/**
* @see ilAuthContainerBase::loginObserver()
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
$ilLog->write(__METHOD__ . ': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
include_once "./Services/CAS/lib/CAS.php";
if ($PHPCAS_CLIENT->getUser() != "") {
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$a_auth->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
} else {
$ilLog->write(__METHOD__ . ': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}
public static function applyAccessLimits(ilObjUser $user, $code)
{
include_once './Services/Registration/classes/class.ilRegistrationCode.php';
$code_data = ilRegistrationCode::getCodeData($code);
if ($code_data["alimit"]) {
switch ($code_data["alimit"]) {
case "absolute":
$end = new ilDateTime($code_data['alimitdt'], IL_CAL_DATE);
//$user->setTimeLimitFrom(time());
$user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
$user->setTimeLimitUnlimited(0);
break;
case "relative":
$rel = unserialize($code_data["alimitdt"]);
include_once './Services/Calendar/classes/class.ilDateTime.php';
$end = new ilDateTime(time(), IL_CAL_UNIX);
if ($rel['y'] > 0) {
$end->increment(IL_CAL_YEAR, $rel['y']);
}
if ($rel['m'] > 0) {
$end->increment(IL_CAL_MONTH, $rel['m']);
}
if ($rel['d'] > 0) {
$end->increment(IL_CAL_DAY, $rel['d']);
}
//$user->setTimeLimitFrom(time());
$user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
$user->setTimeLimitUnlimited(0);
break;
case 'unlimited':
$user->setTimeLimitUnlimited(1);
break;
}
} else {
$user->setTimeLimitUnlimited(1);
}
}
protected function processCode()
{
global $lng, $ilAuth, $ilCtrl;
$uname = $_POST["uname"];
$form = $this->initCodeForm($uname);
if ($uname && $form->checkInput()) {
$code = $form->getInput("code");
include_once "Services/User/classes/class.ilAccountCode.php";
if (ilAccountCode::isUnusedCode($code)) {
$valid_until = ilAccountCode::getCodeValidUntil($code);
if (!($user_id = ilObjUser::_lookupId($uname))) {
$this->showLogin();
return false;
}
$invalid_code = false;
$user = new ilObjUser($user_id);
if ($valid_until === "0") {
$user->setTimeLimitUnlimited(true);
} else {
if (is_numeric($valid_until)) {
$valid_until = strtotime("+" . $valid_until . "days");
} else {
$valid_until = explode("-", $valid_until);
$valid_until = mktime(23, 59, 59, $valid_until[1], $valid_until[2], $valid_until[0]);
if ($valid_until < time()) {
$invalid_code = true;
}
}
if (!$invalid_code) {
$user->setTimeLimitUnlimited(false);
$user->setTimeLimitUntil($valid_until);
}
}
if (!$invalid_code) {
$user->setActive(true);
ilAccountCode::useCode($code);
// apply registration code role assignments
ilAccountCode::applyRoleAssignments($user, $code);
// apply registration code time limits
ilAccountCode::applyAccessLimits($user, $code);
$user->update();
$ilCtrl->setParameter($this, "cu", 1);
$ilCtrl->redirect($this, "showLogin");
}
}
$lng->loadLanguageModule("user");
$field = $form->getItemByPostVar("code");
$field->setAlert($lng->txt("user_account_code_not_valid"));
}
$form->setValuesByPost();
$this->showCodeForm($uname, $form);
}
/**
* handler for end of element when in verify mode.
*/
function verifyEndTag($a_xml_parser, $a_name)
{
global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
switch ($a_name) {
case "Role":
$this->roles[$this->current_role_id]["name"] = $this->cdata;
$this->roles[$this->current_role_id]["type"] = $this->current_role_type;
$this->roles[$this->current_role_id]["action"] = $this->current_role_action;
break;
case "User":
$this->userObj->setFullname();
if ($this->user_id != -1 && $this->action == "Update") {
$user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
} else {
$user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
}
if (is_null($this->userObj->getLogin())) {
$this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
}
switch ($this->action) {
case "Insert":
if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
}
if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
}
if (is_null($this->userObj->getFirstname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
}
if (is_null($this->userObj->getLastname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
}
if (count($this->roles) == 0) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
} else {
$has_global_role = false;
foreach ($this->roles as $role) {
if ($role['type'] == 'Global') {
$has_global_role = true;
break;
}
}
if (!$has_global_role) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
}
}
break;
case "Update":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
} elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
$someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
if (is_numeric($someonesId) && $someonesId != $this->user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
}
}
break;
case "Delete":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
}
break;
}
// init role array for next user
$this->roles = array();
break;
case "Login":
if (array_key_exists($this->cdata, $this->logins)) {
$this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
} else {
$this->logins[$this->cdata] = $this->cdata;
}
$this->userObj->setLogin($this->cdata);
break;
case "Password":
switch ($this->currPasswordType) {
case "ILIAS2":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
break;
case "PLAIN":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
break;
}
break;
case "Firstname":
$this->userObj->setFirstname($this->cdata);
break;
case "Lastname":
$this->userObj->setLastname($this->cdata);
break;
case "Title":
$this->userObj->setUTitle($this->cdata);
break;
case "Gender":
if ($this->cdata != "m" && $this->cdata != "f") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
}
$this->userObj->setGender($this->cdata);
break;
case "Email":
$this->userObj->setEmail($this->cdata);
break;
case "Institution":
$this->userObj->setInstitution($this->cdata);
break;
case "Street":
$this->userObj->setStreet($this->cdata);
break;
case "City":
$this->userObj->setCity($this->cdata);
break;
case "PostalCode":
$this->userObj->setZipCode($this->cdata);
break;
case "Country":
$this->userObj->setCountry($this->cdata);
break;
case "PhoneOffice":
$this->userObj->setPhoneOffice($this->cdata);
break;
case "PhoneHome":
$this->userObj->setPhoneHome($this->cdata);
break;
case "PhoneMobile":
$this->userObj->setPhoneMobile($this->cdata);
break;
case "Fax":
$this->userObj->setFax($this->cdata);
break;
case "Hobby":
$this->userObj->setHobby($this->cdata);
break;
case "Comment":
$this->userObj->setComment($this->cdata);
break;
case "Department":
$this->userObj->setDepartment($this->cdata);
break;
case "Matriculation":
$this->userObj->setMatriculation($this->cdata);
break;
case "ExternalAccount":
//echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
$am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
$loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
switch ($this->action) {
case "Insert":
if ($loginForExternalAccount != "") {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
}
break;
case "Update":
if ($loginForExternalAccount != "") {
$externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
}
}
break;
}
if ($externalAccountHasChanged) {
$this->userObj->setExternalAccount(trim($this->cdata));
}
break;
case "Active":
if ($this->cdata != "true" && $this->cdata != "false") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
}
$this->currActive = $this->cdata;
break;
case "TimeLimitOwner":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
}
$this->userObj->setTimeLimitOwner($this->cdata);
break;
case "TimeLimitUnlimited":
switch (strtolower($this->cdata)) {
case "true":
case "1":
$this->userObj->setTimeLimitUnlimited(1);
break;
case "false":
case "0":
$this->userObj->setTimeLimitUnlimited(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
break;
}
break;
case "TimeLimitFrom":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
}
$this->userObj->setTimeLimitFrom($this->cdata);
break;
case "TimeLimitUntil":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
}
$this->userObj->setTimeLimitUntil($this->cdata);
break;
case "TimeLimitMessage":
switch (strtolower($this->cdata)) {
case "1":
$this->userObj->setTimeLimitMessage(1);
break;
case "0":
$this->userObj->setTimeLimitMessage(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
break;
}
break;
case "ApproveDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
}
break;
case "AgreeDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
}
break;
case "iLincID":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
}
break;
case "iLincUser":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
}
break;
case "iLincPasswd":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
}
break;
case "Pref":
if ($this->currentPrefKey != null) {
$this->verifyPref($this->currentPrefKey, $this->cdata);
}
$this->currentPrefKey == null;
}
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
// Store user's Shibboleth sessionID for logout
$this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
// Get loginname of user, new login name is generated if user is new
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!ilObjUser::getUserIdByLogin($username)) {
$newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
$newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
$newUser["passwd_type"] = IL_PASSWD_MD5;
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
}
// Save mapping between ILIAS user and Shibboleth uniqueID
$newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
$newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
$newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
$newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
// Create use in DB
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// Default prefs
$userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
// setup user preferences
$userObj->writePrefs();
//set role entries
#$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
// New role assignment
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
// Authorize this user
$this->setAuth($userObj->getLogin());
} else {
// Update user account
$uid = $userObj->checkUserId();
$userObj->setId($uid);
$userObj->read($uid);
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
}
if ($ilias->getSetting('shib_update_title')) {
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
}
$userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
$userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution')) {
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
}
if ($ilias->getSetting('shib_update_department')) {
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
}
if ($ilias->getSetting('shib_update_street')) {
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
}
if ($ilias->getSetting('shib_update_city')) {
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
}
if ($ilias->getSetting('shib_update_zipcode')) {
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
}
if ($ilias->getSetting('shib_update_country')) {
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
}
if ($ilias->getSetting('shib_update_phone_office')) {
$userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
}
if ($ilias->getSetting('shib_update_phone_home')) {
$userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
}
if ($ilias->getSetting('shib_update_phone_mobile')) {
$userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
}
if ($ilias->getSetting('shib_update_fax')) {
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
}
if ($ilias->getSetting('shib_update_matriculation')) {
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
}
if ($ilias->getSetting('shib_update_email')) {
$userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
}
if ($ilias->getSetting('shib_update_hobby')) {
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
}
if ($ilias->getSetting('shib_update_language')) {
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
}
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
$userObj->update();
// Update role assignments
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
}
// we are authenticated: redirect, if possible
if ($_GET["target"] != "") {
ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
}
} else {
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
/**
* Extend account
* @param ilECSSetting $server
* @param ilObjUser $user
*/
protected static function extendAccount(ilECSSetting $settings, ilObjUser $user)
{
$end = new ilDateTime(time(), IL_CAL_UNIX);
$end->increment(IL_CAL_MONTH, $settings->getDuration());
$GLOBALS['ilLog']->write(__METHOD__ . ': account extension ' . (string) $end);
if ($user->getTimeLimitUntil() < $end->get(IL_CAL_UNIX)) {
$user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
$user->update();
}
}
/**
* update existing user
*
* @access protected
*/
protected function updateUser(ilECSUser $user, $a_local_user_id)
{
global $ilClientIniFile, $ilLog, $rbacadmin;
$user_obj = new ilObjUser($a_local_user_id);
$user_obj->setFirstname($user->getFirstname());
$user_obj->setLastname($user->getLastname());
$user_obj->setEmail($user->getEmail());
$user_obj->setInstitution($user->getInstitution());
$user_obj->setActive(true);
$until = $user_obj->getTimeLimitUntil();
$user_obj->setTimeLimitFrom(time() - 5);
if ($until < time() + $ilClientIniFile->readVariable('session', 'expire')) {
$user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
}
$user_obj->update();
$user_obj->refreshLogin();
if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
$rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $user_obj->getId(), true);
}
$ilLog->write(__METHOD__ . ': Finished update of remote user with usr_id: ' . $user->getImportId());
return $user_obj->getLogin();
}
/**
* Called after login and successful call of fetch data
* @return
* @param object $a_username
* @param object $a_auth
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "") {
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if (!$ilSetting->get("soap_auth_create_users")) {
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "") {
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "") {
if (count($email_user) > 0) {
$user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
} else {
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->setSubStatus(AUTH_WRONG_LOGIN);
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_CRYPTED;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = $pw;
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail")) {
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
include_once "Services/Mail/classes/class.ilAccountMail.php";
$acc_mail = new ilAccountMail();
if ($pw != "") {
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (phpCAS::getUser() != "") {
$username = phpCAS::getUser();
// Authorize this user
include_once './Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$this->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$this->status = AUTH_CAS_NO_ILIAS_USER;
$this->logout();
return;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$this->setAuth($local_user);
}
} else {
// This should never occur unless CAS is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
