coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/tool/oauth2/classes/form/endpoint.php
+81
View File
@@ -0,0 +1,81 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains the form add/update oauth2 endpoint.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_oauth2\form;
defined('MOODLE_INTERNAL') || die();
use stdClass;
use core\form\persistent;
/**
* Issuer form.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class endpoint extends persistent {
/** @var string $persistentclass */
protected static $persistentclass = 'core\\oauth2\\endpoint';
/** @var array $fieldstoremove */
protected static $fieldstoremove = array('submitbutton', 'action');
/**
* Define the form - called by parent constructor
*/
public function definition() {
global $PAGE;
$mform = $this->_form;
$endpoint = $this->get_persistent();
// Name.
$mform->addElement('text', 'name', get_string('endpointname', 'tool_oauth2'));
$mform->addRule('name', null, 'required', null, 'client');
$mform->addRule('name', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('name', 'endpointname', 'tool_oauth2');
// Url.
$mform->addElement('text', 'url', get_string('endpointurl', 'tool_oauth2'));
$mform->addRule('url', null, 'required', null, 'client');
$mform->addRule('url', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
$mform->addHelpButton('url', 'endpointurl', 'tool_oauth2');
$mform->addElement('hidden', 'action', 'edit');
$mform->setType('action', PARAM_ALPHA);
$mform->addElement('hidden', 'issuerid', $endpoint->get('issuerid'));
$mform->setType('issuerid', PARAM_INT);
$mform->setConstant('issuerid', $this->_customdata['issuerid']);
$mform->addElement('hidden', 'id', $endpoint->get('id'));
$mform->setType('id', PARAM_INT);
$this->add_action_buttons(true, get_string('savechanges', 'tool_oauth2'));
}
}
admin/tool/oauth2/classes/form/issuer.php
+261
View File
@@ -0,0 +1,261 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains the form add/update oauth2 issuer.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_oauth2\form;
defined('MOODLE_INTERNAL') || die();
use stdClass;
use core\form\persistent;
/**
* Issuer form.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class issuer extends persistent {
/** @var string $persistentclass */
protected static $persistentclass = 'core\\oauth2\\issuer';
/** @var array $fieldstoremove */
protected static $fieldstoremove = array('type', 'submitbutton', 'action');
/** @var string $type */
protected $type;
/**
* Constructor.
*
* The 'persistent' has to be passed as custom data when 'editing'.
* If a standard issuer is created the type can be passed as custom data, which alters the form according to the
* type.
*
* Note that in order for your persistent to be reloaded after form submission you should
* either override the URL to include the ID to your resource, or add the ID to the form
* fields.
*
* @param mixed $action
* @param mixed $customdata
* @param string $method
* @param string $target
* @param mixed $attributes
* @param bool $editable
* @param array $ajaxformdata
*/
public function __construct($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null,
$editable = true, array $ajaxformdata = null) {
// The type variable defines, if we are in the creation process of a standard issuer.
if (array_key_exists('type', $customdata)) {
$this->type = $customdata['type'];
}
parent::__construct($action, $customdata, $method, $target, $attributes, $editable, $ajaxformdata);
}
/**
* Define the form - called by parent constructor
*/
public function definition() {
global $PAGE, $OUTPUT;
$mform = $this->_form;
$issuer = $this->get_persistent();
$docslink = optional_param('docslink', '', PARAM_ALPHAEXT);
if ($docslink) {
$name = s($issuer->get('name'));
$mform->addElement('html', $OUTPUT->doc_link($docslink, get_string('issuersetuptype', 'tool_oauth2', $name)));
} else {
$mform->addElement('html', $OUTPUT->page_doc_link(get_string('issuersetup', 'tool_oauth2')));
}
// Name.
$mform->addElement('text', 'name', get_string('issuername', 'tool_oauth2'));
$mform->addRule('name', null, 'required', null, 'client');
$mform->addRule('name', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('name', 'issuername', 'tool_oauth2');
// Client ID.
$mform->addElement('text', 'clientid', get_string('issuerclientid', 'tool_oauth2'));
$mform->addRule('clientid', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('clientid', 'issuerclientid', 'tool_oauth2');
// Client Secret.
$mform->addElement('text', 'clientsecret', get_string('issuerclientsecret', 'tool_oauth2'));
$mform->addRule('clientsecret', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('clientsecret', 'issuerclientsecret', 'tool_oauth2');
// Use basic authentication.
$mform->addElement('advcheckbox', 'basicauth', get_string('usebasicauth', 'tool_oauth2'));
$mform->addHelpButton('basicauth', 'usebasicauth', 'tool_oauth2');
// Base Url.
$mform->addElement('text', 'baseurl', get_string('issuerbaseurl', 'tool_oauth2'));
$mform->addRule('baseurl', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
$mform->addHelpButton('baseurl', 'issuerbaseurl', 'tool_oauth2');
if ($this->type && $this->type == 'nextcloud') {
$mform->addRule('baseurl', null, 'required', null, 'client');
}
// Image.
$mform->addElement('text', 'image', get_string('issuerimage', 'tool_oauth2'), 'maxlength="1024"');
$mform->addRule('image', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
$mform->addHelpButton('image', 'issuername', 'tool_oauth2');
// Show on login page.
$options = [
\core\oauth2\issuer::EVERYWHERE => get_string('issueruseineverywhere', 'tool_oauth2'),
\core\oauth2\issuer::LOGINONLY => get_string('issueruseinloginonly', 'tool_oauth2'),
\core\oauth2\issuer::SERVICEONLY => get_string('issueruseininternalonly', 'tool_oauth2'),
];
$mform->addElement('select', 'showonloginpage', get_string('issuerusein', 'tool_oauth2'), $options);
$mform->addHelpButton('showonloginpage', 'issuerusein', 'tool_oauth2');
// Name on login page.
$mform->addElement('text', 'loginpagename', get_string('issuerloginpagename', 'tool_oauth2'));
$mform->addRule('loginpagename', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('loginpagename', 'issuerloginpagename', 'tool_oauth2');
$mform->hideIf('loginpagename', 'showonloginpage', 'eq', \core\oauth2\issuer::SERVICEONLY);
// Login scopes.
$mform->addElement('text', 'loginscopes', get_string('issuerloginscopes', 'tool_oauth2'));
$mform->addRule('loginscopes', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('loginscopes', 'issuerloginscopes', 'tool_oauth2');
// Login scopes offline.
$mform->addElement('text', 'loginscopesoffline', get_string('issuerloginscopesoffline', 'tool_oauth2'));
$mform->addRule('loginscopesoffline', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('loginscopesoffline', 'issuerloginscopesoffline', 'tool_oauth2');
// Login params.
$mform->addElement('text', 'loginparams', get_string('issuerloginparams', 'tool_oauth2'));
$mform->addRule('loginparams', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('loginparams', 'issuerloginparams', 'tool_oauth2');
// Login params offline.
$mform->addElement('text', 'loginparamsoffline', get_string('issuerloginparamsoffline', 'tool_oauth2'));
$mform->addRule('loginparamsoffline', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('loginparamsoffline', 'issuerloginparamsoffline', 'tool_oauth2');
// Allowed Domains.
$mform->addElement('text', 'alloweddomains', get_string('issueralloweddomains', 'tool_oauth2'));
$mform->addRule('alloweddomains', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
$mform->addHelpButton('alloweddomains', 'issueralloweddomains', 'tool_oauth2');
$mform->hideIf('alloweddomains', 'showonloginpage', 'eq', \core\oauth2\issuer::SERVICEONLY);
// Require confirmation email for new accounts.
$mform->addElement('advcheckbox', 'requireconfirmation',
get_string('issuerrequireconfirmation', 'tool_oauth2'));
$mform->addHelpButton('requireconfirmation', 'issuerrequireconfirmation', 'tool_oauth2');
$mform->hideIf('requireconfirmation', 'showonloginpage',
'eq', \core\oauth2\issuer::SERVICEONLY);
$mform->addElement('checkbox', 'acceptrisk', get_string('acceptrisk', 'tool_oauth2'));
$mform->addHelpButton('acceptrisk', 'acceptrisk', 'tool_oauth2');
$mform->hideIf('acceptrisk', 'showonloginpage',
'eq', \core\oauth2\issuer::SERVICEONLY);
$mform->hideIf('acceptrisk', 'requireconfirmation', 'checked');
if ($this->type == 'imsobv2p1' || $issuer->get('servicetype') == 'imsobv2p1'
|| $this->type == 'moodlenet' || $issuer->get('servicetype') == 'moodlenet') {
$mform->addRule('baseurl', null, 'required', null, 'client');
} else {
$mform->addRule('clientid', null, 'required', null, 'client');
$mform->addRule('clientsecret', null, 'required', null, 'client');
}
$mform->addElement('hidden', 'sortorder');
$mform->setType('sortorder', PARAM_INT);
$mform->addElement('hidden', 'servicetype');
$mform->setType('servicetype', PARAM_ALPHANUM);
if ($this->type) {
$mform->addElement('hidden', 'action', 'savetemplate');
$mform->setType('action', PARAM_ALPHA);
$mform->addElement('hidden', 'type', $this->_customdata['type']);
$mform->setType('type', PARAM_ALPHANUM);
} else {
$mform->addElement('hidden', 'action', 'edit');
$mform->setType('action', PARAM_ALPHA);
}
$mform->addElement('hidden', 'enabled', $issuer->get('enabled'));
$mform->setType('enabled', PARAM_BOOL);
$mform->addElement('hidden', 'id', $issuer->get('id'));
$mform->setType('id', PARAM_INT);
$this->add_action_buttons(true, get_string('savechanges', 'tool_oauth2'));
}
/**
* This method implements changes to the form that need to be made once the form data is set.
*/
public function definition_after_data() {
$mform = $this->_form;
if ($this->type) {
// Set servicetype if it's defined.
$mform->getElement('servicetype')->setValue($this->type);
}
}
/**
* Define extra validation mechanims.
*
* The data here:
* - does not include {@see self::$fieldstoremove}.
* - does include {@see self::$foreignfields}.
* - was converted to map persistent-like data, e.g. array $description to string $description + int $descriptionformat.
*
* You can modify the $errors parameter in order to remove some validation errors should you
* need to. However, the best practice is to return new or overriden errors. Only modify the
* errors passed by reference when you have no other option.
*
* Do not add any logic here, it is only intended to be used by child classes.
*
* @param stdClass $data Data to validate.
* @param array $files Array of files.
* @param array $errors Currently reported errors.
* @return array of additional errors, or overridden errors.
*/
protected function extra_validation($data, $files, array &$errors) {
if ($data->showonloginpage != \core\oauth2\issuer::SERVICEONLY) {
if (!strlen(trim($data->loginscopes))) {
$errors['loginscopes'] = get_string('required');
}
if (!strlen(trim($data->loginscopesoffline))) {
$errors['loginscopesoffline'] = get_string('required');
}
if (empty($data->requireconfirmation) && empty($data->acceptrisk)) {
$errors['acceptrisk'] = get_string('required');
}
}
return $errors;
}
}
admin/tool/oauth2/classes/form/user_field_mapping.php
+80
View File
@@ -0,0 +1,80 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains the form add/update oauth2 user_field_mapping.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_oauth2\form;
defined('MOODLE_INTERNAL') || die();
use stdClass;
use core\form\persistent;
/**
* Issuer form.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class user_field_mapping extends persistent {
/** @var string $persistentclass */
protected static $persistentclass = 'core\\oauth2\\user_field_mapping';
/** @var array $fieldstoremove */
protected static $fieldstoremove = array('submitbutton', 'action');
/**
* Define the form - called by parent constructor
*/
public function definition() {
global $PAGE;
$mform = $this->_form;
$userfieldmapping = $this->get_persistent();
// External.
$mform->addElement('text', 'externalfield', get_string('userfieldexternalfield', 'tool_oauth2'));
$mform->addRule('externalfield', null, 'required', null, 'client');
$mform->addRule('externalfield', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('externalfield', 'userfieldexternalfield', 'tool_oauth2');
// Internal.
$choices = $userfieldmapping->get_internalfield_list();
$mform->addElement('selectgroups', 'internalfield', get_string('userfieldinternalfield', 'tool_oauth2'), $choices);
$mform->addHelpButton('internalfield', 'userfieldinternalfield', 'tool_oauth2');
$mform->addElement('hidden', 'action', 'edit');
$mform->setType('action', PARAM_ALPHA);
$mform->addElement('hidden', 'issuerid', $userfieldmapping->get('issuerid'));
$mform->setConstant('issuerid', $this->_customdata['issuerid']);
$mform->setType('issuerid', PARAM_INT);
$mform->addElement('hidden', 'id', $userfieldmapping->get('id'));
$mform->setType('id', PARAM_INT);
$this->add_action_buttons(true, get_string('savechanges', 'tool_oauth2'));
}
}
admin/tool/oauth2/classes/output/renderer.php
+333
View File
@@ -0,0 +1,333 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Output rendering for the plugin.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_oauth2\output;
use plugin_renderer_base;
use html_table;
use html_table_cell;
use html_table_row;
use html_writer;
use core\oauth2\issuer;
use core\oauth2\api;
use moodle_url;
defined('MOODLE_INTERNAL') || die();
/**
* Implements the plugin renderer
*
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class renderer extends plugin_renderer_base {
/**
* This function will render one beautiful table with all the issuers.
*
* @param \core\oauth2\issuer[] $issuers - list of all issuers.
* @return string HTML to output.
*/
public function issuers_table($issuers) {
global $CFG;
$table = new html_table();
$table->head = [
get_string('name'),
get_string('issuerusedforlogin', 'tool_oauth2'),
get_string('logindisplay', 'tool_oauth2'),
get_string('issuerusedforinternal', 'tool_oauth2'),
get_string('discoverystatus', 'tool_oauth2') . ' ' . $this->help_icon('discovered', 'tool_oauth2'),
get_string('systemauthstatus', 'tool_oauth2') . ' ' . $this->help_icon('systemaccountconnected', 'tool_oauth2'),
get_string('edit'),
];
$table->attributes['class'] = 'admintable generaltable';
$data = [];
$index = 0;
foreach ($issuers as $issuer) {
// We need to handle the first and last ones specially.
$first = false;
if ($index == 0) {
$first = true;
}
$last = false;
if ($index == count($issuers) - 1) {
$last = true;
}
// Name.
$name = $issuer->get('name');
$image = $issuer->get('image');
if ($image) {
$name = '<img width="24" height="24" alt="" src="' . s($image) . '"> ' . s($name);
}
$namecell = new html_table_cell($name);
$namecell->header = true;
// Login issuer.
if ((int)$issuer->get('showonloginpage') == issuer::SERVICEONLY) {
$loginissuer = $this->pix_icon('no', get_string('notloginissuer', 'tool_oauth2'), 'tool_oauth2');
$logindisplayas = '';
} else {
$logindisplayas = s($issuer->get_display_name());
if ($issuer->get('id') && $issuer->is_configured() && !empty($issuer->get_endpoint_url('userinfo'))) {
$loginissuer = $this->pix_icon('yes', get_string('loginissuer', 'tool_oauth2'), 'tool_oauth2');
} else {
$loginissuer = $this->pix_icon('notconfigured', get_string('notconfigured', 'tool_oauth2'), 'tool_oauth2');
}
}
$loginissuerstatuscell = new html_table_cell($loginissuer);
// Internal services issuer.
if ((int)$issuer->get('showonloginpage') == issuer::LOGINONLY) {
$serviceissuer = $this->pix_icon('no', get_string('issuersservicesnotallow', 'tool_oauth2'), 'tool_oauth2');
} else if ($issuer->get('id') && $issuer->is_configured()) {
$serviceissuer = $this->pix_icon('yes', get_string('issuersservicesallow', 'tool_oauth2'), 'tool_oauth2');
} else {
$serviceissuer = $this->pix_icon('notconfigured', get_string('notconfigured', 'tool_oauth2'), 'tool_oauth2');
}
$internalissuerstatuscell = new html_table_cell($serviceissuer);
// Discovered.
if (!empty($issuer->get('scopessupported'))) {
$discovered = $this->pix_icon('yes', get_string('discovered', 'tool_oauth2'), 'tool_oauth2');
} else {
if (!empty($issuer->get_endpoint_url('discovery'))) {
$discovered = $this->pix_icon('no', get_string('notdiscovered', 'tool_oauth2'), 'tool_oauth2');
} else {
$discovered = '-';
}
}
$discoverystatuscell = new html_table_cell($discovered);
// Connected.
if ($issuer->is_system_account_connected()) {
$systemaccount = \core\oauth2\api::get_system_account($issuer);
$systemauth = s($systemaccount->get('email')) . ' (' . s($systemaccount->get('username')). ') ';
$systemauth .= $this->pix_icon('yes', get_string('systemaccountconnected', 'tool_oauth2'), 'tool_oauth2');
} else {
$systemauth = $this->pix_icon('no', get_string('systemaccountnotconnected', 'tool_oauth2'), 'tool_oauth2');
}
$params = ['id' => $issuer->get('id'), 'action' => 'auth'];
$authurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
$icon = $this->pix_icon('auth', get_string('connectsystemaccount', 'tool_oauth2'), 'tool_oauth2');
$authlink = html_writer::link($authurl, $icon);
$systemauth .= ' ' . $authlink;
$systemauthstatuscell = new html_table_cell($systemauth);
$links = '';
// Action links.
$editurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['id' => $issuer->get('id'), 'action' => 'edit']);
$editlink = html_writer::link($editurl, $this->pix_icon('t/edit', get_string('edit')));
$links .= ' ' . $editlink;
// Endpoints.
$editendpointsurl = new moodle_url('/admin/tool/oauth2/endpoints.php', ['issuerid' => $issuer->get('id')]);
$str = get_string('editendpoints', 'tool_oauth2');
$editendpointlink = html_writer::link($editendpointsurl, $this->pix_icon('t/viewdetails', $str));
$links .= ' ' . $editendpointlink;
// User field mapping.
$params = ['issuerid' => $issuer->get('id')];
$edituserfieldmappingsurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php', $params);
$str = get_string('edituserfieldmappings', 'tool_oauth2');
$edituserfieldmappinglink = html_writer::link($edituserfieldmappingsurl, $this->pix_icon('t/user', $str));
$links .= ' ' . $edituserfieldmappinglink;
// Delete.
$deleteurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['id' => $issuer->get('id'), 'action' => 'delete']);
$deletelink = html_writer::link($deleteurl, $this->pix_icon('t/delete', get_string('delete')));
$links .= ' ' . $deletelink;
// Enable / Disable.
if ($issuer->get('enabled')) {
// Disable.
$disableparams = ['id' => $issuer->get('id'), 'sesskey' => sesskey(), 'action' => 'disable'];
$disableurl = new moodle_url('/admin/tool/oauth2/issuers.php', $disableparams);
$disablelink = html_writer::link($disableurl, $this->pix_icon('t/hide', get_string('disable')));
$links .= ' ' . $disablelink;
} else {
// Enable.
$enableparams = ['id' => $issuer->get('id'), 'sesskey' => sesskey(), 'action' => 'enable'];
$enableurl = new moodle_url('/admin/tool/oauth2/issuers.php', $enableparams);
$enablelink = html_writer::link($enableurl, $this->pix_icon('t/show', get_string('enable')));
$links .= ' ' . $enablelink;
}
if (!$last) {
// Move down.
$params = ['id' => $issuer->get('id'), 'action' => 'movedown', 'sesskey' => sesskey()];
$movedownurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
$movedownlink = html_writer::link($movedownurl, $this->pix_icon('t/down', get_string('movedown')));
$links .= ' ' . $movedownlink;
}
if (!$first) {
// Move up.
$params = ['id' => $issuer->get('id'), 'action' => 'moveup', 'sesskey' => sesskey()];
$moveupurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
$moveuplink = html_writer::link($moveupurl, $this->pix_icon('t/up', get_string('moveup')));
$links .= ' ' . $moveuplink;
}
$editcell = new html_table_cell($links);
$row = new html_table_row([
$namecell,
$loginissuerstatuscell,
$logindisplayas,
$internalissuerstatuscell,
$discoverystatuscell,
$systemauthstatuscell,
$editcell,
]);
if (!$issuer->get('enabled')) {
$row->attributes['class'] = 'dimmed_text';
}
$data[] = $row;
$index++;
}
$table->data = $data;
return html_writer::table($table);
}
/**
* This function will render one beautiful table with all the endpoints.
*
* @param \core\oauth2\endpoint[] $endpoints - list of all endpoints.
* @param int $issuerid
* @return string HTML to output.
*/
public function endpoints_table($endpoints, $issuerid) {
global $CFG;
$table = new html_table();
$table->head = [
get_string('name'),
get_string('url'),
get_string('edit'),
];
$table->attributes['class'] = 'admintable generaltable';
$data = [];
$index = 0;
foreach ($endpoints as $endpoint) {
// Name.
$name = $endpoint->get('name');
$namecell = new html_table_cell(s($name));
$namecell->header = true;
// Url.
$url = $endpoint->get('url');
$urlcell = new html_table_cell(s($url));
$links = '';
// Action links.
$editparams = ['issuerid' => $issuerid, 'endpointid' => $endpoint->get('id'), 'action' => 'edit'];
$editurl = new moodle_url('/admin/tool/oauth2/endpoints.php', $editparams);
$editlink = html_writer::link($editurl, $this->pix_icon('t/edit', get_string('edit')));
$links .= ' ' . $editlink;
// Delete.
$deleteparams = ['issuerid' => $issuerid, 'endpointid' => $endpoint->get('id'), 'action' => 'delete'];
$deleteurl = new moodle_url('/admin/tool/oauth2/endpoints.php', $deleteparams);
$deletelink = html_writer::link($deleteurl, $this->pix_icon('t/delete', get_string('delete')));
$links .= ' ' . $deletelink;
$editcell = new html_table_cell($links);
$row = new html_table_row([
$namecell,
$urlcell,
$editcell,
]);
$data[] = $row;
$index++;
}
$table->data = $data;
return html_writer::table($table);
}
/**
* This function will render one beautiful table with all the user_field_mappings.
*
* @param \core\oauth2\user_field_mapping[] $userfieldmappings - list of all user_field_mappings.
* @param int $issuerid
* @return string HTML to output.
*/
public function user_field_mappings_table($userfieldmappings, $issuerid) {
global $CFG;
$table = new html_table();
$table->head = [
get_string('userfieldexternalfield', 'tool_oauth2'),
get_string('userfieldinternalfield', 'tool_oauth2'),
get_string('edit'),
];
$table->attributes['class'] = 'admintable generaltable';
$data = [];
$index = 0;
foreach ($userfieldmappings as $userfieldmapping) {
// External field.
$externalfield = $userfieldmapping->get('externalfield');
$externalfieldcell = new html_table_cell(s($externalfield));
// Internal field.
$internalfield = $userfieldmapping->get('internalfield');
$internalfieldcell = new html_table_cell(s($internalfield));
$links = '';
// Action links.
$editparams = ['issuerid' => $issuerid, 'userfieldmappingid' => $userfieldmapping->get('id'), 'action' => 'edit'];
$editurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php', $editparams);
$editlink = html_writer::link($editurl, $this->pix_icon('t/edit', get_string('edit')));
$links .= ' ' . $editlink;
// Delete.
$deleteparams = ['issuerid' => $issuerid, 'userfieldmappingid' => $userfieldmapping->get('id'), 'action' => 'delete'];
$deleteurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php', $deleteparams);
$deletelink = html_writer::link($deleteurl, $this->pix_icon('t/delete', get_string('delete')));
$links .= ' ' . $deletelink;
$editcell = new html_table_cell($links);
$row = new html_table_row([
$externalfieldcell,
$internalfieldcell,
$editcell,
]);
$data[] = $row;
$index++;
}
$table->data = $data;
return html_writer::table($table);
}
}
admin/tool/oauth2/classes/privacy/provider.php
+46
View File
@@ -0,0 +1,46 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy Subsystem implementation for tool_oauth2.
*
* @package tool_oauth2
* @copyright 2018 Zig Tan <zig@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_oauth2\privacy;
defined('MOODLE_INTERNAL') || die();
/**
* Privacy Subsystem for tool_oauth2 implementing null_provider.
*
* @copyright 2018 Zig Tan <zig@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\null_provider {
/**
* Get the language string identifier with the component's language
* file to explain why this plugin stores no data.
*
* @return string
*/
public static function get_reason(): string {
return 'privacy:metadata';
}
}
admin/tool/oauth2/endpoints.php
+126
View File
@@ -0,0 +1,126 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* OAuth 2 Endpoing Configuration page.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese <damyon@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once(__DIR__ . '/../../../config.php');
require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/tablelib.php');
$PAGE->set_url('/admin/tool/oauth2/endpoints.php', ['issuerid' => required_param('issuerid', PARAM_INT)]);
$PAGE->set_context(context_system::instance());
$PAGE->set_pagelayout('admin');
$strheading = get_string('pluginname', 'tool_oauth2');
$PAGE->set_title($strheading);
$PAGE->set_heading($strheading);
require_admin();
$renderer = $PAGE->get_renderer('tool_oauth2');
$action = optional_param('action', '', PARAM_ALPHAEXT);
$issuerid = required_param('issuerid', PARAM_INT);
$endpointid = optional_param('endpointid', '', PARAM_INT);
$endpoint = null;
$mform = null;
$issuer = \core\oauth2\api::get_issuer($issuerid);
if (!$issuer) {
throw new \moodle_exception('invaliddata');
}
$PAGE->navbar->override_active_url(new moodle_url('/admin/tool/oauth2/issuers.php'), true);
if (!empty($endpointid)) {
$endpoint = \core\oauth2\api::get_endpoint($endpointid);
}
if ($action == 'edit') {
if ($endpoint) {
$strparams = [ 'issuer' => s($issuer->get('name')), 'endpoint' => s($endpoint->get('name')) ];
$PAGE->navbar->add(get_string('editendpoint', 'tool_oauth2', $strparams));
} else {
$PAGE->navbar->add(get_string('createnewendpoint', 'tool_oauth2', s($issuer->get('name'))));
}
$mform = new \tool_oauth2\form\endpoint(null, ['persistent' => $endpoint, 'issuerid' => $issuerid]);
}
if ($mform && $mform->is_cancelled()) {
redirect(new moodle_url('/admin/tool/oauth2/endpoints.php', ['issuerid' => $issuerid]));
} else if ($action == 'edit') {
if ($data = $mform->get_data()) {
try {
if (!empty($data->id)) {
core\oauth2\api::update_endpoint($data);
} else {
core\oauth2\api::create_endpoint($data);
}
redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
} catch (Exception $e) {
redirect($PAGE->url, $e->getMessage(), null, \core\output\notification::NOTIFY_ERROR);
}
} else {
echo $OUTPUT->header();
if ($endpoint) {
$strparams = [ 'issuer' => s($issuer->get('name')), 'endpoint' => s($endpoint->get('name')) ];
echo $OUTPUT->heading(get_string('editendpoint', 'tool_oauth2', $strparams));
} else {
echo $OUTPUT->heading(get_string('createnewendpoint', 'tool_oauth2', s($issuer->get('name'))));
}
$mform->display();
echo $OUTPUT->footer();
}
} else if ($action == 'delete') {
if (!optional_param('confirm', false, PARAM_BOOL)) {
$continueparams = [
'action' => 'delete',
'issuerid' => $issuerid,
'endpointid' => $endpointid,
'sesskey' => sesskey(),
'confirm' => true
];
$continueurl = new moodle_url('/admin/tool/oauth2/endpoints.php', $continueparams);
$cancelurl = new moodle_url('/admin/tool/oauth2/endpoints.php');
echo $OUTPUT->header();
$strparams = [ 'issuer' => s($issuer->get('name')), 'endpoint' => s($endpoint->get('name')) ];
echo $OUTPUT->confirm(get_string('deleteendpointconfirm', 'tool_oauth2', $strparams), $continueurl, $cancelurl);
echo $OUTPUT->footer();
} else {
require_sesskey();
core\oauth2\api::delete_endpoint($endpointid);
redirect($PAGE->url, get_string('endpointdeleted', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
}
} else {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('endpointsforissuer', 'tool_oauth2', s($issuer->get('name'))));
$endpoints = core\oauth2\api::get_endpoints($issuer);
echo $renderer->endpoints_table($endpoints, $issuerid);
$addurl = new moodle_url('/admin/tool/oauth2/endpoints.php', ['action' => 'edit', 'issuerid' => $issuerid]);
echo $renderer->single_button($addurl, get_string('createnewendpoint', 'tool_oauth2', s($issuer->get('name'))));
echo $OUTPUT->footer();
}
admin/tool/oauth2/issuers.php
+237
View File
@@ -0,0 +1,237 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* OAuth 2 Configuration page.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese <damyon@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once(__DIR__ . '/../../../config.php');
require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/tablelib.php');
$PAGE->set_url('/admin/tool/oauth2/issuers.php');
$PAGE->set_context(context_system::instance());
$PAGE->set_pagelayout('admin');
$strheading = get_string('pluginname', 'tool_oauth2');
$PAGE->set_title($strheading);
$PAGE->set_heading($strheading);
require_admin();
$renderer = $PAGE->get_renderer('tool_oauth2');
$action = optional_param('action', '', PARAM_ALPHAEXT);
$issuerid = optional_param('id', '', PARAM_RAW);
$issuer = null;
$mform = null;
if ($issuerid) {
$issuer = \core\oauth2\api::get_issuer($issuerid);
if (!$issuer) {
throw new \moodle_exception('invaliddata');
}
}
if ($action == 'edit') {
if ($issuer) {
$PAGE->navbar->add(get_string('editissuer', 'tool_oauth2', s($issuer->get('name'))));
} else {
$PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string('custom_service', 'tool_oauth2'));
}
$mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer]);
}
if ($mform && $mform->is_cancelled()) {
redirect(new moodle_url('/admin/tool/oauth2/issuers.php'));
} else if ($action == 'edit') {
if ($data = $mform->get_data()) {
try {
if (!empty($data->id)) {
core\oauth2\api::update_issuer($data);
} else {
core\oauth2\api::create_issuer($data);
}
redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
} catch (Exception $e) {
redirect($PAGE->url, $e->getMessage(), null, \core\output\notification::NOTIFY_ERROR);
}
} else {
echo $OUTPUT->header();
if ($issuer) {
echo $OUTPUT->heading(get_string('editissuer', 'tool_oauth2', s($issuer->get('name'))));
} else {
echo $OUTPUT->heading(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string('custom_service', 'tool_oauth2'));
}
$mform->display();
echo $OUTPUT->footer();
}
} else if ($action == 'savetemplate') {
$type = required_param('type', PARAM_ALPHANUM);
$mform = new \tool_oauth2\form\issuer(null, [
'persistent' => $issuer,
'type' => $type,
'showrequireconfirm' => true, // Ensure the "requireconfirmation" field is included in form data.
]);
if ($mform->is_cancelled()) {
redirect(new moodle_url('/admin/tool/oauth2/issuers.php'));
}
if ($mform->is_submitted() && $data = $mform->get_data()) {
$issuer = new core\oauth2\issuer(0, $data);
$issuer->create();
$issuer = core\oauth2\api::create_endpoints_for_standard_issuer($type, $issuer);
redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
} else {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string($type . '_service', 'tool_oauth2'));
$mform->display();
echo $OUTPUT->footer();
}
} else if ($action == 'edittemplate') {
$type = required_param('type', PARAM_ALPHANUM);
$docs = required_param('docslink', PARAM_ALPHAEXT);
require_sesskey();
$issuer = core\oauth2\api::init_standard_issuer($type);
$mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer, 'type' => $type]);
$PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string($type . '_service', 'tool_oauth2'));
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string($type . '_service', 'tool_oauth2'));
$mform->display();
echo $OUTPUT->footer();
} else if ($action == 'enable') {
require_sesskey();
core\oauth2\api::enable_issuer($issuerid);
redirect($PAGE->url, get_string('issuerenabled', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
} else if ($action == 'disable') {
require_sesskey();
core\oauth2\api::disable_issuer($issuerid);
redirect($PAGE->url, get_string('issuerdisabled', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
} else if ($action == 'delete') {
if (!optional_param('confirm', false, PARAM_BOOL)) {
$continueparams = ['action' => 'delete', 'id' => $issuerid, 'sesskey' => sesskey(), 'confirm' => true];
$continueurl = new moodle_url('/admin/tool/oauth2/issuers.php', $continueparams);
$cancelurl = new moodle_url('/admin/tool/oauth2/issuers.php');
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('deleteconfirm', 'tool_oauth2', s($issuer->get('name'))), $continueurl, $cancelurl);
echo $OUTPUT->footer();
} else {
require_sesskey();
core\oauth2\api::delete_issuer($issuerid);
redirect($PAGE->url, get_string('issuerdeleted', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
}
} else if ($action == 'auth') {
if (!optional_param('confirm', false, PARAM_BOOL)) {
$continueparams = ['action' => 'auth', 'id' => $issuerid, 'sesskey' => sesskey(), 'confirm' => true];
$continueurl = new moodle_url('/admin/tool/oauth2/issuers.php', $continueparams);
$cancelurl = new moodle_url('/admin/tool/oauth2/issuers.php');
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('authconfirm', 'tool_oauth2', s($issuer->get('name'))), $continueurl, $cancelurl);
echo $OUTPUT->footer();
} else {
require_sesskey();
$params = ['sesskey' => sesskey(), 'id' => $issuerid, 'action' => 'auth', 'confirm' => true, 'response' => true];
if (core\oauth2\api::connect_system_account($issuer, new moodle_url('/admin/tool/oauth2/issuers.php', $params))) {
redirect($PAGE->url, get_string('authconnected', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
} else {
redirect($PAGE->url, get_string('authnotconnected', 'tool_oauth2'), null, \core\output\notification::NOTIFY_ERROR);
}
}
} else if ($action == 'moveup') {
require_sesskey();
core\oauth2\api::move_up_issuer($issuerid);
redirect($PAGE->url);
} else if ($action == 'movedown') {
require_sesskey();
core\oauth2\api::move_down_issuer($issuerid);
redirect($PAGE->url);
} else {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('pluginname', 'tool_oauth2'));
echo $OUTPUT->doc_link('OAuth2_Services', get_string('serviceshelp', 'tool_oauth2'));
$issuers = core\oauth2\api::get_all_issuers(true);
echo $renderer->issuers_table($issuers);
echo $renderer->container_start();
echo get_string('createnewservice', 'tool_oauth2') . ' ';
// Google template.
$docs = 'admin/tool/oauth2/issuers/google';
$params = ['action' => 'edittemplate', 'type' => 'google', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('google_service', 'tool_oauth2'));
// Microsoft template.
$docs = 'admin/tool/oauth2/issuers/microsoft';
$params = ['action' => 'edittemplate', 'type' => 'microsoft', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('microsoft_service', 'tool_oauth2'));
// Facebook template.
$docs = 'admin/tool/oauth2/issuers/facebook';
$params = ['action' => 'edittemplate', 'type' => 'facebook', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('facebook_service', 'tool_oauth2'));
// Nextcloud template.
$docs = 'admin/tool/oauth2/issuers/nextcloud';
$params = ['action' => 'edittemplate', 'type' => 'nextcloud', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('nextcloud_service', 'tool_oauth2'));
// Linkedin template.
$docs = 'admin/tool/oauth2/issuers/linkedin';
$params = ['action' => 'edittemplate', 'type' => 'linkedin', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('linkedin_service', 'tool_oauth2'));
// Clever template.
$docs = 'admin/tool/oauth2/issuers/clever';
$params = ['action' => 'edittemplate', 'type' => 'clever', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('clever_service', 'tool_oauth2'));
// MoodleNet template.
$docs = 'admin/tool/oauth2/issuers/moodlenet';
$params = ['action' => 'edittemplate', 'type' => 'moodlenet', 'sesskey' => sesskey(), 'docslink' => $docs];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('moodlenet_service', 'tool_oauth2'));
// Generic issuer.
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['action' => 'edit']);
echo $renderer->single_button($addurl, get_string('custom_service', 'tool_oauth2'));
echo $renderer->container_end();
echo $OUTPUT->footer();
}
admin/tool/oauth2/lang/en/deprecated.txt
+1
View File
@@ -0,0 +1 @@
imsobv2p1_service,tool_oauth2
admin/tool/oauth2/lang/en/tool_oauth2.php
+129
View File
@@ -0,0 +1,129 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Strings for component 'tool_oauth2', language 'en'
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['acceptrisk'] = 'I understand that disabling email verification can be a security issue.';
$string['acceptrisk_help'] = 'Disabling email verification can potentially allow a user to authenticate as another user.';
$string['authconfirm'] = 'This action will grant permanent API access to Moodle for the authenticated account. This is intended to be used as a system account for managing files owned by Moodle.';
$string['authconnected'] = 'The system account is now connected for offline access';
$string['authnotconnected'] = 'The system account was not connected for offline access';
$string['clever_service'] = 'Clever';
$string['configured'] = 'Configured';
$string['configuredstatus'] = 'Configured';
$string['connectsystemaccount'] = 'Connect to a system account';
$string['createfromtemplate'] = 'Create an OAuth 2 service from a template';
$string['createfromtemplatedesc'] = 'Choose one of the OAuth 2 service templates below to create an OAuth service with a valid configuration for one of the known service types. This will create the OAuth 2 service, with all the correct end points and parameters required for authentication, though you will still need to enter the client ID and secret for the new service before it can be used.';
$string['createnewendpoint'] = 'Create new endpoint for issuer "{$a}"';
$string['createnewservice'] = 'Create new service:';
$string['createnewuserfieldmapping'] = 'Create new user field mapping for issuer "{$a}"';
$string['custom_service'] = 'Custom';
$string['deleteconfirm'] = 'Are you sure you want to delete the identity issuer "{$a}"? Any plugins relying on this issuer will stop working.';
$string['deleteendpointconfirm'] = 'Are you sure you want to delete the endpoint "{$a->endpoint}" for issuer "{$a->issuer}"? Any plugins relying on this endpoint will stop working.';
$string['deleteuserfieldmappingconfirm'] = 'Are you sure you want to delete the user field mapping for issuer "{$a}"?';
$string['discovered_help'] = 'Discovery means that the OAuth 2 endpoints could be automatically determined from the base URL for the OAuth service. Not all services are required to be "discovered", but if they are not, then the endpoints and user mapping information will need to be entered manually.';
$string['discovered'] = 'Service discovery successful';
$string['discoverystatus'] = 'Discovery';
$string['editendpoint'] = 'Edit endpoint: {$a->endpoint} for issuer {$a->issuer}';
$string['editendpoints'] = 'Configure endpoints';
$string['editissuer'] = 'Edit identity issuer: {$a}';
$string['edituserfieldmapping'] = 'Edit user field mapping for issuer {$a}';
$string['edituserfieldmappings'] = 'Configure user field mappings';
$string['endpointdeleted'] = 'Endpoint deleted';
$string['endpointname_help'] = 'Key used to search for this endpoint. Must end with "_endpoint".';
$string['endpointname'] = 'Name';
$string['endpointsforissuer'] = 'Endpoints for issuer: {$a}';
$string['endpointurl_help'] = 'URL for this endpoint. Must use https:// protocol.';
$string['endpointurl'] = 'URL';
$string['facebook_service'] = 'Facebook';
$string['google_service'] = 'Google';
$string['issuersetup'] = 'Detailed instructions on configuring the common OAuth 2 services';
$string['issuersetuptype'] = 'Detailed instructions on setting up the {$a} OAuth 2 provider';
$string['issueralloweddomains_help'] = 'If set, this setting is a comma separated list of domains that logins will be restricted to when using this provider.';
$string['issueralloweddomains_link'] = 'OAuth_2_login_domains';
$string['issueralloweddomains'] = 'Login domains';
$string['issuerbaseurl_help'] = 'Base URL used to access the service.';
$string['issuerbaseurl'] = 'Service base URL';
$string['issuerclientid'] = 'Client ID';
$string['issuerclientid_help'] = 'The OAuth client ID for this issuer.';
$string['issuerclientsecret'] = 'Client secret';
$string['issuerclientsecret_help'] = 'The OAuth client secret for this issuer.';
$string['issuerdeleted'] = 'Identity issuer deleted';
$string['issuerdisabled'] = 'Identity issuer disabled';
$string['issuerenabled'] = 'Identity issuer enabled';
$string['issuerimage_help'] = 'An image URL used to show a logo for this issuer. May be displayed on login page.';
$string['issuerimage'] = 'Logo URL';
$string['issuerloginpagename'] = 'Name displayed on the login page';
$string['issuerloginpagename_help'] = 'If specified, this name will be used on the login page instead of the service name.';
$string['issuerloginparams'] = 'Additional parameters included in a login request.';
$string['issuerloginparams_help'] = 'Some systems require additional parameters for a login request in order to read the user\'s basic profile.';
$string['issuerloginparamsoffline'] = 'Additional parameters included in a login request for offline access.';
$string['issuerloginparamsoffline_help'] = 'Each OAuth system defines a different way to request offline access. E.g. Google requires the additional params: "access_type=offline&prompt=consent". These parameters should be in URL query parameter format.';
$string['issuerloginscopes_help'] = 'Some systems require additional scopes for a login request in order to read the user\'s basic profile. The standard scopes for an OpenID Connect compliant system are "openid profile email".';
$string['issuerloginscopesoffline_help'] = 'Each OAuth system defines a different way to request offline access. E.g. Microsoft requires an additional scope "offline_access".';
$string['issuerloginscopesoffline'] = 'Scopes included in a login request for offline access.';
$string['issuerloginscopes'] = 'Scopes included in a login request.';
$string['issuername_help'] = 'Name of the identity issuer. May be displayed on login page.';
$string['issuername'] = 'Name';
$string['issuershowonloginpage_help'] = 'If the OAuth 2 authentication plugin is enabled, this login issuer will be listed on the login page to allow users to log in with accounts from this issuer.';
$string['issuershowonloginpage'] = 'Show on login page';
$string['issuerrequireconfirmation_help'] = 'Require that all users verify their email address before they can log in with OAuth. This applies to newly created accounts as part of the login process, or when an existing Moodle account is connected to an OAuth login via matching email addresses.';
$string['issuerrequireconfirmation'] = 'Require email verification';
$string['issuers'] = 'Issuers';
$string['issuersservicesallow'] = 'Allow services';
$string['issuersservicesnotallow'] = 'Do not allow services';
$string['issuerusein'] = 'This service will be used';
$string['issuerusein_help'] = 'OAuth 2 services can be used for internal services, on the login page, or both, if required.';
$string['issueruseineverywhere'] = 'Login page and internal services';
$string['issueruseininternalonly'] = 'Internal services only';
$string['issueruseinloginonly'] = 'Login page only';
$string['issuerusedforlogin'] = 'Login';
$string['issuerusedforinternal'] = 'Internal services';
$string['linkedin_service'] = 'LinkedIn';
$string['logindisplay'] = 'Display on login page as';
$string['loginissuer'] = 'Allow login';
$string['microsoft_service'] = 'Microsoft';
$string['moodlenet_service'] = 'MoodleNet';
$string['nextcloud_service'] = 'Nextcloud';
$string['notconfigured'] = 'Not configured';
$string['notdiscovered'] = 'Service discovery not successful';
$string['notloginissuer'] = 'Do not allow login';
$string['pluginname'] = 'OAuth 2 services';
$string['savechanges'] = 'Save changes';
$string['serviceshelp'] = 'Service provider setup instructions.';
$string['systemaccountconnected_help'] = 'System accounts are used to provide advanced functionality for plugins. They are not required for login functionality only, but other plugins using the OAuth service may offer a reduced set of features if the system account has not been connected. For example repositories cannot support "controlled links" without a system account to perform file operations.';
$string['systemaccountconnected'] = 'System account connected';
$string['systemaccountnotconnected'] = 'System account not connected';
$string['systemauthstatus'] = 'System account connected';
$string['usebasicauth'] = 'Authenticate token requests via HTTP headers';
$string['usebasicauth_help'] = 'Utilise the HTTP Basic authentication scheme when sending client ID and password with a refresh token request. Recommended by the OAuth 2 standard, but may not be available with some issuers.';
$string['userfieldexternalfield'] = 'External field name';
$string['userfieldexternalfield_error'] = 'This field cannot contain HTML.';
$string['userfieldexternalfield_help'] = 'Name of the field provided by the external OAuth system.';
$string['userfieldinternalfield_help'] = 'Name of the Moodle user field that should be mapped from the external field.';
$string['userfieldinternalfield'] = 'Internal field name';
$string['userfieldmappingdeleted'] = 'User field mapping deleted';
$string['userfieldmappingsforissuer'] = 'User field mappings for issuer: {$a}';
$string['privacy:metadata'] = 'The OAuth 2 services plugin does not store any personal data.';
// Deprecated since Moodle 4.3.
$string['imsobv2p1_service'] = 'Open Badges';
admin/tool/oauth2/pix/auth.svg
+3
View File
@@ -0,0 +1,3 @@
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
]><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" preserveAspectRatio="xMinYMid meet" overflow="visible"><path d="M9 16H1c-.5 0-1-.5-1-1V1c0-.5.5-1 1-1h8v2H3c-.6 0-1 .4-1 1v10c0 .6.4 1 1 1h6v2zM5 7.5v1c0 .5.5 1 1 1h4.7l-1.1 1.1c-.4.4-.4 1 0 1.4l.7.7c.4.4 1 .4 1.4 0l4-4c.4-.4.4-1 0-1.4l-4-4c-.4-.4-1-.4-1.4 0l-.7.7c-.4.4-.4 1 0 1.4l1 1H6c-.5.1-1 .6-1 1.1z" fill="#989898"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 567 B

admin/tool/oauth2/pix/no.svg
+3
View File
@@ -0,0 +1,3 @@
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
]><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="-1.6 -0.5 16 16" preserveAspectRatio="xMinYMid meet" overflow="visible"><path d="M12.8 2.7L10.1 0S8.5 1.5 6.4 4C4.3 1.5 2.7 0 2.7 0L0 2.7S1.9 4 4.6 6.4C3 8.7 1.3 11.6 0 14.9c2.2-2.7 4.4-5 6.4-6.9 2 1.9 4.2 4.2 6.4 6.9-1.3-3.3-3-6.2-4.6-8.6 2.7-2.3 4.6-3.6 4.6-3.6z" fill="#FF403C"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 515 B

admin/tool/oauth2/pix/notconfigured.svg
+14
View File
@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 25.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 16 16" style="enable-background:new 0 0 16 16;" xml:space="preserve" preserveAspectRatio="xMinYMid meet">
<style type="text/css">
.st0{fill:#FFA500;}
</style>
<path class="st0" d="M9.1,12.9v-1.7c0-0.1,0-0.2-0.1-0.2s-0.1-0.1-0.2-0.1H7.2c-0.1,0-0.1,0-0.2,0.1s-0.1,0.1-0.1,0.2v1.7
c0,0.1,0,0.2,0.1,0.2s0.1,0.1,0.2,0.1h1.7c0.1,0,0.1,0,0.2-0.1S9.1,13,9.1,12.9z M9.1,9.5l0.2-4.1c0-0.1,0-0.1-0.1-0.2
C9.1,5.2,9,5.2,9,5.2H7c-0.1,0-0.1,0-0.2,0.1c-0.1,0-0.1,0.1-0.1,0.2l0.2,4.1c0,0.1,0,0.1,0.1,0.1c0.1,0,0.1,0.1,0.2,0.1h1.6
c0.1,0,0.2,0,0.2-0.1C9.1,9.7,9.1,9.6,9.1,9.5z M9,1.3l6.8,12.5c0.2,0.4,0.2,0.7,0,1.1c-0.1,0.2-0.2,0.3-0.4,0.4s-0.4,0.2-0.6,0.2
H1.2c-0.2,0-0.4-0.1-0.6-0.2S0.3,15,0.2,14.9c-0.2-0.4-0.2-0.7,0-1.1L7,1.3c0.1-0.2,0.2-0.3,0.4-0.4S7.8,0.7,8,0.7s0.4,0.1,0.6,0.2
C8.8,0.9,8.9,1.1,9,1.3z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

admin/tool/oauth2/pix/yes.svg
+3
View File
@@ -0,0 +1,3 @@
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
]><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="-0.1 0 16 16" preserveAspectRatio="xMinYMid meet" overflow="visible"><path d="M6.4 11.1c-2-2.5-3.7-4-3.7-4L0 9.8C5 13.1 8.1 16 8.1 16s.2-.7.6-1.8c.9-2.7 3.2-8.1 7.1-14.2-4.6 3.7-7.7 8.2-9.4 11.1z" fill="#9C3"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 443 B

admin/tool/oauth2/settings.php
+30
View File
@@ -0,0 +1,30 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Oauth2 system configuration.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
if ($hassiteconfig) {
$ADMIN->add('server', new admin_externalpage('oauth2', new lang_string('pluginname', 'tool_oauth2'),
"$CFG->wwwroot/$CFG->admin/tool/oauth2/issuers.php"));
}
admin/tool/oauth2/tests/behat/basic_settings.feature
+348
View File
@@ -0,0 +1,348 @@
@tool @tool_oauth2 @external
Feature: Basic OAuth2 functionality
In order to use them later for authentication or repository plugins
As an administrator
I need to add a manage customised OAuth2 services.
Background:
Given I log in as "admin"
And I change window size to "large"
And I navigate to "Server > OAuth 2 services" in site administration
Scenario: Create, edit and delete standard service for Google
Given I press "Google"
And I should see "Create new service: Google"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And "Allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
And "Service discovery successful" "icon" should exist in the "Testing service" "table_row"
And I click on "Configure endpoints" "link" in the "Testing service" "table_row"
And I should see "https://accounts.google.com/.well-known/openid-configuration" in the "discovery_endpoint" "table_row"
And I should see "authorization_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Testing service" "table_row"
And I should see "firstname" in the "given_name" "table_row"
And I should see "middlename" in the "middle_name" "table_row"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| Name | Testing service modified |
And I press "Save changes"
And I should see "Changes saved"
And I should see "Testing service modified"
And I click on "Delete" "link" in the "Testing service modified" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Testing service modified\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Testing service modified"
Scenario: Create, edit and delete standard service for Microsoft
Given I press "Microsoft"
And I should see "Create new service: Microsoft"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And "Allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
And I should see "-" in the "Testing service" "table_row"
And I click on "Configure endpoints" "link" in the "Testing service" "table_row"
And I should see "authorization_endpoint"
And I should not see "discovery_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Testing service" "table_row"
And I should see "firstname" in the "givenName" "table_row"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| Name | Testing service modified |
And I press "Save changes"
And I should see "Changes saved"
And I should see "Testing service modified"
And I click on "Delete" "link" in the "Testing service modified" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Testing service modified\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Testing service modified"
Scenario: Create, edit and delete standard service for Facebook
Given I press "Facebook"
And I should see "Create new service: Facebook"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And "Allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
And I should see "-" in the "Testing service" "table_row"
And I click on "Configure endpoints" "link" in the "Testing service" "table_row"
And I should see "authorization_endpoint"
And I should not see "discovery_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Testing service" "table_row"
And I should see "firstname" in the "first_name" "table_row"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| Name | Testing service modified |
And I press "Save changes"
And I should see "Changes saved"
And I should see "Testing service modified"
And I click on "Delete" "link" in the "Testing service modified" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Testing service modified\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Testing service modified"
@javascript
Scenario: Create, edit and delete standard service for Nextcloud
Given I press "Nextcloud"
And I should see "Create new service: Nextcloud"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
And I press "Save changes"
And I should see "You must supply a value here."
And I set the following fields to these values:
| Service base URL | https://dummy.local/nextcloud/ |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And "Do not allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
And I should see "-" in the "Testing service" "table_row"
And I click on "Configure endpoints" "link" in the "Testing service" "table_row"
And I should see "authorization_endpoint"
And I should not see "discovery_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Testing service" "table_row"
And I should see "username" in the "ocs-data-id" "table_row"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| Name | Testing service modified |
And I press "Save changes"
And I should see "Testing service modified"
And I click on "Delete" "link" in the "Testing service modified" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Testing service modified\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Testing service modified"
Scenario: Create, edit and delete valid custom OIDC service
Given I press "Custom"
And I should see "Create new service: Custom"
And I set the following fields to these values:
| Name | Google custom |
| Client ID | thisistheclientid |
| Client secret | supersecret |
| Service base URL | https://accounts.google.com/ |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Google custom"
And "Do not allow login" "icon" should exist in the "Google custom" "table_row"
And "Allow services" "icon" should exist in the "Google custom" "table_row"
And "Service discovery successful" "icon" should exist in the "Google custom" "table_row"
And the "src" attribute of "table.admintable th img" "css_element" should contain "favicon.ico"
And I click on "Configure endpoints" "link" in the "Google custom" "table_row"
And I should see "https://accounts.google.com/.well-known/openid-configuration" in the "discovery_endpoint" "table_row"
And I should see "authorization_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Google custom" "table_row"
And I should see "firstname" in the "given_name" "table_row"
And I should see "middlename" in the "middle_name" "table_row"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Google custom" "table_row"
And I set the following fields to these values:
| Name | Google custom modified |
And I press "Save changes"
And I should see "Changes saved"
And I should see "Google custom modified"
And I click on "Delete" "link" in the "Google custom modified" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Google custom modified\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Google custom modified"
Scenario: Create, edit and delete invalid custom OIDC service
Given I press "Custom"
And I should see "Create new service: Custom"
And I set the following fields to these values:
| Name | Invalid custom service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
| Service base URL | http://dc.imsglobal.org/ |
When I press "Save changes"
Then I should see "For security reasons only https connections are allowed, sorry"
And I set the following fields to these values:
| Service base URL | https://dc.imsglobal.org/ |
And I press "Save changes"
And I should see "Could not discover end points for identity issuer: Invalid custom service"
And I should see "URL: https://dc.imsglobal.org/.well-known/openid-configuration"
And "Allow services" "icon" should exist in the "Invalid custom service" "table_row"
And "Do not allow login" "icon" should exist in the "Invalid custom service" "table_row"
And I should see "-" in the "Invalid custom service" "table_row"
And I click on "Configure endpoints" "link" in the "Invalid custom service" "table_row"
And I should not see "discovery_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Invalid custom service" "table_row"
And I should not see "given_name"
And I should not see "middle_name"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Invalid custom service" "table_row"
And I set the following fields to these values:
| Name | Valid custom service |
| Service base URL | https://accounts.google.com/ |
And I press "Save changes"
And "Do not allow login" "icon" should exist in the "Valid custom" "table_row"
And "Allow services" "icon" should exist in the "Valid custom" "table_row"
And I should see "-" in the "Valid custom" "table_row"
And I click on "Edit" "link" in the "Valid custom service" "table_row"
And I set the following fields to these values:
| Name | Invalid custom service |
| Service base URL | https://dc.imsglobal.org/ |
And I press "Save changes"
And I should see "-" in the "Invalid custom service" "table_row"
And I click on "Delete" "link" in the "Invalid custom service" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Invalid custom service\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Invalid custom service"
Scenario: Create, edit and delete empty custom OIDC service
Given I press "Custom"
And I should see "Create new service: Custom"
And I set the following fields to these values:
| Name | Empty custom service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
When I press "Save changes"
And I should see "Changes saved"
And I should see "Empty custom service"
And "Allow services" "icon" should exist in the "Empty custom service" "table_row"
And "Do not allow login" "icon" should exist in the "Empty custom service" "table_row"
And I should see "-" in the "Empty custom service" "table_row"
And I click on "Configure endpoints" "link" in the "Empty custom service" "table_row"
And I should not see "discovery_endpoint"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Configure user field mappings" "link" in the "Empty custom service" "table_row"
And I should not see "given_name"
And I should not see "middle_name"
And I navigate to "Server > OAuth 2 services" in site administration
And I click on "Edit" "link" in the "Empty custom service" "table_row"
# Check it works as expected too without slash at the end of the service base URL.
And I set the following fields to these values:
| Name | Valid custom service |
| Service base URL | https://accounts.google.com |
And I press "Save changes"
And "Do not allow login" "icon" should exist in the "Valid custom" "table_row"
And "Allow services" "icon" should exist in the "Valid custom" "table_row"
And I should see "-" in the "Valid custom" "table_row"
And I click on "Edit" "link" in the "Valid custom service" "table_row"
And I set the following fields to these values:
| Name | Invalid custom service |
| Service base URL | https://dc.imsglobal.org/ |
And I press "Save changes"
And I should see "-" in the "Invalid custom service" "table_row"
And I click on "Edit" "link" in the "Invalid custom service" "table_row"
And I set the following fields to these values:
| Name | Empty custom service |
| Service base URL | |
And I press "Save changes"
And I should see "Changes saved"
And I should see "Empty custom service"
And I click on "Delete" "link" in the "Empty custom service" "table_row"
And I should see "Are you sure you want to delete the identity issuer \"Empty custom service\"?"
And I press "Continue"
And I should see "Identity issuer deleted"
And I should not see "Empty custom service"
Scenario: Create a standard service for Google and test form and UI for login only, services only and both
Given I press "Google"
And I should see "Create new service: Google"
# Create using 'Login page only' option.
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
| This service will be used | Login page only |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And "Allow login" "icon" should exist in the "Testing service" "table_row"
And "Do not allow services" "icon" should exist in the "Testing service" "table_row"
And "Service discovery successful" "icon" should exist in the "Testing service" "table_row"
# Change to 'Internal services only'.
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| This service will be used | Internal services only |
And I press "Save changes"
And I should see "Changes saved"
And "Do not allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
# Change to 'Login page and internal services' and add a display name.
And I click on "Edit" "link" in the "Testing service" "table_row"
And I set the following fields to these values:
| This service will be used | Login page and internal services |
| Name displayed on the login page | Google new display name |
And I press "Save changes"
And I should see "Changes saved"
And "Allow login" "icon" should exist in the "Testing service" "table_row"
And "Allow services" "icon" should exist in the "Testing service" "table_row"
And I should see "Google new display name" in the "Testing service" "table_row"
Scenario: Create a login page only custom OIDC service
Given I press "Custom"
And I should see "Create new service: Custom"
And I set the following fields to these values:
| Name | Empty custom service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
| This service will be used | Login page only |
| Name displayed on the login page | Custom display name |
When I press "Save changes"
And I should see "Changes saved"
And I should see "Empty custom service"
And I should see "Custom display name" in the "Empty custom service" "table_row"
And "Not configured" "icon" should exist in the "Empty custom service" "table_row"
And "Do not allow services" "icon" should exist in the "Empty custom service" "table_row"
And I click on "Configure endpoints" "link" in the "Empty custom service" "table_row"
And I press "Create new endpoint for issuer \"Empty custom service\""
And I set the following fields to these values:
| Name | userinfo_endpoint |
| URL | https://example.com/userinfo |
And I press "Save changes"
And I navigate to "Server > OAuth 2 services" in site administration
And "Allow login" "icon" should exist in the "Empty custom service" "table_row"
And "Do not allow services" "icon" should exist in the "Empty custom service" "table_row"
@javascript
Scenario: Changes to "Authenticate token requests via HTTP headers" are saved
Given I press "Custom"
And I set the following fields to these values:
| Name | Custom service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
And I press "Save changes"
When I click on "Edit" "link" in the "Custom service" "table_row"
And I click on "Authenticate token requests via HTTP headers" "checkbox"
And I press "Save changes"
And I click on "Edit" "link" in the "Custom service" "table_row"
And the field "Authenticate token requests via HTTP headers" matches value "1"
And I click on "Authenticate token requests via HTTP headers" "checkbox"
And I press "Save changes"
And I click on "Edit" "link" in the "Custom service" "table_row"
Then the field "Authenticate token requests via HTTP headers" matches value ""
admin/tool/oauth2/tests/behat/email_verification.feature
+30
View File
@@ -0,0 +1,30 @@
@tool @tool_oauth2 @external @javascript
Feature: OAuth2 email verification
In order to make sure administrators understand the ramifications of email verification
As an administrator
I should see email verifications notifications when configuring an Oauth2 provider.
Background:
Given I log in as "admin"
And I change window size to "large"
And I navigate to "Server > OAuth 2 services" in site administration
Scenario: Create, edit and delete standard service for Google toggling email verification.
Given I press "Google"
And I should see "Create new service: Google"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
Then I should not see "I understand that disabling email verification can be a security issue."
And I click on "Require email verification" "checkbox"
And I should see "I understand that disabling email verification can be a security issue."
And I click on "I understand that disabling email verification can be a security issue." "checkbox"
And I press "Save changes"
And I should see "Changes saved"
And I click on "Edit" "link" in the "Testing service" "table_row"
And I press "Save changes"
And I should see "Required"
And I click on "Require email verification" "checkbox"
And I press "Save changes"
And I should see "Changes saved"
admin/tool/oauth2/tests/behat/user_profile_fields.feature
+43
View File
@@ -0,0 +1,43 @@
@tool @tool_oauth2 @javascript
Feature: OAuth2 user profile fields functionality
In order to use them later for authentication or repository plugins
As an administrator
I need to be able to map data fields provided by an Oauth2 provider
to custom user profile fields defined by an administrator.
Background:
Given the following "custom profile fields" exist:
| datatype | shortname | name | locked |
| text | unlocked_field | Unlocked field | 0 |
| text | locked_field | Locked field | 1 |
And I log in as "admin"
And I navigate to "Server > OAuth 2 services" in site administration
Scenario: Verify custom user profile field mapping
Given I press "Microsoft"
And I should see "Create new service: Microsoft"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
When I press "Save changes"
Then I should see "Changes saved"
And I should see "Testing service"
And I click on "Configure user field mappings" "link" in the "Testing service" "table_row"
# Create unlocked field
And I click on "Create new user field mapping for issuer \"Testing service\"" "button"
And I set the following fields to these values:
| External field name | External unlocked |
| Internal field name | Unlocked field |
And I click on "Save changes" "button"
And I should see "unlocked_field"
# Create locked field
And I click on "Create new user field mapping for issuer \"Testing service\"" "button"
And I set the following fields to these values:
| External field name | External locked |
| Internal field name | Locked field |
And I click on "Save changes" "button"
And I should see "locked_field"
admin/tool/oauth2/userfieldmappings.php
+124
View File
@@ -0,0 +1,124 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* OAuth 2 Endpoint Configuration page.
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese <damyon@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once(__DIR__ . '/../../../config.php');
require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/tablelib.php');
$PAGE->set_url('/admin/tool/oauth2/userfieldmappings.php', ['issuerid' => required_param('issuerid', PARAM_INT)]);
$PAGE->set_context(context_system::instance());
$PAGE->set_pagelayout('admin');
$strheading = get_string('pluginname', 'tool_oauth2');
$PAGE->set_title($strheading);
$PAGE->set_heading($strheading);
require_admin();
$renderer = $PAGE->get_renderer('tool_oauth2');
$action = optional_param('action', '', PARAM_ALPHAEXT);
$issuerid = required_param('issuerid', PARAM_INT);
$userfieldmappingid = optional_param('userfieldmappingid', '', PARAM_INT);
$userfieldmapping = null;
$mform = null;
$issuer = \core\oauth2\api::get_issuer($issuerid);
if (!$issuer) {
throw new \moodle_exception('invaliddata');
}
$PAGE->navbar->override_active_url(new moodle_url('/admin/tool/oauth2/issuers.php'), true);
if (!empty($userfieldmappingid)) {
$userfieldmapping = \core\oauth2\api::get_user_field_mapping($userfieldmappingid);
}
if ($action == 'edit') {
if ($userfieldmapping) {
$PAGE->navbar->add(get_string('edituserfieldmapping', 'tool_oauth2', s($issuer->get('name'))));
} else {
$PAGE->navbar->add(get_string('createnewuserfieldmapping', 'tool_oauth2', s($issuer->get('name'))));
}
$mform = new \tool_oauth2\form\user_field_mapping(null, ['persistent' => $userfieldmapping, 'issuerid' => $issuerid]);
}
if ($mform && $mform->is_cancelled()) {
redirect(new moodle_url('/admin/tool/oauth2/userfieldmappings.php', ['issuerid' => $issuerid]));
} else if ($action == 'edit') {
if ($data = $mform->get_data()) {
try {
if (!empty($data->id)) {
core\oauth2\api::update_user_field_mapping($data);
} else {
core\oauth2\api::create_user_field_mapping($data);
}
redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
} catch (Exception $e) {
redirect($PAGE->url, $e->getMessage(), null, \core\output\notification::NOTIFY_ERROR);
}
} else {
echo $OUTPUT->header();
if ($issuer) {
echo $OUTPUT->heading(get_string('edituserfieldmapping', 'tool_oauth2', s($issuer->get('name'))));
} else {
echo $OUTPUT->heading(get_string('createnewuserfieldmapping', 'tool_oauth2', s($issuer->get('name'))));
}
$mform->display();
echo $OUTPUT->footer();
}
} else if ($action == 'delete') {
if (!optional_param('confirm', false, PARAM_BOOL)) {
$continueparams = [
'action' => 'delete',
'issuerid' => $issuerid,
'userfieldmappingid' => $userfieldmappingid,
'sesskey' => sesskey(),
'confirm' => true
];
$continueurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php', $continueparams);
$cancelurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php');
echo $OUTPUT->header();
$str = get_string('deleteuserfieldmappingconfirm', 'tool_oauth2', s($issuer->get('name')));
echo $OUTPUT->confirm($str, $continueurl, $cancelurl);
echo $OUTPUT->footer();
} else {
require_sesskey();
core\oauth2\api::delete_user_field_mapping($userfieldmappingid);
redirect($PAGE->url, get_string('userfieldmappingdeleted', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);
}
} else {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('userfieldmappingsforissuer', 'tool_oauth2', s($issuer->get('name'))));
$userfieldmappings = core\oauth2\api::get_user_field_mappings($issuer);
echo $renderer->user_field_mappings_table($userfieldmappings, $issuerid);
$addurl = new moodle_url('/admin/tool/oauth2/userfieldmappings.php', ['action' => 'edit', 'issuerid' => $issuerid]);
echo $renderer->single_button($addurl, get_string('createnewuserfieldmapping', 'tool_oauth2', s($issuer->get('name'))));
echo $OUTPUT->footer();
}
admin/tool/oauth2/version.php
+30
View File
@@ -0,0 +1,30 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Plugin version info
*
* @package tool_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2024042200; // The current plugin version (Date: YYYYMMDDXX).
$plugin->requires = 2024041600; // Requires this Moodle version.
$plugin->component = 'tool_oauth2'; // Full name of the plugin (used for diagnostics).