Auth prvider for ecs auth. More...

Inheritance diagram for ilAuthProviderECS:

Collaboration diagram for ilAuthProviderECS:

Public Member Functions
	__construct (\ilAuthCredentials $credentials)
	Constructor. More...

	getAbreviation ()
	get abbreviation More...

	getMID ()
	get mid More...

	setMID (int $a_mid)

	setCurrentServer (ilECSSetting $server)
	Set current server. More...

	getCurrentServer ()
	Get current server. More...

	getServerSettings ()
	Get server settings. More...

	doAuthentication (\ilAuthStatus $status)
	Try ecs authentication. More...

	handleLogin ()
	Called from base class after successful login. More...

	initRemoteUserWithRemoteId ()

	validateHash ()
	Validate ECS hash. More...

Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)

	getLogger ()

	getCredentials ()

Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (ilAuthStatus $status)

Protected Member Functions
	handleLoginByAuthMode (ilAuthStatus $status)
	Redirects to shibboleth login; to standard login page for LDAP based authentication or authenticates/creates a local account. More...

	resumeCurrentSession ()

	createUser (ilECSUser $user)
	create new user More...

	updateUser (ilECSUser $user, int $a_local_user_id)
	update existing user More...

	resetMailOptions (int $a_usr_id)
	Reset mail options to "local only". More...

Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, string $a_reason)

Protected Attributes
int	$mid = null

string	$abreviation = null

ilECSSetting	$currentServer

ilECSServerSettings	$servers

Private Member Functions
	initECSServices ()
	Init ECS Services. More...

Private Attributes
ilIniFile	$clientIniFile

ilRbacAdmin	$rbacAdmin

ilSetting	$setting

ilLanguage	$lng

Refinery	$refinery

HTTPServices	$http

ilAuthSession	$authSession

ilCtrlInterface	$ctrl

Detailed Description

Auth prvider for ecs auth.

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 29 of file class.ilAuthProviderECS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderECS::__construct ( \ilAuthCredentials $credentials )

Constructor.

Parameters

\ilAuthCredentials $credentials

Definition at line 51 of file class.ilAuthProviderECS.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), ILIAS\Repository\ctrl(), ILIAS\FileDelivery\http(), initECSServices(), ILIAS\Repository\lng(), and ILIAS\Repository\refinery().

     {
         parent::__construct($credentials);
 
         global $DIC;
 
         $this->clientIniFile = $DIC->clientIni();
         $this->rbacAdmin = $DIC->rbac()->admin();
         $this->setting = $DIC->settings();
         $this->lng = $DIC->language();
         $this->lng->loadLanguageModule('ecs');
         $this->http = $DIC->http();
         $this->refinery = $DIC->refinery();
         $this->authSession = $DIC['ilAuthSession'];
         $this->ctrl = $DIC->ctrl();
 
         $this->initECSServices();
     }

Here is the call graph for this function:

Member Function Documentation

◆ createUser()

ilAuthProviderECS::createUser ( ilECSUser $user )

protected

create new user

Definition at line 354 of file class.ilAuthProviderECS.php.

References ilAuthUtils\_generateLogin(), ilObject\_writeImportId(), getAbreviation(), getCurrentServer(), ilECSUser\getEmail(), ilECSUser\getFirstname(), ilECSUser\getImportId(), ilECSUser\getInstitution(), ilECSUser\getLastname(), ilAuthProvider\getLogger(), ilECSUser\getLogin(), IL_CAL_DATETIME, IL_CAL_UNIX, ilObjUser\PASSWD_CRYPTED, resetMailOptions(), and SYSTEM_USER_ID.

Referenced by handleLogin().

                                                   : string
     {
         $userObj = new ilObjUser();
         $userObj->setOwner(SYSTEM_USER_ID);
 
         $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
 
         $newUser["login"] = $local_user;
         $newUser["firstname"] = $user->getFirstname();
         $newUser["lastname"] = $user->getLastname();
         $newUser['email'] = $user->getEmail();
         $newUser['institution'] = $user->getInstitution();
 
         // set "plain md5" password (= no valid password)
         $newUser["passwd"] = "";
         $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
 
         $newUser["auth_mode"] = "ecs";
         $newUser["profile_incomplete"] = 0;
 
         // system data
         $userObj->assignData($newUser);
         $userObj->setTitle($userObj->getFullname());
         $userObj->setDescription($userObj->getEmail());
 
         // set user language to system language
         $userObj->setLanguage($this->setting->get("language"));
 
         // Time limit
         $userObj->setTimeLimitOwner(7);
         $userObj->setTimeLimitUnlimited(false);
         $userObj->setTimeLimitFrom(time() - 5);
         $userObj->setTimeLimitUntil(time() + (int) $this->clientIniFile->readVariable("session", "expire"));
 
         // Create user in DB
         $userObj->setOwner(6);
         $tmp_date = new ilDateTime(time(), IL_CAL_UNIX);
         $userObj->setAgreeDate($tmp_date->get(IL_CAL_DATETIME));
         $userObj->create();
         $userObj->setActive(true);
         $userObj->saveAsNew();
         $userObj->updateOwner();
         $userObj->writePrefs();
 
         if ($this->getCurrentServer()->getGlobalRole()) {
             $this->rbacAdmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId());
         }
         ilObject::_writeImportId($userObj->getId(), $user->getImportId());
 
         $this->getLogger()->info('Created new remote user with usr_id: ' . $user->getImportId());
 
         // Send Mail
         #$this->sendNotification($userObj);
         $this->resetMailOptions($userObj->getId());
 
         return $userObj->getLogin();
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderECS::doAuthentication ( \ilAuthStatus $status )

Try ecs authentication.

Definition at line 119 of file class.ilAuthProviderECS.php.

References $server, ilECSServerSettings\ACTIVE_SERVER, ilAuthProvider\getLogger(), getServerSettings(), ilAuthProvider\handleAuthenticationFail(), handleLoginByAuthMode(), setCurrentServer(), and validateHash().

                                                            : bool
     {
         $this->getLogger()->debug('Starting ECS authentication');
         if (!$this->getServerSettings()->activeServerExists()) {
             $this->getLogger()->warning('No active ecs server found. Aborting');
             $this->handleAuthenticationFail($status, 'err_wrong_login');
             return false;
         }
 
         // Iterate through all active ecs instances
         foreach ($this->getServerSettings()->getServers(ilECSServerSettings::ACTIVE_SERVER) as $server) {
             $this->setCurrentServer($server);
             if ($this->validateHash()) {
                 return $this->handleLoginByAuthMode($status);
             }
         }
         $this->getLogger()->warning('Could not validate ecs hash for any active server.');
         $this->handleAuthenticationFail($status, 'err_wrong_login');
         return false;
     }

Here is the call graph for this function:

◆ getAbreviation()

ilAuthProviderECS::getAbreviation ( )

get abbreviation

Definition at line 73 of file class.ilAuthProviderECS.php.

References $abreviation.

Referenced by createUser().

                                     : string
     {
         return $this->abreviation;
     }

Here is the caller graph for this function:

◆ getCurrentServer()

ilAuthProviderECS::getCurrentServer ( )

Get current server.

Definition at line 102 of file class.ilAuthProviderECS.php.

References $currentServer.

Referenced by createUser(), handleLogin(), handleLoginByAuthMode(), initRemoteUserWithRemoteId(), resumeCurrentSession(), updateUser(), and validateHash().

                                       : ilECSSetting
     {
         return $this->currentServer;
     }

Here is the caller graph for this function:

◆ getMID()

ilAuthProviderECS::getMID ( )

get mid

Definition at line 81 of file class.ilAuthProviderECS.php.

References $mid.

Referenced by handleLogin(), handleLoginByAuthMode(), and initRemoteUserWithRemoteId().

                             : int
     {
         return $this->mid;
     }

Here is the caller graph for this function:

◆ getServerSettings()

ilAuthProviderECS::getServerSettings ( )

Get server settings.

Definition at line 110 of file class.ilAuthProviderECS.php.

References $servers.

Referenced by doAuthentication().

                                        : ilECSServerSettings
     {
         return $this->servers;
     }

Here is the caller graph for this function:

◆ handleLogin()

ilAuthProviderECS::handleLogin ( )

Called from base class after successful login.

Definition at line 226 of file class.ilAuthProviderECS.php.

References ilObjUser\_lookupId(), ilObject\_lookupObjIdByImportId(), createUser(), getCurrentServer(), ilAuthProvider\getLogger(), getMID(), ILIAS\FileDelivery\http(), and updateUser().

Referenced by handleLoginByAuthMode().

     {
         $user = new ilECSUser($this->http->request()->getQueryParams());
 
         if (!$usr_id = ilObject::_lookupObjIdByImportId($user->getImportId())) {
             $username = $this->createUser($user);
         } else {
             $username = $this->updateUser($user, $usr_id);
         }
 
         // set user imported
         $import = new ilECSImport($this->getCurrentServer()->getServerId(), $usr_id);
         $import->save();
 
         // Store remote user data
         $remoteUserRepository = new ilECSRemoteUserRepository();
         $remoteUserRepository->createIfNotExisting(
             $this->getCurrentServer()->getServerId(),
             $this->getMID(),
             ilObjUser::_lookupId($username),
             $user->getImportId()
         );
 
         $this->getLogger()->info('Current user is: ' . $username);
 
         return ilObjUser::_lookupId($username);
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handleLoginByAuthMode()

ilAuthProviderECS::handleLoginByAuthMode ( ilAuthStatus $status )

protected

Redirects to shibboleth login; to standard login page for LDAP based authentication or authenticates/creates a local account.

Definition at line 144 of file class.ilAuthProviderECS.php.

References ILIAS\Repository\ctrl(), getCurrentServer(), ilAuthProvider\getLogger(), getMID(), ilAuthProvider\handleAuthenticationFail(), handleLogin(), ILIAS\FileDelivery\http(), ilECSParticipantSetting\INCOMING_AUTH_TYPE_LOGIN_PAGE, ilECSParticipantSetting\INCOMING_AUTH_TYPE_SHIBBOLETH, initRemoteUserWithRemoteId(), ILIAS\Repository\lng(), ILIAS\Repository\refinery(), resumeCurrentSession(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by doAuthentication().

                                                                   : bool
     {
         $is_external_account = false;
         if ($this->http->wrapper()->query()->has('ecs_external_account')) {
             $is_external_account = $this->http->wrapper()->query()->retrieve(
                 'ecs_external_account',
                 $this->refinery->kindlyTo()->bool()
             );
         }
         $redirection_target = '';
         if ($this->http->wrapper()->query()->has('target')) {
             $redirection_target = $this->http->wrapper()->query()->retrieve(
                 'target',
                 $this->refinery->kindlyTo()->string()
             );
         }
         $part_settings = new ilECSParticipantSetting(
             $this->getCurrentServer()->getServerId(),
             $this->getMID()
         );
         if ($this->resumeCurrentSession()) {
             $this->getLogger()->debug('Continuing current user session');
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
             $status->setAuthenticatedUserId($this->authSession->getUserId());
             return true;
         }
         if (
             $is_external_account &&
             $part_settings->getIncomingAuthType() === ilECSParticipantSetting::INCOMING_AUTH_TYPE_LOGIN_PAGE
         ) {
             $this->getLogger()->info('ILIAS login page authentication required.');
             ilSession::set('success', $this->lng->txt('ecs_login_success_ilias'));
             $this->initRemoteUserWithRemoteId();
             $this->ctrl->redirectToURL('login.php?target=' . $redirection_target);
             return false;
         }
         if (
             $is_external_account &&
             $part_settings->getIncomingAuthType() === ilECSParticipantSetting::INCOMING_AUTH_TYPE_SHIBBOLETH
         ) {
             $this->getLogger()->info('Redirect to shibboleth authentication');
             $this->initRemoteUserWithRemoteId();
             $this->ctrl->redirectToURL('shib_login.php?target=' . $redirection_target);
         }
         if ($part_settings->areIncomingLocalAccountsSupported()) {
             // handle successful authentication
             $new_usr_id = $this->handleLogin();
             $this->getLogger()->info('ECS authentication successful.');
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
             $status->setAuthenticatedUserId($new_usr_id);
             return true;
         }
         $this->handleAuthenticationFail($status, 'err_wrong_login');
         return false;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initECSServices()

ilAuthProviderECS::initECSServices ( )

private

Init ECS Services.

Definition at line 346 of file class.ilAuthProviderECS.php.

References ilECSServerSettings\getInstance().

Referenced by __construct().

                                       : void
     {
         $this->servers = ilECSServerSettings::getInstance();
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initRemoteUserWithRemoteId()

ilAuthProviderECS::initRemoteUserWithRemoteId ( )

Definition at line 254 of file class.ilAuthProviderECS.php.

References getCurrentServer(), getMID(), and ILIAS\FileDelivery\http().

Referenced by handleLoginByAuthMode().

                                                 : void
     {
         $user = new ilECSUser($this->http->request()->getQueryParams());
 
         // Store remote user data
         $remoteUserRepository = new ilECSRemoteUserRepository();
         $remoteUserRepository->createIfRemoteUserNotExisting(
             $this->getCurrentServer()->getServerId(),
             $this->getMID(),
             0,
             $user->getLogin()
         );
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ resetMailOptions()

ilAuthProviderECS::resetMailOptions ( int $a_usr_id )

protected

Reset mail options to "local only".

Definition at line 450 of file class.ilAuthProviderECS.php.

References ilMailOptions\INCOMING_LOCAL.

Referenced by createUser(), and updateUser().

                                                       : void
     {
         $options = new ilMailOptions($a_usr_id);
         $options->setIncomingType(ilMailOptions::INCOMING_LOCAL);
         $options->updateOptions();
     }

Here is the caller graph for this function:

◆ resumeCurrentSession()

ilAuthProviderECS::resumeCurrentSession ( )

protected

Definition at line 200 of file class.ilAuthProviderECS.php.

References ilObjUser\_lookupExternalAccount(), ANONYMOUS_USER_ID, getCurrentServer(), ilAuthProvider\getLogger(), and ILIAS\FileDelivery\http().

Referenced by handleLoginByAuthMode().

                                              : bool
     {
         $session_user_id = $this->authSession->getUserId();
         if (!$session_user_id || $session_user_id === ANONYMOUS_USER_ID) {
             $this->getLogger()->debug('No valid session found');
             $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
             return false;
         }
         $session_ext_account = ilObjUser::_lookupExternalAccount($session_user_id);
         $user = new ilECSUser($this->http->request()->getQueryParams());
         $this->getLogger()->debug('ECS user name: ' . $user->getLogin());
         $this->getLogger()->debug('Session external account: ' . $session_ext_account);
         if (!$session_ext_account || strcmp($user->getLogin(), $session_ext_account) !== 0) {
             $this->getLogger()->debug('No matching session found. Terminating current user session.');
             $this->authSession->setAuthenticated(false, ANONYMOUS_USER_ID);
             return false;
         }
         // assign to ECS global role
         $this->rbacAdmin->assignUser($this->getCurrentServer()->getGlobalRole(), $this->authSession->getUserId());
         return true;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setCurrentServer()

ilAuthProviderECS::setCurrentServer ( ilECSSetting $server )

Set current server.

Definition at line 94 of file class.ilAuthProviderECS.php.

References $server.

Referenced by doAuthentication().

                                                           : void
     {
         $this->currentServer = $server;
     }

Here is the caller graph for this function:

◆ setMID()

ilAuthProviderECS::setMID ( int $a_mid )

Definition at line 86 of file class.ilAuthProviderECS.php.

Referenced by validateHash().

                                       : void
     {
         $this->mid = $a_mid;
     }

Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderECS::updateUser	(	ilECSUser	$user,
		int	$a_local_user_id
	)

protected

update existing user

Definition at line 415 of file class.ilAuthProviderECS.php.

References getCurrentServer(), ilECSUser\getEmail(), ilECSUser\getFirstname(), ilECSUser\getImportId(), ilECSUser\getInstitution(), ilECSUser\getLastname(), ilAuthProvider\getLogger(), and resetMailOptions().

Referenced by handleLogin().

                                                                         : string
     {
         $user_obj = new ilObjUser($a_local_user_id);
         $user_obj->setFirstname($user->getFirstname());
         $user_obj->setLastname($user->getLastname());
         $user_obj->setEmail($user->getEmail());
         $user_obj->setInstitution($user->getInstitution());
         $user_obj->setActive(true);
 
         $until = $user_obj->getTimeLimitUntil();
 
         if ($until < (time() + (int) $this->clientIniFile->readVariable('session', 'expire'))) {
             $user_obj->setTimeLimitFrom(time() - 60);
             $user_obj->setTimeLimitUntil(time() + (int) $this->clientIniFile->readVariable("session", "expire"));
         }
         $user_obj->update();
         $user_obj->refreshLogin();
 
         if ($this->getCurrentServer()->getGlobalRole()) {
             $this->rbacAdmin->assignUser(
                 $this->getCurrentServer()->getGlobalRole(),
                 $user_obj->getId()
             );
         }
 
         $this->resetMailOptions($a_local_user_id);
 
         $this->getLogger()->debug('Finished update of remote user with usr_id: ' . $user->getImportId());
         return $user_obj->getLogin();
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ validateHash()

ilAuthProviderECS::validateHash ( )

Validate ECS hash.

Definition at line 271 of file class.ilAuthProviderECS.php.

References Vendor\Package\$e, $res, getCurrentServer(), ilECSCommunityReader\getInstanceByServerId(), ilAuthProvider\getLogger(), ILIAS\FileDelivery\http(), ILIAS\Repository\refinery(), and setMID().

Referenced by doAuthentication().

                                   : bool
     {
         // fetch hash
         $hash = "";
         if ($this->http->wrapper()->query()->has('ecs_hash')) {
             $hash = $this->http->wrapper()->query()->retrieve(
                 'ecs_hash',
                 $this->refinery->kindlyTo()->string()
             );
         }
         if ($this->http->wrapper()->query()->has('ecs_hash_url')) {
             $hashurl = urldecode(
                 $this->http->wrapper()->query()->retrieve(
                     'ecs_hash_url',
                     $this->refinery->kindlyTo()->string()
                 )
             );
             $hash = basename(parse_url($hashurl, PHP_URL_PATH));
         }
 
         $this->getLogger()->info('Using ecs hash: ' . $hash);
         // Check if hash is valid ...
         try {
             $connector = new ilECSConnector($this->getCurrentServer());
             $res = $connector->getAuth($hash);
             $auths = $res->getResult();
 
             //$this->getLogger()->dump($auths, ilLogLevel::DEBUG);
 
             if ($auths->pid) {
                 try {
                     $reader = ilECSCommunityReader::getInstanceByServerId($this->getCurrentServer()->getServerId());
                     foreach ($reader->getParticipantsByPid($auths->pid) as $participant) {
                         if ($participant->getOrganisation() instanceof \ilECSOrganisation) {
                             $this->abreviation = $participant->getOrganisation()->getAbbreviation();
                             break;
                         }
                     }
                     if (!$this->abreviation) {
                         $this->abreviation = $auths->abbr;
                     }
                 } catch (Exception $e) {
                     $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
                     return false;
                 }
             } else {
                 $this->abreviation = $auths->abbr;
             }
 
             $this->getLogger()->debug('Got abbreviation: ' . $this->abreviation);
         } catch (ilECSConnectorException $e) {
             $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
             return false;
         }
 
         // read current mid
         try {
             $connector = new ilECSConnector($this->getCurrentServer());
             $details = $connector->getAuth($hash, true);
 
             //$this->getLogger()->dump($details, ilLogLevel::DEBUG);
             $this->getLogger()->debug('Token create for mid: ' . $details->getFirstSender());
 
             $this->setMID($details->getFirstSender());
         } catch (ilECSConnectorException $e) {
             $this->getLogger()->warning('Receiving mid failed with message: ' . $e->getMessage());
             return false;
         }
         return true;
     }