/**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
     $ilLog->write(__METHOD__ . ': Successful CAS login.');
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     include_once "./Services/CAS/lib/CAS.php";
     if ($PHPCAS_CLIENT->getUser() != "") {
         $username = $PHPCAS_CLIENT->getUser();
         $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $a_auth->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
                 $a_auth->logout();
                 return false;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $a_auth->setAuth($local_user);
             return true;
         }
     } else {
         $ilLog->write(__METHOD__ . ': Login failed.');
         // This should never occur unless CAS is not configured properly
         $a_auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     return false;
 }
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
         // Store user's Shibboleth sessionID for logout
         $this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
         // Get loginname of user, new login name is generated if user is new
         $username = $this->generateLogin();
         // Authorize this user
         $this->setAuth($username);
         $userObj = new ilObjUser();
         // Check wether this account exists already, if not create it
         if (!ilObjUser::getUserIdByLogin($username)) {
             $newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
             $newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
             $newUser["login"] = $username;
             // Password must be random to prevent users from manually log in using the login data from Shibboleth users
             $newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
             }
             // Save mapping between ILIAS user and Shibboleth uniqueID
             $newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
             // other data
             $newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
             $newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
             $newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
             $newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
             $newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
             $newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
             $newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
             $newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
             $newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
             $newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
             $newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
             $newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
             $newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
             $newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
             $newUser["auth_mode"] = "shibboleth";
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             $userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Modify user data before creating the user
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             // Create use in DB
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // store acceptance of user agreement
             //$userObj->writeAccepted();
             // Default prefs
             $userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
             $userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
             // setup user preferences
             $userObj->writePrefs();
             //set role entries
             #$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
             // New role assignment
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
             // Authorize this user
             $this->setAuth($userObj->getLogin());
         } else {
             // Update user account
             $uid = $userObj->checkUserId();
             $userObj->setId($uid);
             $userObj->read($uid);
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
             }
             if ($ilias->getSetting('shib_update_title')) {
                 $userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
             }
             $userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
             $userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
             $userObj->setFullname();
             if ($ilias->getSetting('shib_update_institution')) {
                 $userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
             }
             if ($ilias->getSetting('shib_update_department')) {
                 $userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
             }
             if ($ilias->getSetting('shib_update_street')) {
                 $userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
             }
             if ($ilias->getSetting('shib_update_city')) {
                 $userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
             }
             if ($ilias->getSetting('shib_update_zipcode')) {
                 $userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
             }
             if ($ilias->getSetting('shib_update_country')) {
                 $userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
             }
             if ($ilias->getSetting('shib_update_phone_office')) {
                 $userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
             }
             if ($ilias->getSetting('shib_update_phone_home')) {
                 $userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
             }
             if ($ilias->getSetting('shib_update_phone_mobile')) {
                 $userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
             }
             if ($ilias->getSetting('shib_update_fax')) {
                 $userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
             }
             if ($ilias->getSetting('shib_update_matriculation')) {
                 $userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
             }
             if ($ilias->getSetting('shib_update_email')) {
                 $userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
             }
             if ($ilias->getSetting('shib_update_hobby')) {
                 $userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
             }
             if ($ilias->getSetting('shib_update_language')) {
                 $userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
             }
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             $userObj->update();
             // Update role assignments
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
         }
         // we are authenticated: redirect, if possible
         if ($_GET["target"] != "") {
             ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
         }
     } else {
         // This should never occur unless Shibboleth is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
 /**
  * Called after login and successful call of fetch data
  * @return 
  * @param object $a_username
  * @param object $a_auth
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $lng, $ilSetting;
     $GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
     // TODO: handle passed credentials via GET
     /*
     if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     // Not required anymore
     /*
     $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
     
     if (!$validation_data["valid"])
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     $local_user = $this->response["local_user"];
     if ($local_user != "") {
         // to do: handle update of user
         $a_auth->setAuth($local_user);
         return true;
     }
     if (!$ilSetting->get("soap_auth_create_users")) {
         $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
         $a_auth->logout();
         return false;
     }
     //echo "1";
     // try to map external user via e-mail to ILIAS user
     if ($this->response["email"] != "") {
         //echo "2";
         //var_dump ($_POST);
         $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
         // check, if password has been provided in user mapping screen
         // (see ilStartUpGUI::showUserMappingSelection)
         // FIXME
         if ($_POST["LoginMappedUser"] != "") {
             if (count($email_user) > 0) {
                 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
                 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
                 if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
                     // password is correct -> map user
                     //$this->setAuth($local_user); (use login not id)
                     ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
                     ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
                     $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
                     $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
                     $a_auth->status = '';
                     $a_auth->setAuth($local_user);
                     return true;
                 } else {
                     //echo "6"; exit;
                     $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
                     $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
                     $a_auth->logout();
                     return false;
                 }
             }
         }
         if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
             $_GET["email"] = $this->response["email"];
             $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
             $a_auth->logout();
             return false;
         }
     }
     $userObj = new ilObjUser();
     $local_user = ilAuthUtils::_generateLogin($a_username);
     $newUser["firstname"] = $this->response["firstname"];
     $newUser["lastname"] = $this->response["lastname"];
     $newUser["email"] = $this->response["email"];
     $newUser["login"] = $local_user;
     // to do: set valid password and send mail
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
     // generate password, if local authentication is allowed
     // and account mail is activated
     $pw = "";
     if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
         $pw = ilUtil::generatePasswords(1);
         $pw = $pw[0];
         $newUser["passwd"] = $pw;
         $newUser["passwd_type"] = IL_PASSWD_PLAIN;
     }
     //$newUser["gender"] = "m";
     $newUser["auth_mode"] = "soap";
     $newUser["ext_account"] = $a_username;
     $newUser["profile_incomplete"] = 1;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($lng->lang_default);
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(1);
     $userObj->setTimeLimitFrom(time());
     $userObj->setTimeLimitUntil(time());
     // Create user in DB
     $userObj->setOwner(0);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     //insert user data in table user_data
     $userObj->saveAsNew(false);
     // setup user preferences
     $userObj->writePrefs();
     // to do: test this
     $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
     // send account mail
     if ($ilSetting->get("soap_auth_account_mail")) {
         include_once './Services/User/classes/class.ilObjUserFolder.php';
         $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
         if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
             include_once "Services/Mail/classes/class.ilAccountMail.php";
             $acc_mail = new ilAccountMail();
             if ($pw != "") {
                 $acc_mail->setUserPassword($pw);
             }
             $acc_mail->setUser($userObj);
             $acc_mail->send();
         }
     }
     unset($userObj);
     $a_auth->setAuth($local_user);
     return true;
 }
 /**
  * create new user
  *
  * @access protected
  */
 protected function createUser(ilECSUser $user)
 {
     global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
     $userObj = new ilObjUser();
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
     $newUser["login"] = $local_user;
     $newUser["firstname"] = $user->getFirstname();
     $newUser["lastname"] = $user->getLastname();
     $newUser['email'] = $user->getEmail();
     $newUser['institution'] = $user->getInstitution();
     // set "plain md5" password (= no valid password)
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_MD5;
     $newUser["auth_mode"] = "ecs";
     $newUser["profile_incomplete"] = 0;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($ilSetting->get("language"));
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(0);
     $userObj->setTimeLimitFrom(time() - 5);
     $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
     $now = new ilDateTime(time(), IL_CAL_UNIX);
     $userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
     // Create user in DB
     $userObj->setOwner(6);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     $userObj->saveAsNew();
     $userObj->writePrefs();
     if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
         $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
     }
     ilObject::_writeImportId($userObj->getId(), $user->getImportId());
     $ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
     // Send Mail
     #$this->sendNotification($userObj);
     return $userObj->getLogin();
 }
示例#5
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (phpCAS::getUser() != "") {
         $username = phpCAS::getUser();
         // Authorize this user
         include_once './Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $this->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $this->status = AUTH_CAS_NO_ILIAS_USER;
                 $this->logout();
                 return;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $this->setAuth($local_user);
         }
     } else {
         // This should never occur unless CAS is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }