coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth/shibboleth/classes/admin_setting_special_convert_data_configfile.php
+75
View File
@@ -0,0 +1,75 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Special setting for auth_shibboleth convert_data.
*
* @package auth_shibboleth
* @copyright 2020 Mihail Geshoski
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Admin settings class for the convert_data option.
*
* @package auth_shibboleth
* @copyright 2020 Mihail Geshoski
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class auth_shibboleth_admin_setting_convert_data extends admin_setting_configfile {
/**
* Constructor.
*
* @param string $name
* @param string $visiblename
* @param string $description
* @param mixed $defaultdirectory
*/
public function __construct($name, $visiblename, $description, $defaultdirectory) {
parent::__construct($name, $visiblename, $description, $defaultdirectory);
}
/**
* Validate the file path (location).
*
* This method ensures that the file defined as a data modification API exists and is not located in the site
* data directory ($CFG->dataroot). We should prohibit using files from the site data directory as this introduces
* security vulnerabilities.
*
* @param string $filepath The path to the file.
* @return mixed bool true for success or string:error on failure.
*/
public function validate($filepath) {
global $CFG;
if (empty($filepath)) {
return true;
}
// Fail if the file does not exist or it is not readable by the webserver process.
if (!is_readable($filepath)) {
return get_string('auth_shib_convert_data_warning', 'auth_shibboleth');
}
// Fail if the absolute file path matches the currently defined dataroot path.
if (preg_match('/' . preg_quote($CFG->dataroot, '/') . '/', realpath($filepath))) {
return get_string('auth_shib_convert_data_filepath_warning', 'auth_shibboleth');
}
return true;
}
}
auth/shibboleth/classes/admin_setting_special_idp_configtextarea.php
+81
View File
@@ -0,0 +1,81 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Special setting for auth_shibboleth WAYF.
*
* @package auth_shibboleth
* @copyright 2017 Stephen Bourget
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
/**
* Special setting for auth_shibboleth WAYF.
*
* @package auth_shibboleth
* @copyright 2017 Stephen Bourget
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class auth_shibboleth_admin_setting_special_idp_configtextarea extends admin_setting_configtextarea {
/**
* Calls parent::__construct with specific arguments.
*/
public function __construct() {
$default = $orgdefault = "urn:mace:organization1:providerID, Example Organization 1
https://another.idp-id.com/shibboleth, Other Example Organization, /Shibboleth.sso/DS/SWITCHaai
urn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
parent::__construct('auth_shibboleth/organization_selection',
get_string('auth_shib_idp_list', 'auth_shibboleth'),
get_string('auth_shib_idp_list_description', 'auth_shibboleth'), $default, PARAM_RAW, '60', '8');
}
/**
* We need to overwrite the global "alternate login url" setting if wayf is enabled.
*
* @param string $data Form data.
* @return string Empty when no errors.
*/
public function write_setting($data) {
global $CFG;
$login = get_config('auth_shibboleth', 'alt_login');
if (isset($data) && !empty($data) && isset($login) && $login == 'on') {
// Need to use the get_idp_list() function here.
require_once($CFG->dirroot.'/auth/shibboleth/auth.php');
$idplist = get_idp_list($data);
if (count($idplist) < 1) {
return false;
}
$data = '';
foreach ($idplist as $idp => $value) {
$data .= $idp.', '.$value[0];
if (isset($value[1])) {
// Value[1] is optional.
$data .= ', '.$value[1] . "\n";
} else {
$data .= "\n";
}
}
}
return parent::write_setting($data);
}
}
auth/shibboleth/classes/admin_setting_special_wayf_select.php
+75
View File
@@ -0,0 +1,75 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Special settings for auth_shibboleth WAYF.
*
* @package auth_shibboleth
* @copyright 2017 Stephen Bourget
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
/**
* Special settings for auth_shibboleth WAYF.
*
* @package auth_shibboleth
* @copyright 2017 Stephen Bourget
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class auth_shibboleth_admin_setting_special_wayf_select extends admin_setting_configselect {
/**
* Calls parent::__construct with specific arguments.
*/
public function __construct() {
$yesno = array();
$yesno['off'] = new lang_string('no');
$yesno['on'] = new lang_string('yes');
parent::__construct('auth_shibboleth/alt_login',
new lang_string('auth_shib_integrated_wayf', 'auth_shibboleth'),
new lang_string('auth_shib_integrated_wayf_description', 'auth_shibboleth'),
'off',
$yesno);
}
/**
* We need to overwrite the global "alternate login url" setting if wayf is enabled.
*
* @param string $data Form data.
* @return string Empty when no errors.
*/
public function write_setting($data) {
global $CFG;
// Overwrite alternative login URL if integrated WAYF is used.
if (isset($data) && $data == 'on') {
set_config('alt_login', $data, 'auth_shibboleth');
set_config('alternateloginurl', $CFG->wwwroot.'/auth/shibboleth/login.php');
} else {
// Check if integrated WAYF was enabled and is now turned off.
// If it was and only then, reset the Moodle alternate URL.
$oldsetting = get_config('auth_shibboleth', 'alt_login');
if (isset($oldsetting) and $oldsetting == 'on') {
set_config('alt_login', 'off', 'auth_shibboleth');
set_config('alternateloginurl', '');
}
$data = 'off';
}
return parent::write_setting($data);
}
}
auth/shibboleth/classes/helper.php
+133
View File
@@ -0,0 +1,133 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Contains a helper class for the Shibboleth authentication plugin.
*
* @package auth_shibboleth
* @copyright 2018 Mark Nelson <markn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_shibboleth;
defined('MOODLE_INTERNAL') || die();
/**
* The helper class for the Shibboleth authentication plugin.
*
* @package auth_shibboleth
* @copyright 2018 Mark Nelson <markn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class helper {
/**
* Delete session of user using file sessions.
*
* @param string $spsessionid SP-provided Shibboleth Session ID
* @return \SoapFault or void if everything was fine
*/
public static function logout_file_session($spsessionid) {
global $CFG;
if (!empty($CFG->session_file_save_path)) {
$dir = $CFG->session_file_save_path;
} else {
$dir = $CFG->dataroot . '/sessions';
}
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
// Read all session files.
while (($file = readdir($dh)) !== false) {
// Check if it is a file.
if (is_file($dir.'/'.$file)) {
// Read session file data.
$data = file($dir.'/'.$file);
if (isset($data[0])) {
$usersession = self::unserializesession($data[0]);
// Check if we have found session that shall be deleted.
if (isset($usersession['SESSION']) && isset($usersession['SESSION']->shibboleth_session_id)) {
// If there is a match, delete file.
if ($usersession['SESSION']->shibboleth_session_id == $spsessionid) {
// Delete session file.
if (!unlink($dir.'/'.$file)) {
return new SoapFault('LogoutError', 'Could not delete Moodle session file.');
}
}
}
}
}
}
closedir($dh);
}
}
}
/**
* Delete session of user using DB sessions.
*
* @param string $spsessionid SP-provided Shibboleth Session ID
*/
public static function logout_db_session($spsessionid) {
global $CFG, $DB;
$sessions = $DB->get_records_sql(
'SELECT userid, sessdata FROM {sessions} WHERE timemodified > ?',
array(time() - $CFG->sessiontimeout)
);
foreach ($sessions as $session) {
// Get user session from DB.
$usersession = self::unserializesession(base64_decode($session->sessdata));
if (isset($usersession['SESSION']) && isset($usersession['SESSION']->shibboleth_session_id)) {
// If there is a match, kill the session.
if ($usersession['SESSION']->shibboleth_session_id == trim($spsessionid)) {
// Delete this user's sessions.
\core\session\manager::kill_user_sessions($session->userid);
}
}
}
}
/**
* Unserialize a session string.
*
* @param string $serializedstring
* @return array
*/
private static function unserializesession($serializedstring) {
$variables = array();
$index = 0;
// Find next delimiter after current index. It's key being the characters between those points.
while ($delimiterpos = strpos($serializedstring, '|', $index)) {
$key = substr($serializedstring, $index, $delimiterpos - $index);
// Start unserializing immediately after the delimiter. PHP will read as much valid data as possible.
$value = unserialize(substr($serializedstring, $delimiterpos + 1),
['allowed_classes' => ['stdClass']]);
$variables[$key] = $value;
// Advance index beyond the length of the previously captured serialized value.
$index = $delimiterpos + 1 + strlen(serialize($value));
}
return $variables;
}
}
auth/shibboleth/classes/privacy/provider.php
+41
View File
@@ -0,0 +1,41 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy Subsystem implementation for auth_shibboleth.
*
* @package auth_shibboleth
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_shibboleth\privacy;
defined('MOODLE_INTERNAL') || die();
/**
* Privacy Subsystem for auth_shibboleth implementing null_provider.
*
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\null_provider {
/**
* Get the language string identifier with the component's language
* file to explain why this plugin stores no data.
*
* @return string
*/
public static function get_reason(): string {
return 'privacy:metadata';
}
}