/** * @see ilAuthContainerBase::loginObserver() */ public function loginObserver($a_username, $a_auth) { global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT; $ilLog->write(__METHOD__ . ': Successful CAS login.'); // Radius with ldap as data source include_once './Services/LDAP/classes/class.ilLDAPServer.php'; if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) { return $this->handleLDAPDataSource($a_auth, $a_username); } include_once "./Services/CAS/lib/CAS.php"; if ($PHPCAS_CLIENT->getUser() != "") { $username = $PHPCAS_CLIENT->getUser(); $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php'; $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username); if ($local_user != "") { $a_auth->setAuth($local_user); } else { if (!$ilSetting->get("cas_create_users")) { $a_auth->status = AUTH_CAS_NO_ILIAS_USER; $a_auth->logout(); return false; } $userObj = new ilObjUser(); $local_user = ilAuthUtils::_generateLogin($username); $newUser["firstname"] = $local_user; $newUser["lastname"] = ""; $newUser["login"] = $local_user; // set "plain md5" password (= no valid password) $newUser["passwd"] = ""; $newUser["passwd_type"] = IL_PASSWD_MD5; //$newUser["gender"] = "m"; $newUser["auth_mode"] = "cas"; $newUser["ext_account"] = $username; $newUser["profile_incomplete"] = 1; // system data $userObj->assignData($newUser); $userObj->setTitle($userObj->getFullname()); $userObj->setDescription($userObj->getEmail()); // set user language to system language $userObj->setLanguage($ilSetting->get("language")); // Time limit $userObj->setTimeLimitOwner(7); $userObj->setTimeLimitUnlimited(1); $userObj->setTimeLimitFrom(time()); $userObj->setTimeLimitUntil(time()); // Create user in DB $userObj->setOwner(0); $userObj->create(); $userObj->setActive(1); $userObj->updateOwner(); //insert user data in table user_data $userObj->saveAsNew(); // setup user preferences $userObj->writePrefs(); // to do: test this $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true); unset($userObj); $a_auth->setAuth($local_user); return true; } } else { $ilLog->write(__METHOD__ . ': Login failed.'); // This should never occur unless CAS is not configured properly $a_auth->status = AUTH_WRONG_LOGIN; return false; } return false; }
/** * Called after login and successful call of fetch data * @return * @param object $a_username * @param object $a_auth */ public function loginObserver($a_username, $a_auth) { global $ilias, $rbacadmin, $lng, $ilSetting; $GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called'); // TODO: handle passed credentials via GET /* if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"])) { $this->status = AUTH_WRONG_LOGIN; return; } */ // Not required anymore /* $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]); if (!$validation_data["valid"]) { $this->status = AUTH_WRONG_LOGIN; return; } */ $local_user = $this->response["local_user"]; if ($local_user != "") { // to do: handle update of user $a_auth->setAuth($local_user); return true; } if (!$ilSetting->get("soap_auth_create_users")) { $a_auth->status = AUTH_SOAP_NO_ILIAS_USER; $a_auth->logout(); return false; } //echo "1"; // try to map external user via e-mail to ILIAS user if ($this->response["email"] != "") { //echo "2"; //var_dump ($_POST); $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]); // check, if password has been provided in user mapping screen // (see ilStartUpGUI::showUserMappingSelection) // FIXME if ($_POST["LoginMappedUser"] != "") { if (count($email_user) > 0) { $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]); require_once 'Services/User/classes/class.ilUserPasswordManager.php'; if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) { // password is correct -> map user //$this->setAuth($local_user); (use login not id) ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]); ilObjUser::_writeAuthMode($_POST["usr_id"], "soap"); $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = ""; $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]); $a_auth->status = ''; $a_auth->setAuth($local_user); return true; } else { //echo "6"; exit; $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL; $a_auth->setSubStatus(AUTH_WRONG_LOGIN); $a_auth->logout(); return false; } } } if (count($email_user) > 0 && $_POST["CreateUser"] == "") { $_GET["email"] = $this->response["email"]; $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL; $a_auth->logout(); return false; } } $userObj = new ilObjUser(); $local_user = ilAuthUtils::_generateLogin($a_username); $newUser["firstname"] = $this->response["firstname"]; $newUser["lastname"] = $this->response["lastname"]; $newUser["email"] = $this->response["email"]; $newUser["login"] = $local_user; // to do: set valid password and send mail $newUser["passwd"] = ""; $newUser["passwd_type"] = IL_PASSWD_CRYPTED; // generate password, if local authentication is allowed // and account mail is activated $pw = ""; if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) { $pw = ilUtil::generatePasswords(1); $pw = $pw[0]; $newUser["passwd"] = $pw; $newUser["passwd_type"] = IL_PASSWD_PLAIN; } //$newUser["gender"] = "m"; $newUser["auth_mode"] = "soap"; $newUser["ext_account"] = $a_username; $newUser["profile_incomplete"] = 1; // system data $userObj->assignData($newUser); $userObj->setTitle($userObj->getFullname()); $userObj->setDescription($userObj->getEmail()); // set user language to system language $userObj->setLanguage($lng->lang_default); // Time limit $userObj->setTimeLimitOwner(7); $userObj->setTimeLimitUnlimited(1); $userObj->setTimeLimitFrom(time()); $userObj->setTimeLimitUntil(time()); // Create user in DB $userObj->setOwner(0); $userObj->create(); $userObj->setActive(1); $userObj->updateOwner(); //insert user data in table user_data $userObj->saveAsNew(false); // setup user preferences $userObj->writePrefs(); // to do: test this $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true); // send account mail if ($ilSetting->get("soap_auth_account_mail")) { include_once './Services/User/classes/class.ilObjUserFolder.php'; $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language")); if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") { include_once "Services/Mail/classes/class.ilAccountMail.php"; $acc_mail = new ilAccountMail(); if ($pw != "") { $acc_mail->setUserPassword($pw); } $acc_mail->setUser($userObj); $acc_mail->send(); } } unset($userObj); $a_auth->setAuth($local_user); return true; }
/** * create new user * * @access protected */ protected function createUser(ilECSUser $user) { global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog; $userObj = new ilObjUser(); include_once './Services/Authentication/classes/class.ilAuthUtils.php'; $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin()); $newUser["login"] = $local_user; $newUser["firstname"] = $user->getFirstname(); $newUser["lastname"] = $user->getLastname(); $newUser['email'] = $user->getEmail(); $newUser['institution'] = $user->getInstitution(); // set "plain md5" password (= no valid password) $newUser["passwd"] = ""; $newUser["passwd_type"] = IL_PASSWD_MD5; $newUser["auth_mode"] = "ecs"; $newUser["profile_incomplete"] = 0; // system data $userObj->assignData($newUser); $userObj->setTitle($userObj->getFullname()); $userObj->setDescription($userObj->getEmail()); // set user language to system language $userObj->setLanguage($ilSetting->get("language")); // Time limit $userObj->setTimeLimitOwner(7); $userObj->setTimeLimitUnlimited(0); $userObj->setTimeLimitFrom(time() - 5); $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire")); $now = new ilDateTime(time(), IL_CAL_UNIX); $userObj->setAgreeDate($now->get(IL_CAL_DATETIME)); // Create user in DB $userObj->setOwner(6); $userObj->create(); $userObj->setActive(1); $userObj->updateOwner(); $userObj->saveAsNew(); $userObj->writePrefs(); if ($global_role = $this->getCurrentServer()->getGlobalRole()) { $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true); } ilObject::_writeImportId($userObj->getId(), $user->getImportId()); $ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId()); // Send Mail #$this->sendNotification($userObj); return $userObj->getLogin(); }
/** * Login function * * @access private * @return void */ function login() { global $ilias, $rbacadmin, $ilSetting; if (phpCAS::getUser() != "") { $username = phpCAS::getUser(); // Authorize this user include_once './Services/User/classes/class.ilObjUser.php'; $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username); if ($local_user != "") { $this->setAuth($local_user); } else { if (!$ilSetting->get("cas_create_users")) { $this->status = AUTH_CAS_NO_ILIAS_USER; $this->logout(); return; } $userObj = new ilObjUser(); $local_user = ilAuthUtils::_generateLogin($username); $newUser["firstname"] = $local_user; $newUser["lastname"] = ""; $newUser["login"] = $local_user; // set "plain md5" password (= no valid password) $newUser["passwd"] = ""; $newUser["passwd_type"] = IL_PASSWD_MD5; //$newUser["gender"] = "m"; $newUser["auth_mode"] = "cas"; $newUser["ext_account"] = $username; $newUser["profile_incomplete"] = 1; // system data $userObj->assignData($newUser); $userObj->setTitle($userObj->getFullname()); $userObj->setDescription($userObj->getEmail()); // set user language to system language $userObj->setLanguage($ilSetting->get("language")); // Time limit $userObj->setTimeLimitOwner(7); $userObj->setTimeLimitUnlimited(1); $userObj->setTimeLimitFrom(time()); $userObj->setTimeLimitUntil(time()); // Create user in DB $userObj->setOwner(0); $userObj->create(); $userObj->setActive(1); $userObj->updateOwner(); //insert user data in table user_data $userObj->saveAsNew(); // setup user preferences $userObj->writePrefs(); // to do: test this $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true); unset($userObj); $this->setAuth($local_user); } } else { // This should never occur unless CAS is not configured properly $this->status = AUTH_WRONG_LOGIN; } }