501 }
1502
1503 // check if access will be possible with all (possible) member roles added
1504 $DIC->rbac()->system()->resetPACache($DIC->user()->getId(), $ref_id);
1505 if ($block_obj !== [] && $DIC->rbac()->system()->checkAccess('read', $ref_id)) { // #12128
1506 // this won't work with lm-pages (see above)
1507 // keep original target
1508 ilSession::set('pending_goto', 'goto.php?target=' . $a_target);
1509
1510 // redirect to 1st non-member object in path
1511 ilUtil::redirect(
1512 'ilias.php?baseClass=ilRepositoryGUI&ref_id=' . array_shift($block_obj)
1513 );
1514 }
1515 }
1516
1517 return $ret;
1518 }
1519
1520 private function confirmRegistration(): void
1521 {
1522 $this->lng->loadLanguageModule('registration');
1523 ilUtil::setCookie('iltest', 'cookie', false);
1524
1525 try {
1526 $reg_hash = $this->refinery->to()
1527 ->toNew(PendingRegistrationHash::class)
1528 ->transform([$this->http->wrapper()->query()->retrieve('rh', $this->refinery->byTrying([
1529 $this->refinery->kindlyTo()->string(),
1530 $this->refinery->always(null)
1531 ]))]);
1532
1533 $dual_opt_in_service = new DualOptInServiceImpl(
1534 new ilRegistrationSettings(),
1535 new PendingRegistrationDatabaseRepository($this->dic->database()),
1536 $this->dic->database(),
1537 $this->dic->logger()->user(),
1538 (new \ILIAS\Data\Factory())->clock()
1539 );
1540 $user = $dual_opt_in_service->verifyHashAndActivateUser($reg_hash);
1541
1542 $this->mainTemplate->setOnScreenMessage(
1543 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_SUCCESS,
1544 $this->lng->txt('reg_account_confirmation_successful'),
1545 true
1546 );
1547 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $user->getLanguage()));
1548 } catch (DualOptInException $exception) {
1549 $this->mainTemplate->setOnScreenMessage(
1550 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_FAILURE,
1551 $this->lng->txt($exception->getMessage()),
1552 true
1553 );
1554 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1555 } catch (Exception) {
1556 $this->mainTemplate->setOnScreenMessage(
1557 \ILIAS\UICore\GlobalTemplate::MESSAGE_TYPE_FAILURE,
1558 $this->lng->txt('reg_confirmation_hash_not_passed'),
1559 true
1560 );
1561 $this->ctrl->redirectToURL(sprintf('./login.php?cmd=force_login&lang=%s', $this->lng->getLangKey()));
1562 }
1563 }
1564
1569 public static function initStartUpTemplate(
1570 $a_tmpl,
1571 bool $a_show_back = false,
1572 bool $a_show_logout = false
1573 ): ilGlobalTemplateInterface {
1574 global $DIC;
1575
1576 $tpl = new ilGlobalTemplate('tpl.main.html', true, true);
1577
1578 $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'components/ILIAS/Init');
1579
1580 $view_title = $DIC->language()->txt('login_to_ilias');
1581 if ($a_show_back) {
1582 // #13400
1583 $param = 'client_id=' . CLIENT_ID . '&lang=' . $DIC->language()->getLangKey();
1584
1585 $tpl->setCurrentBlock('link_item_bl');
1586 $tpl->setVariable('LINK_TXT', $view_title);
1587 $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1588 $tpl->parseCurrentBlock();
1589
1590 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1591 $DIC->access()->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1592 $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1593 $tpl->setVariable('LINK_TXT', $DIC->language()->txt('home'));
1594 $tpl->parseCurrentBlock();
1595 }
1596 } elseif ($a_show_logout) {
1597 $view_title = $DIC->language()->txt('logout');
1598 $tpl->setCurrentBlock('link_item_bl');
1599 $tpl->setVariable('LINK_TXT', $view_title);
1600 $tpl->setVariable('LINK_URL', self::logoutUrl());
1601 $tpl->parseCurrentBlock();
1602 }
1603
1604 if (is_array($a_tmpl)) {
1605 $template_file = $a_tmpl[0];
1606 $template_dir = $a_tmpl[1];
1607 } else {
1608 $template_file = $a_tmpl;
1609 $template_dir = 'components/ILIAS/Init';
1610 }
1611
1612 $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1613
1614 PageContentProvider::setViewTitle($view_title);
1615 $short_title = trim($DIC->settings()->get('short_inst_name') ?? '');
1616 if ($short_title === '') {
1617 $short_title = 'ILIAS';
1618 }
1619 PageContentProvider::setShortTitle($short_title);
1620
1621 $header_title = ilObjSystemFolder::_getHeaderTitle();
1622 PageContentProvider::setTitle($header_title);
1623
1624 return $tpl;
1625 }
1626
1627 private function showSamlLoginForm(string $page_editor_html): string
1628 {
1629 if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1630 $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'components/ILIAS/Saml');
1631
1632 $return = '';
1633 $target = $this->initTargetFromQuery();
1634 if ($target !== '') {
1635 $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1636 }
1637
1638 $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1639 $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1640 $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1641 $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1642 $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1643
1644 return $this->substituteLoginPageElements(
1645 $GLOBALS['tpl'],
1646 $page_editor_html,
1647 $tpl->get(),
1648 '[list-saml-login]',
1649 'SAML_LOGIN_FORM'
1650 );
1651 }
1652
1653 return $page_editor_html;
1654 }
1655
1656 private function showOpenIdConnectLoginForm(string $page_editor_html): string
1657 {
1658 $oidc_settings = ilOpenIdConnectSettings::getInstance();
1659 if ($oidc_settings->getActive()) {
1660 $tpl = new ilTemplate('tpl.login_element.html', true, true, 'components/ILIAS/OpenIdConnect');
1661
1662 $this->lng->loadLanguageModule('auth');
1663 $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1664
1665 $target = $this->initTargetFromQuery();
1666 $target_str = empty($target) ? '' : ('?target=' . $target);
1667 switch ($oidc_settings->getLoginElementType()) {
1668 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1669 $tpl->setVariable('SCRIPT_OIDCONNECT_T', './openidconnect.php' . $target_str);
1670 $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1671 break;
1672
1673 case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1674 $tpl->setVariable('SCRIPT_OIDCONNECT_I', './openidconnect.php' . $target_str);
1675 $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1676 break;
1677 }
1678
1679 return $this->substituteLoginPageElements(
1680 $GLOBALS['tpl'],
1681 $page_editor_html,
1682 $tpl->get(),
1683 '[list-openid-connect-login]',
1684 'OPEN_ID_CONNECT_LOGIN_FORM'
1685 );
1686 }
1687
1688 return $page_editor_html;
1689 }
1690
1691 private function doOpenIdConnectAuthentication(): void
1692 {
1693 $this->getLogger()->debug('Trying openid connect authentication');
1694
1695 $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1696 $credentials->initFromRequest();
1697
1698 $provider_factory = new ilAuthProviderFactory();
1699 $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
1700
1701 $status = ilAuthStatus::getInstance();
1702
1703 $frontend_factory = new ilAuthFrontendFactory();
1704 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1705 $frontend = $frontend_factory->getFrontend(
1706 $this->authSession,
1707 $status,
1708 $credentials,
1709 [$provider]
1710 );
1711 $frontend->authenticate();
1712
1713 switch ($status->getStatus()) {
1714 case ilAuthStatus::STATUS_AUTHENTICATED:
1715 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1716 if ($credentials->getRedirectionTarget()) {
1717 ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
1718 }
1719 ilInitialisation::redirectToStartingPage();
1720
1721 // no break
1722 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1723 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1724 $this->ctrl->redirect($this, 'showLoginPage');
1725 }
1726
1727 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1728 $this->showLoginPage();
1729 }
1730
1731 private function doSamlAuthentication(): void
1732 {
1733 $this->getLogger()->debug('Trying saml authentication');
1734 $request = $this->httpRequest;
1735 $params = $request->getQueryParams();
1736
1737 $factory = new ilSamlAuthFactory();
1738 $auth = $factory->auth();
1739
1740 if (isset($params['action']) && $params['action'] === 'logout') {
1741 $logout_url = $params['logout_url'] ?? '';
1742 $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
1743 $host = fn($url) => parse_url($url ?: '', PHP_URL_HOST);
1744
1745 // Invalid URL's will be catched by this too ($host($logout_url) is null but not in array).
1746 if (!in_array($host($logout_url), array_filter([
1747 'localhost',
1748 $host($this->dic->iliasIni()->readVariable('server', 'http_path')),
1749 $host($this->dic->settings()->get('soap_wsdl_path')),
1750 $host((new ilSetting('auth'))->get('logout_behaviour_url')),
1751 ...explode(',', $this->dic->settings()->get('allowed_hosts', '')),
1752 ]), true)) {
1753 throw new Exception('Redirect URL not allowed');
1754 }
1755
1756 $auth->logout($logout_url);
1757 }
1758
1759 if (isset($params['target']) && !isset($params['returnTo'])) {
1760 $params['returnTo'] = $params['target'];
1761 }
1762
1763 if (isset($params['returnTo'])) {
1764 $auth->storeParam('target', $params['returnTo']);
1765 }
1766
1767 $this->logger->debug('Started SAML authentication request');
1768 if (!$auth->isAuthenticated()) {
1769 ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
1770 if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
1771 $activeIdps = ilSamlIdp::getActiveIdpList();
1772 if (count($activeIdps) === 1) {
1773 $idp = current($activeIdps);
1774
1775 ilLoggerFactory::getLogger('auth')->debug(
1776 sprintf(
1777 'Found exactly one active IDP with id %s: %s',
1778 $idp->getIdpId(),
1779 $idp->getEntityId()
1780 )
1781 );
1782
1783 $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
1784 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1785 $this->ctrl->setTargetScript('saml.php');
1786 $this->ctrl->redirect($this, 'doSamlAuthentication');
1787 } elseif ($activeIdps === []) {
1788 $this->logger->debug('Did not find any active IDP, skipp authentication process');
1789 $this->ctrl->redirect($this, 'showLoginPage');
1790 } else {
1791 $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
1792 $this->showSamlIdpSelection($auth, $activeIdps);
1793 return;
1794 }
1795 }
1796
1797 $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
1798 $this->logger->debug(sprintf('Stored relevant IDP id in session: %s', $auth->getParam('idpId')));
1799 }
1800
1801 $auth = $factory->auth();
1802
1803 $this->logger->debug('Checking SAML authentication status...');
1804 $auth->protectResource();
1805 $this->logger->debug(
1806 'SAML authentication successful, continuing with ILIAS internal authentication process...'
1807 );
1808
1809 $idpId = (int) $auth->getParam('idpId');
1810
1811 $this->logger->debug(
1812 sprintf(
1813 'Internal SAML IDP id fetched from session: %s',
1814 $idpId
1815 )
1816 );
1817
1818 if ($idpId < 1) {
1819 $this->logger->debug(
1820 'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
1821 );
1822 $authData = $auth->getAuthDataArray();
1823 if (isset($authData['saml:sp:IdP'])) {
1824 $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
1825 $this->logger->debug(
1826 sprintf(
1827 'Searching active ILIAS IDP by entity id "%s" results in: %s',
1828 $authData['saml:sp:IdP'],
1829 $idpId
1830 )
1831 );
1832 } else {
1833 $this->logger->debug(
1834 'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
1835 );
1836 }
1837 }
1838
1839 $target = $auth->popParam('target');
1840
1841 $this->logger->debug(sprintf('Retrieved "target" parameter: %s', print_r($target, true)));
1842
1843 $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
1844 $credentials->initFromRequest();
1845
1846 $provider_factory = new ilAuthProviderFactory();
1847 $provider = $provider_factory->getProviderByAuthMode(
1848 $credentials,
1849 ilUtil::stripSlashes(
1850 ilAuthUtils::AUTH_SAML . '_' . $idpId
1851 )
1852 );
1853
1854 if ($target) {
1855 $credentials->setReturnTo($target);
1856 } else {
1857 $target = $credentials->getReturnTo();
1858 }
1859
1860 $status = ilAuthStatus::getInstance();
1861
1862 $frontend_factory = new ilAuthFrontendFactory();
1863 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1864 $frontend = $frontend_factory->getFrontend(
1865 $this->authSession,
1866 $status,
1867 $credentials,
1868 [$provider]
1869 );
1870 $frontend->authenticate();
1871
1872 switch ($status->getStatus()) {
1873 case ilAuthStatus::STATUS_AUTHENTICATED:
1874 $this->logger->debug('Authentication successful; Redirecting to starting page.');
1875 ilInitialisation::redirectToStartingPage($target ?? '');
1876
1877 // no break
1878 case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
1879 $this->ctrl->redirect($this, 'showAccountMigration');
1880
1881 // no break
1882 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
1883 $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
1884 $this->ctrl->redirect($this, 'showLoginPage');
1885 }
1886
1887 $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1888 $this->showLoginPage();
1889 }
1890
1894 private function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
1895 {
1896 $this->help->setSubScreenId('saml_idp_selection');
1897
1898 self::initStartUpTemplate(['tpl.saml_idp_selection.html', 'components/ILIAS/Saml']);
1899
1900 $this->ctrl->setTargetScript('saml.php');
1901 $items = [];
1902 foreach ($idps as $idp) {
1903 $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
1904 $this->ctrl->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
1905
1906 $items[] = $this->ui_factory->link()->standard(
1907 $idp->getEntityId(),
1908 $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
1909 );
1910 }
1911
1912 $components = [
1913 $this->ui_factory->panel()->standard(
1914 $this->lng->txt('auth_saml_idp_selection_table_title'),
1915 [
1916 $this->ui_factory->messageBox()->info($this->lng->txt('auth_saml_idp_selection_table_desc')),
1917 $this->ui_factory->listing()->unordered(
1918 array_map(
1919 fn($item) => $this->ui_renderer->render($item),
1920 $items
1921 )
1922 )
1923 ]
1924 )
1925 ];
1926
1927 $this->mainTemplate->setVariable('CONTENT', $this->ui_renderer->render($components));
1928 $this->mainTemplate->printToStdout('DEFAULT', false);
1929 }
1930
1936 public static function logoutUrl(array $parameters = []): string
1937 {
1938 global $DIC;
1939
1940 $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
1941 $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
1942
1943 return $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
1944 }
1945}
IL_COOKIE_PATH
const IL_COOKIE_PATH
Definition: index.php:48
$duration
$duration
Definition: LOMStructure.php:54
mainTemplate
mainTemplate()
Definition: UITestHelper.php:77
$location
$location
Definition: buildRTE.php:22
$components
$components
Definition: build_bootstrap.php:58
ILIAS\DI\Container
Customizing of pimple-DIC for ILIAS.
Definition: Container.php:36
ILIAS\Data\Color\Factory
Builds a Color from either hex- or rgb values.
Definition: Factory.php:31
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ILIAS\HTTP\Services
Class Services.
Definition: Services.php:38
ILIAS\Registration\DualOptIn\Repository\PendingRegistrationDatabaseRepository
@phpstan-type PendingRegistrationRecord array{id: string, usr_id: int, reg_hash: string,...
Definition: PendingRegistrationDatabaseRepository.php:32
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:24
ilAccountRegistrationGUI
@ilCtrl_Calls ilAccountRegistrationGUI:
Definition: class.ilAccountRegistrationGUI.php:35
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:52
ilArrayUtil\stripSlashesRecursive
static stripSlashesRecursive($a_data, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilArrayUtil.php:60
ilAuthFrontendCredentialsLTI
Auth credentials for lti oauth based authentication.
Definition: class.ilAuthFrontendCredentialsLTI.php:28
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthFrontend\MIG_TRIGGER_AUTHMODE
const string MIG_TRIGGER_AUTHMODE
Definition: class.ilAuthFrontend.php:26
ilAuthFrontend\MIG_EXTERNAL_ACCOUNT
const string MIG_EXTERNAL_ACCOUNT
Definition: class.ilAuthFrontend.php:25
ilAuthPageEditorSettings\getInstance
static getInstance(AuthPageEditorContext $context)
Definition: class.ilAuthPageEditorSettings.php:46
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const int STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:31
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:395
ilAuthUtils\AUTH_SHIBBOLETH
const int AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:32
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:36
ilAuthUtils\AUTH_OPENID_CONNECT
const int AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:38
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:365
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:45
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:30
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:117
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:29
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:916
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1865
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:565
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:337
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:569
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:561
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:32
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1390
ilObjUser
User class.
Definition: class.ilObjUser.php:48
ilObjUser\_isAnonymous
static _isAnonymous(int $usr_id)
Definition: class.ilObjUser.php:1760
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1105
ilObjUser\setActive
setActive(bool $active, int $owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1052
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2823
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $unlimited)
Definition: class.ilObjUser.php:1115
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:2637
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:826
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages)
Definition: class.ilPageUtil.php:31
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:476
ilRegistrationCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilRegistrationCode.php:129
ilRegistrationCode\useCode
static useCode(string $code)
Definition: class.ilRegistrationCode.php:142
ilRegistrationCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilRegistrationCode.php:87
ilRegistrationCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:211
ilRegistrationCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilRegistrationCode.php:178
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:27
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:223
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:209
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:394
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:419
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:33
ilStartUpGUI
@ilCtrl_Calls ilStartUpGUI: ilAccountRegistrationGUI, ilPasswordAssistanceGUI, ilLoginPageGUI,...
Definition: class.ilStartUpGUI.php:42
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:829
ilStartUpGUI\$forced_cmd
static string $forced_cmd
Definition: class.ilStartUpGUI.php:51
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Definition: class.ilStartUpGUI.php:910
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:58
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:53
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:1936
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Definition: class.ilStartUpGUI.php:820
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1656
ilStartUpGUI\$db
ilDBInterface $db
Definition: class.ilStartUpGUI.php:64
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:61
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:67
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_MIGRATE
const PROP_ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:49
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:796
ilStartUpGUI\initStartUpTemplate
static initStartUpTemplate( $a_tmpl, bool $a_show_back=false, bool $a_show_logout=false)
This method enriches the global template with some user interface elements (language selection,...
Definition: class.ilStartUpGUI.php:1569
ilStartUpGUI\PROP_ACCOUNT_MIGRATION_NEW
const PROP_ACCOUNT_MIGRATION_NEW
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:56
ilStartUpGUI\getAuthPageEditorHtml
getAuthPageEditorHtml(AuthPageEditorContext $ipe_context)
Definition: class.ilStartUpGUI.php:930
ilStartUpGUI\$ui_renderer
ILIAS UI Renderer $ui_renderer
Definition: class.ilStartUpGUI.php:70
ilStartUpGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilStartUpGUI.php:153
ilStartUpGUI\checkForcedCommand
checkForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:109
ilStartUpGUI\setForcedCommand
static setForcedCommand(string $cmd)
Definition: class.ilStartUpGUI.php:104
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:364
ilStartUpGUI\__construct
__construct(?ilObjUser $user=null, ?ilGlobalTemplateInterface $mainTemplate=null, ?ServerRequestInterface $httpRequest=null)
Definition: class.ilStartUpGUI.php:72
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:63
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:60
ilStartUpGUI\$ui_factory
ILIAS UI Factory $ui_factory
Definition: class.ilStartUpGUI.php:69
ilStartUpGUI\showAccountMigration
showAccountMigration(?ILIAS\UI\Component\Input\Container\Form\Form $form=null, string $message='')
Definition: class.ilStartUpGUI.php:1106
ilStartUpGUI\buildCodeForm
buildCodeForm(?string $username=null)
Definition: class.ilStartUpGUI.php:407
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1627
ilStartUpGUI\doMigration
doMigration(array $migration_request_data)
Definition: class.ilStartUpGUI.php:1187
ilStartUpGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilStartUpGUI.php:146
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:66
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:59
ilStartUpGUI\showLoginPage
showLoginPage(?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:284
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1037
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:1894
ilStartUpGUI\showLegalDocumentsLinks
showLegalDocumentsLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1010
ilStartUpGUI\showCodeForm
showCodeForm(?string $username=null, ?ILIAS\UI\Component\Input\Container\Form\Form $form=null)
Definition: class.ilStartUpGUI.php:394
ilStartUpGUI\PROP_ACCOUNT_MIGRATION
const PROP_ACCOUNT_MIGRATION
Definition: class.ilStartUpGUI.php:47
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Definition: class.ilStartUpGUI.php:957
ilTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilTemplate.php:31
ilUserUtil\getStartingPointAsUrl
static getStartingPointAsUrl()
Definition: class.ilUserUtil.php:218
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1328
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:397
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:381
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:944
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1281
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:31
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilCtrlBaseClassInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlBaseClassInterface.php:38
ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:30
ilDBInterface
Interface ilDBInterface.
Definition: ilDBInterface.php:30
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
$client_id
$client_id
Definition: ltiauth.php:67
$ref_id
$ref_id
Definition: ltiauth.php:66
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:31
$path
$path
Definition: ltiservices.php:30
$provider
$provider
Definition: ltitoken.php:80
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\UI\Implementation\Component\Input\ViewControl\withAdditionalTransformation
withAdditionalTransformation(Transformation $trafo)
@inheritDoc
Definition: GroupDecorator.php:57
ILIAS
Interface Observer \BackgroundTasks Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
$lng
global $lng
Definition: privfeed.php:31
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23
$DIC
global $DIC
Definition: shib_login.php:26
$url
$url
Definition: shib_logout.php:70
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$param
$param
Definition: xapitoken.php:44