coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth/oauth2/tests/api_test.php
+255
View File
@@ -0,0 +1,255 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace auth_oauth2;
/**
* External auth oauth2 API tests.
*
* @package auth_oauth2
* @copyright 2017 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class api_test extends \advanced_testcase {
/**
* Test the cleaning of orphaned linked logins for all issuers.
*/
public function test_clean_orphaned_linked_logins(): void {
$this->resetAfterTest();
$this->setAdminUser();
$issuer = \core\oauth2\api::create_standard_issuer('google');
\core\oauth2\api::create_standard_issuer('microsoft');
$user = $this->getDataGenerator()->create_user();
$info = [];
$info['username'] = 'banana';
$info['email'] = 'banana@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
\core\oauth2\api::delete_issuer($issuer->get('id'));
$linkedlogins = \auth_oauth2\api::get_linked_logins($user->id, $issuer);
$this->assertCount(1, $linkedlogins);
\auth_oauth2\api::clean_orphaned_linked_logins();
$linkedlogins = \auth_oauth2\api::get_linked_logins($user->id, $issuer);
$this->assertCount(0, $linkedlogins);
$match = \auth_oauth2\api::match_username_to_user('banana', $issuer);
$this->assertFalse($match);
}
/**
* Test the cleaning of orphaned linked logins for a specific issuer.
*/
public function test_clean_orphaned_linked_logins_with_issuer_id(): void {
$this->resetAfterTest();
$this->setAdminUser();
$issuer1 = \core\oauth2\api::create_standard_issuer('google');
$issuer2 = \core\oauth2\api::create_standard_issuer('microsoft');
$user1 = $this->getDataGenerator()->create_user();
$info = [];
$info['username'] = 'banana';
$info['email'] = 'banana@example.com';
\auth_oauth2\api::link_login($info, $issuer1, $user1->id, false);
$user2 = $this->getDataGenerator()->create_user();
$info = [];
$info['username'] = 'apple';
$info['email'] = 'apple@example.com';
\auth_oauth2\api::link_login($info, $issuer2, $user2->id, false);
\core\oauth2\api::delete_issuer($issuer1->get('id'));
\auth_oauth2\api::clean_orphaned_linked_logins($issuer1->get('id'));
$linkedlogins = \auth_oauth2\api::get_linked_logins($user1->id, $issuer1);
$this->assertCount(0, $linkedlogins);
$linkedlogins = \auth_oauth2\api::get_linked_logins($user2->id, $issuer2);
$this->assertCount(1, $linkedlogins);
}
/**
* Test creating a new confirmed account.
* Including testing that user profile fields are correctly set.
*
* @covers \auth_oauth2\api::create_new_confirmed_account
*/
public function test_create_new_confirmed_account(): void {
global $DB;
$this->resetAfterTest();
$this->setAdminUser();
$issuer = \core\oauth2\api::create_standard_issuer('microsoft');
$info = [];
$info['username'] = 'apple';
$info['email'] = 'apple@example.com';
$info['firstname'] = 'Apple';
$info['lastname'] = 'Fruit';
$info['alternatename'] = 'Beatles';
$info['idnumber'] = '123456';
$info['city'] = 'Melbourne';
$info['country'] = 'AU';
$info['institution'] = 'ACME Inc';
$info['department'] = 'Misc Explosives';
$createduser = \auth_oauth2\api::create_new_confirmed_account($info, $issuer);
// Get actual user record from DB to check.
$userdata = $DB->get_record('user', ['id' => $createduser->id]);
// Confirm each value supplied from issuers is saved into the user record.
foreach ($info as $key => $value) {
$this->assertEquals($value, $userdata->$key);
}
// Explicitly test the user is confirmed.
$this->assertEquals(1, $userdata->confirmed);
}
/**
* Test auto-confirming linked logins.
*/
public function test_linked_logins(): void {
$this->resetAfterTest();
$this->setAdminUser();
$issuer = \core\oauth2\api::create_standard_issuer('google');
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
$info = [];
$info['username'] = 'banana';
$info['email'] = 'banana@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
// Try and match a user with a linked login.
$match = \auth_oauth2\api::match_username_to_user('banana', $issuer);
$this->assertEquals($user->id, $match->get('userid'));
$linkedlogins = \auth_oauth2\api::get_linked_logins($user->id, $issuer);
\auth_oauth2\api::delete_linked_login($linkedlogins[0]->get('id'));
$match = \auth_oauth2\api::match_username_to_user('banana', $issuer);
$this->assertFalse($match);
$info = [];
$info['username'] = 'apple';
$info['email'] = 'apple@example.com';
$info['firstname'] = 'Apple';
$info['lastname'] = 'Fruit';
$info['url'] = 'http://apple.com/';
$info['alternamename'] = 'Beatles';
$newuser = \auth_oauth2\api::create_new_confirmed_account($info, $issuer);
$match = \auth_oauth2\api::match_username_to_user('apple', $issuer);
$this->assertEquals($newuser->id, $match->get('userid'));
}
/**
* Test that we cannot deleted a linked login for another user
*/
public function test_delete_linked_login_other_user(): void {
$this->resetAfterTest();
$this->setAdminUser();
$issuer = \core\oauth2\api::create_standard_issuer('google');
$user = $this->getDataGenerator()->create_user();
api::link_login([
'username' => 'banana',
'email' => 'banana@example.com',
], $issuer, $user->id);
/** @var linked_login $linkedlogin */
$linkedlogin = api::get_linked_logins($user->id)[0];
// We are logged in as a different user, so cannot delete this.
$this->expectException(\dml_missing_record_exception::class);
api::delete_linked_login($linkedlogin->get('id'));
}
/**
* Test that is_enabled correctly identifies when the plugin is enabled.
*/
public function test_is_enabled(): void {
$this->resetAfterTest();
set_config('auth', 'manual,oauth2');
$this->assertTrue(\auth_oauth2\api::is_enabled());
}
/**
* Test that is_enabled correctly identifies when the plugin is disabled.
*/
public function test_is_enabled_disabled(): void {
$this->resetAfterTest();
set_config('auth', 'manual');
$this->assertFalse(\auth_oauth2\api::is_enabled());
}
/**
* Test creating a user via the send confirm account email method.
* Including testing that user profile fields are correctly set.
*
* @covers \auth_oauth2\api::send_confirm_account_email
*/
public function test_send_confirm_account_email(): void {
global $DB;
$this->resetAfterTest();
$this->setAdminUser();
$issuer = \core\oauth2\api::create_standard_issuer('microsoft');
$info = [];
$info['username'] = 'apple';
$info['email'] = 'apple@example.com';
$info['firstname'] = 'Apple';
$info['lastname'] = 'Fruit';
$info['alternatename'] = 'Beatles';
$info['idnumber'] = '123456';
$info['city'] = 'Melbourne';
$info['country'] = 'AU';
$info['institution'] = 'ACME Inc';
$info['department'] = 'Misc Explosives';
$createduser = \auth_oauth2\api::send_confirm_account_email($info, $issuer);
// Get actual user record from DB to check.
$userdata = $DB->get_record('user', ['id' => $createduser->id]);
// Confirm each value supplied from issuers is saved into the user record.
foreach ($info as $key => $value) {
$this->assertEquals($value, $userdata->$key);
}
// Explicitly test the user is not yet confirmed.
$this->assertEquals(0, $userdata->confirmed);
}
}
auth/oauth2/tests/auth_test.php
+92
View File
@@ -0,0 +1,92 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace auth_oauth2;
/**
* Auth oauth2 auth functions tests.
*
* @package auth_oauth2
* @category test
* @copyright 2019 Shamim Rezaie
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @coversDefaultClass \auth_oauth2\auth
*/
class auth_test extends \advanced_testcase {
public function test_get_password_change_info(): void {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user(['auth' => 'oauth2']);
$auth = get_auth_plugin($user->auth);
$info = $auth->get_password_change_info($user);
$this->assertEqualsCanonicalizing(['subject', 'message'], array_keys($info));
$this->assertStringContainsString(
'your password cannot be reset because you are using your account on another site to log in',
$info['message']);
}
/**
* Test complete_login for oauth2.
* @covers ::complete_login
*/
public function test_oauth2_complete_login(): void {
global $CFG;
$this->resetAfterTest();
$this->setAdminUser();
$wantsurl = new \moodle_url('/');
$issuer = \core\oauth2\api::create_standard_issuer('microsoft');
$info = [];
$info['username'] = 'apple';
$info['email'] = 'apple@example.com';
$info['firstname'] = 'Apple';
$info['lastname'] = 'Fruit';
$info['url'] = 'http://apple.com/';
$info['alternamename'] = 'Beatles';
$info['auth'] = 'oauth2';
$user = \auth_oauth2\api::create_new_confirmed_account($info, $issuer);
$auth = get_auth_plugin($user->auth);
// Set up mock data.
$client = $this->createMock(\core\oauth2\client::class);
$client->expects($this->once())->method('get_raw_userinfo')->willReturn((object)$info);
$client->expects($this->once())->method('get_userinfo')->willReturn($info);
$client->expects($this->once())->method('get_issuer')->willReturn($issuer);
$sink = $this->redirectEvents();
try {
// Need @ as it will fail at \core\session\manager::login_user for session_regenerate_id.
@$auth->complete_login($client, $wantsurl);
} catch (\Exception $e) {
// This happens as complete login is using 'redirect'.
$this->assertInstanceOf(\moodle_exception::class, $e);
}
$events = $sink->get_events();
$sink->close();
// There are 2 events. First is core\event\user_updated and second is core\event\user_loggedin.
$event = $events[1];
$this->assertInstanceOf('core\event\user_loggedin', $event);
// Make sure the extra record is in the user_loggedin event.
$extrauserinfo = $event->other['extrauserinfo'];
$this->assertEquals($info, $extrauserinfo);
}
}
auth/oauth2/tests/behat/settings_test.feature
+26
View File
@@ -0,0 +1,26 @@
@auth @auth_oauth2 @javascript
Feature: OAuth2 settings test functionality
In order to use them later for authentication
As an administrator
I need to be able to test configured OAuth2 login services.
Background:
Given I log in as "admin"
And I change window size to "large"
Scenario: Test oAuth2 authentication settings with no configured service.
Given I navigate to "Plugins > Authentication > Manage authentication" in site administration
And I click on "Test settings" "link" in the "OAuth 2" "table_row"
Then I should see "There are no configured OAuth2 providers"
Scenario: Test oAuth2 authentication settings for a configured service.
Given I navigate to "Server > OAuth 2 services" in site administration
And I press "Google"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
And I press "Save changes"
And I navigate to "Plugins > Authentication > Manage authentication" in site administration
And I click on "Test settings" "link" in the "OAuth 2" "table_row"
Then I should see "Testing service"
auth/oauth2/tests/privacy/provider_test.php
+279
View File
@@ -0,0 +1,279 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy test for the authentication oauth2
*
* @package auth_oauth2
* @category test
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_oauth2\privacy;
defined('MOODLE_INTERNAL') || die();
use auth_oauth2\privacy\provider;
use core_privacy\local\request\approved_contextlist;
use core_privacy\local\request\writer;
use core_privacy\tests\provider_testcase;
use core_privacy\local\request\approved_userlist;
/**
* Privacy test for the authentication oauth2
*
* @package auth_oauth2
* @category test
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider_test extends provider_testcase {
/**
* Set up method.
*/
public function setUp(): void {
$this->resetAfterTest();
$this->setAdminUser();
}
/**
* Check that a user context is returned if there is any user data for this user.
*/
public function test_get_contexts_for_userid(): void {
$user = $this->getDataGenerator()->create_user();
$this->assertEmpty(provider::get_contexts_for_userid($user->id));
$issuer = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
$contextlist = provider::get_contexts_for_userid($user->id);
// Check that we only get back one context.
$this->assertCount(1, $contextlist);
// Check that a context is returned is the expected.
$usercontext = \context_user::instance($user->id);
$this->assertEquals($usercontext->id, $contextlist->get_contextids()[0]);
}
/**
* Test that user data is exported correctly.
*/
public function test_export_user_data(): void {
$user = $this->getDataGenerator()->create_user();
$issuer = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
$usercontext = \context_user::instance($user->id);
$writer = writer::with_context($usercontext);
$this->assertFalse($writer->has_any_data());
$approvedlist = new approved_contextlist($user, 'auth_oauth2', [$usercontext->id]);
provider::export_user_data($approvedlist);
$data = $writer->get_data([get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'), $issuer->get('name')]);
$this->assertEquals($info['username'], $data->username);
$this->assertEquals($info['email'], $data->email);
}
/**
* Test deleting all user data for a specific context.
*/
public function test_delete_data_for_all_users_in_context(): void {
global $DB;
$user1 = $this->getDataGenerator()->create_user();
$issuer1 = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer1, $user1->id, false);
$user1context = \context_user::instance($user1->id);
$user2 = $this->getDataGenerator()->create_user();
$issuer2 = \core\oauth2\api::create_standard_issuer('microsoft');
$info = [];
$info['username'] = 'jerry';
$info['email'] = 'jerry@example.com';
\auth_oauth2\api::link_login($info, $issuer2, $user2->id, false);
$user2context = \context_user::instance($user2->id);
// Get all oauth2 accounts.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array());
// There should be two.
$this->assertCount(2, $oauth2accounts);
// Delete everything for the first user context.
provider::delete_data_for_all_users_in_context($user1context);
// Get all oauth2 accounts match with user1.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', ['userid' => $user1->id]);
$this->assertCount(0, $oauth2accounts);
// Get all oauth2 accounts.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array());
// There should be one.
$this->assertCount(1, $oauth2accounts);
}
/**
* This should work identical to the above test.
*/
public function test_delete_data_for_user(): void {
global $DB;
$user1 = $this->getDataGenerator()->create_user();
$issuer1 = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer1, $user1->id, false);
$user1context = \context_user::instance($user1->id);
$user2 = $this->getDataGenerator()->create_user();
$issuer2 = \core\oauth2\api::create_standard_issuer('microsoft');
$info = [];
$info['username'] = 'jerry';
$info['email'] = 'jerry@example.com';
\auth_oauth2\api::link_login($info, $issuer2, $user2->id, false);
$user2context = \context_user::instance($user2->id);
// Get all oauth2 accounts.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array());
// There should be two.
$this->assertCount(2, $oauth2accounts);
// Delete everything for the first user.
$approvedlist = new approved_contextlist($user1, 'auth_oauth2', [$user1context->id]);
provider::delete_data_for_user($approvedlist);
// Get all oauth2 accounts match with user1.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', ['userid' => $user1->id]);
$this->assertCount(0, $oauth2accounts);
// Get all oauth2 accounts.
$oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array());
// There should be one user.
$this->assertCount(1, $oauth2accounts);
}
/**
* Test that only users with a user context are fetched.
*/
public function test_get_users_in_context(): void {
$this->resetAfterTest();
$component = 'auth_oauth2';
// Create a user.
$user = $this->getDataGenerator()->create_user();
$usercontext = \context_user::instance($user->id);
// The list of users should not return anything yet (related data still haven't been created).
$userlist = new \core_privacy\local\request\userlist($usercontext, $component);
provider::get_users_in_context($userlist);
$this->assertCount(0, $userlist);
$issuer = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
// The list of users for user context should return the user.
provider::get_users_in_context($userlist);
$this->assertCount(1, $userlist);
$expected = [$user->id];
$actual = $userlist->get_userids();
$this->assertEquals($expected, $actual);
// The list of users for system context should not return any users.
$systemcontext = \context_system::instance();
$userlist = new \core_privacy\local\request\userlist($systemcontext, $component);
provider::get_users_in_context($userlist);
$this->assertCount(0, $userlist);
}
/**
* Test that data for users in approved userlist is deleted.
*/
public function test_delete_data_for_users(): void {
$this->resetAfterTest();
$component = 'auth_oauth2';
// Create user1.
$user1 = $this->getDataGenerator()->create_user();
$usercontext1 = \context_user::instance($user1->id);
// Create user2.
$user2 = $this->getDataGenerator()->create_user();
$usercontext2 = \context_user::instance($user2->id);
$issuer1 = \core\oauth2\api::create_standard_issuer('google');
$info1 = [];
$info1['username'] = 'gina1';
$info1['email'] = 'gina@example1.com';
\auth_oauth2\api::link_login($info1, $issuer1, $user1->id, false);
$issuer2 = \core\oauth2\api::create_standard_issuer('google');
$info2 = [];
$info2['username'] = 'gina2';
$info2['email'] = 'gina@example2.com';
\auth_oauth2\api::link_login($info2, $issuer2, $user2->id, false);
// The list of users for usercontext1 should return user1.
$userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component);
provider::get_users_in_context($userlist1);
$this->assertCount(1, $userlist1);
$expected = [$user1->id];
$actual = $userlist1->get_userids();
$this->assertEquals($expected, $actual);
// The list of users for usercontext2 should return user2.
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
$expected = [$user2->id];
$actual = $userlist2->get_userids();
$this->assertEquals($expected, $actual);
// Add userlist1 to the approved user list.
$approvedlist = new approved_userlist($usercontext1, $component, $userlist1->get_userids());
// Delete user data using delete_data_for_user for usercontext1.
provider::delete_data_for_users($approvedlist);
// Re-fetch users in usercontext1 - The user list should now be empty.
$userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component);
provider::get_users_in_context($userlist1);
$this->assertCount(0, $userlist1);
// Re-fetch users in usercontext2 - The user list should not be empty (user2).
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
// User data should be only removed in the user context.
$systemcontext = \context_system::instance();
// Add userlist2 to the approved user list in the system context.
$approvedlist = new approved_userlist($systemcontext, $component, $userlist2->get_userids());
// Delete user1 data using delete_data_for_user.
provider::delete_data_for_users($approvedlist);
// Re-fetch users in usercontext2 - The user list should not be empty (user2).
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
}
}