coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/classes/oauth2/service/clever.php
+67
View File
@@ -0,0 +1,67 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\discovery\openidconnect;
use core\oauth2\user_field_mapping;
/**
* Class for Clever OAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2022 OpenStax
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class clever extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer The issuer initialised with proper default values.
*/
public static function init(): issuer {
$record = (object) [
'name' => 'Clever',
'image' => 'https://apps.clever.com/favicon.ico',
'basicauth' => 1,
'baseurl' => 'https://clever.com',
'showonloginpage' => issuer::LOGINONLY,
'servicetype' => 'clever',
];
return new issuer(0, $record);
}
/**
* Create field mappings for this issuer.
*
* @param issuer $issuer Issuer the field mappings should be created for.
*/
public static function create_field_mappings(issuer $issuer): void {
// Perform OIDC default field mapping.
parent::create_field_mappings($issuer);
// Create the additional 'sub' field mapping.
$record = (object) [
'issuerid' => $issuer->get('id'),
'externalfield' => 'sub',
'internalfield' => 'idnumber',
];
$userfieldmapping = new user_field_mapping(0, $record);
$userfieldmapping->create();
}
}
lib/classes/oauth2/service/custom.php
+41
View File
@@ -0,0 +1,41 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\discovery\openidconnect;
/**
* Class for Custom services, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class custom extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer|null The issuer initialised with proper default values.
*/
public static function init(): ?issuer {
// Custom service doesn't require any particular initialization.
return null;
}
}
lib/classes/oauth2/service/facebook.php
+109
View File
@@ -0,0 +1,109 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\endpoint;
use core\oauth2\user_field_mapping;
use core\oauth2\discovery\openidconnect;
/**
* Class for Facebook oAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class facebook extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer The issuer initialised with proper default values.
*/
public static function init(): issuer {
$record = (object) [
'name' => 'Facebook',
'image' => 'https://facebookbrand.com/wp-content/uploads/2016/05/flogo_rgb_hex-brc-site-250.png',
'baseurl' => '',
'loginscopes' => 'public_profile email',
'loginscopesoffline' => 'public_profile email',
'showonloginpage' => issuer::EVERYWHERE,
'servicetype' => 'facebook',
];
$issuer = new issuer(0, $record);
return $issuer;
}
/**
* Create endpoints for this issuer.
*
* @param issuer $issuer Issuer the endpoints should be created for.
* @return issuer
*/
public static function create_endpoints(issuer $issuer): issuer {
// The Facebook API version.
$apiversion = '2.12';
// The Graph API URL.
$graphurl = 'https://graph.facebook.com/v' . $apiversion;
// User information fields that we want to fetch.
$infofields = [
'id',
'first_name',
'last_name',
'picture.type(large)',
'name',
'email',
];
$endpoints = [
'authorization_endpoint' => sprintf('https://www.facebook.com/v%s/dialog/oauth', $apiversion),
'token_endpoint' => $graphurl . '/oauth/access_token',
'userinfo_endpoint' => $graphurl . '/me?fields=' . implode(',', $infofields)
];
foreach ($endpoints as $name => $url) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'name' => $name,
'url' => $url
];
$endpoint = new endpoint(0, $record);
$endpoint->create();
}
// Create the field mappings.
$mapping = [
'name' => 'alternatename',
'last_name' => 'lastname',
'email' => 'email',
'first_name' => 'firstname',
'picture-data-url' => 'picture',
];
foreach ($mapping as $external => $internal) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'externalfield' => $external,
'internalfield' => $internal
];
$userfieldmapping = new user_field_mapping(0, $record);
$userfieldmapping->create();
}
return $issuer;
}
}
lib/classes/oauth2/service/google.php
+50
View File
@@ -0,0 +1,50 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\discovery\openidconnect;
/**
* Class for Google oAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class google extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer|null The issuer initialised with proper default values.
*/
public static function init(): ?issuer {
$record = (object) [
'name' => 'Google',
'image' => 'https://accounts.google.com/favicon.ico',
'baseurl' => 'https://accounts.google.com/',
'loginparamsoffline' => 'access_type=offline&prompt=consent',
'showonloginpage' => issuer::EVERYWHERE,
'servicetype' => 'google',
];
$issuer = new issuer(0, $record);
return $issuer;
}
}
lib/classes/oauth2/service/imsobv2p1.php
+57
View File
@@ -0,0 +1,57 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\discovery\imsbadgeconnect;
/**
* Class for IMS Open Badges v2.1 oAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class imsobv2p1 extends imsbadgeconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer|null The issuer initialised with proper default values.
*/
public static function init(): ?issuer {
$record = (object) [
'name' => 'Open Badges',
'image' => '',
'servicetype' => 'imsobv2p1',
];
$issuer = new issuer(0, $record);
return $issuer;
}
/**
* Process how to map user field information.
*
* @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
* @return void
*/
public static function create_field_mappings(issuer $issuer): void {
// There are no specific field mappings for this service.
}
}
lib/classes/oauth2/service/issuer_interface.php
+53
View File
@@ -0,0 +1,53 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
/**
* Interface for services, with the methods to be implemented by all the issuer implementing it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
interface issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer|null The issuer initialised with proper default values, or null if no issuer is initialised.
*/
public static function init(): ?issuer;
/**
* Create endpoints for this issuer.
*
* @param issuer $issuer Issuer the endpoints should be created for.
* @return issuer
*/
public static function create_endpoints(issuer $issuer): issuer;
/**
* If the discovery endpoint exists for this issuer, try and determine the list of valid endpoints.
*
* @param issuer $issuer
* @return int The number of discovered services.
*/
public static function discover_endpoints($issuer): int;
}
lib/classes/oauth2/service/linkedin.php
+60
View File
@@ -0,0 +1,60 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\discovery\openidconnect;
use core\oauth2\issuer;
/**
* Class linkedin.
*
* OAuth 2 issuer for linkedin which is mostly OIDC compliant, with a few notable exceptions which require working around:
*
* 1. LinkedIn don't provide their OIDC discovery doc at {ISSUER}/.well-known/openid-configuration as the spec requires.
* i.e. https://www.linkedin.com/.well-known/openid-configuration isn't present.
* Instead, they make the configuration available at https://www.linkedin.com/oauth/.well-known/openid-configuration.
* See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
*
* 2. LinkedIn don't return 'locale' as a string in the userinfo but instead return an object with 'language' and 'country' props.
* See: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
* This is resolved in {@see \core\oauth2\client\linkedin::get_userinfo()}
*
* @copyright 2021 Peter Dias
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package core
*/
class linkedin extends openidconnect {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer The issuer initialised with proper default values.
*/
public static function init(): issuer {
$record = (object) [
'name' => 'LinkedIn',
'image' => 'https://static.licdn.com/scds/common/u/images/logos/favicons/v1/favicon.ico',
'baseurl' => 'https://www.linkedin.com/oauth', // The /oauth is where .well-known/openid-configuration lives.
'loginscopes' => 'openid profile email',
'loginscopesoffline' => 'openid profile email',
'showonloginpage' => issuer::EVERYWHERE,
'servicetype' => 'linkedin',
];
$issuer = new issuer(0, $record);
return $issuer;
}
}
lib/classes/oauth2/service/microsoft.php
+98
View File
@@ -0,0 +1,98 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\endpoint;
use core\oauth2\user_field_mapping;
use core\oauth2\discovery\openidconnect;
/**
* Class for Microsoft oAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class microsoft extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer The issuer initialised with proper default values.
*/
public static function init(): issuer {
$record = (object) [
'name' => 'Microsoft',
'image' => 'https://www.microsoft.com/favicon.ico',
'baseurl' => '',
'loginscopes' => 'openid profile email user.read',
'loginscopesoffline' => 'openid profile email user.read offline_access',
'showonloginpage' => issuer::EVERYWHERE,
'servicetype' => 'microsoft',
];
$issuer = new issuer(0, $record);
return $issuer;
}
/**
* Create endpoints for this issuer.
*
* @param issuer $issuer Issuer the endpoints should be created for.
* @return issuer
*/
public static function create_endpoints(issuer $issuer): issuer {
$endpoints = [
'authorization_endpoint' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
'token_endpoint' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
'userinfo_endpoint' => 'https://graph.microsoft.com/v1.0/me/',
'userpicture_endpoint' => 'https://graph.microsoft.com/v1.0/me/photo/$value',
];
foreach ($endpoints as $name => $url) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'name' => $name,
'url' => $url
];
$endpoint = new endpoint(0, $record);
$endpoint->create();
}
// Create the field mappings.
$mapping = [
'givenName' => 'firstname',
'surname' => 'lastname',
'userPrincipalName' => 'email',
'displayName' => 'alternatename',
'officeLocation' => 'address',
'mobilePhone' => 'phone1',
'preferredLanguage' => 'lang'
];
foreach ($mapping as $external => $internal) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'externalfield' => $external,
'internalfield' => $internal
];
$userfieldmapping = new user_field_mapping(0, $record);
$userfieldmapping->create();
}
return $issuer;
}
}
lib/classes/oauth2/service/moodlenet.php
+189
View File
@@ -0,0 +1,189 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\http_client;
use core\oauth2\discovery\auth_server_config_reader;
use core\oauth2\endpoint;
use core\oauth2\issuer;
use GuzzleHttp\Psr7\Request;
/**
* MoodleNet OAuth 2 configuration.
*
* @package core
* @copyright 2023 Jake Dallimore <jrhdallimore@gmail.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class moodlenet implements issuer_interface {
/**
* Get the issuer template to display in the form.
*
* @return issuer the issuer.
*/
public static function init(): ?issuer {
$record = (object) [
'name' => 'MoodleNet',
'image' => 'https://moodle.net/favicon.ico',
'baseurl' => 'https://moodle.net',
'loginscopes' => '',
'loginscopesoffline' => '',
'loginparamsoffline' => '',
'showonloginpage' => issuer::SERVICEONLY,
'servicetype' => 'moodlenet',
];
$issuer = new issuer(0, $record);
return $issuer;
}
/**
* Create the endpoints for the issuer.
*
* @param issuer $issuer the issuer instance.
* @return issuer the issuer instance.
*/
public static function create_endpoints(issuer $issuer): issuer {
self::discover_endpoints($issuer);
return $issuer;
}
/**
* Read the OAuth 2 Auth Server Metadata.
*
* @param issuer $issuer the issuer instance.
* @return int the number of endpoints created.
*/
public static function discover_endpoints($issuer): int {
$baseurl = $issuer->get('baseurl');
if (empty($baseurl)) {
return 0;
}
$endpointscreated = 0;
$config = [];
if (defined('BEHAT_SITE_RUNNING')) {
$config['verify'] = false;
}
$configreader = new auth_server_config_reader(new http_client($config));
try {
$config = $configreader->read_configuration(new \moodle_url($baseurl));
foreach ($config as $key => $value) {
if (substr_compare($key, '_endpoint', -strlen('_endpoint')) === 0) {
$record = new \stdClass();
$record->issuerid = $issuer->get('id');
$record->name = $key;
$record->url = $value;
$endpoint = new endpoint(0, $record);
$endpoint->create();
$endpointscreated++;
}
if ($key == 'scopes_supported') {
$issuer->set('scopessupported', implode(' ', $value));
$issuer->update();
}
}
} catch (\Exception $e) {
throw new \moodle_exception('Could not read service configuration for issuer: ' . $issuer->get('name'));
}
try {
self::client_registration($issuer);
} catch (\Exception $e) {
throw new \moodle_exception('Could not register client for issuer: ' . $issuer->get('name'));
}
return $endpointscreated;
}
/**
* Perform (open) OAuth 2 Dynamic Client Registration with the MoodleNet application.
*
* @param issuer $issuer the issuer instance containing the service baseurl.
* @return void
*/
protected static function client_registration(issuer $issuer): void {
global $CFG, $SITE;
$clientid = $issuer->get('clientid');
$clientsecret = $issuer->get('clientsecret');
if (empty($clientid) && empty($clientsecret)) {
$url = $issuer->get_endpoint_url('registration');
if ($url) {
$scopes = str_replace("\r", " ", $issuer->get('scopessupported'));
$hosturl = $CFG->wwwroot;
$request = [
'client_name' => $SITE->fullname,
'client_uri' => $hosturl,
'logo_uri' => $hosturl . '/pix/moodlelogo.png',
'tos_uri' => $hosturl,
'policy_uri' => $hosturl,
'software_id' => 'moodle',
'software_version' => $CFG->version,
'redirect_uris' => [
$hosturl . '/admin/oauth2callback.php'
],
'token_endpoint_auth_method' => 'client_secret_basic',
'grant_types' => [
'authorization_code',
'refresh_token'
],
'response_types' => [
'code'
],
'scope' => $scopes
];
$config = [];
if (defined('BEHAT_SITE_RUNNING')) {
$config['verify'] = false;
}
$client = new http_client($config);
$request = new Request(
'POST',
$url,
[
'Content-type' => 'application/json',
'Accept' => 'application/json',
],
json_encode($request)
);
try {
$response = $client->send($request);
$responsebody = $response->getBody()->getContents();
$decodedbody = json_decode($responsebody, true);
if (is_null($decodedbody)) {
throw new \moodle_exception('Error: ' . __METHOD__ . ': Failed to decode response body. Invalid JSON.');
}
$issuer->set('clientid', $decodedbody['client_id']);
$issuer->set('clientsecret', $decodedbody['client_secret']);
$issuer->update();
} catch (\Exception $e) {
$msg = "Could not self-register {$issuer->get('name')}. Wrong URL or JSON data [URL: $url]";
throw new \moodle_exception($msg);
}
}
}
}
}
lib/classes/oauth2/service/nextcloud.php
+100
View File
@@ -0,0 +1,100 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\service;
use core\oauth2\issuer;
use core\oauth2\endpoint;
use core\oauth2\user_field_mapping;
use core\oauth2\discovery\openidconnect;
/**
* Class for Nextcloud oAuth service, with the specific methods related to it.
*
* @package core
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class nextcloud extends openidconnect implements issuer_interface {
/**
* Build an OAuth2 issuer, with all the default values for this service.
*
* @return issuer The issuer initialised with proper default values.
*/
public static function init(): issuer {
$record = (object) [
'name' => 'Nextcloud',
'image' => 'https://nextcloud.com/wp-content/uploads/2022/03/favicon.png',
'basicauth' => 1,
'servicetype' => 'nextcloud',
];
$issuer = new issuer(0, $record);
return $issuer;
}
/**
* Create endpoints for this issuer.
*
* @param issuer $issuer Issuer the endpoints should be created for.
* @return issuer
*/
public static function create_endpoints(issuer $issuer): issuer {
// Nextcloud has a custom baseurl. Thus, the creation of endpoints has to be done later.
$baseurl = $issuer->get('baseurl');
// Add trailing slash to baseurl, if needed.
if (substr($baseurl, -1) !== '/') {
$baseurl .= '/';
}
$endpoints = [
// Baseurl will be prepended later.
'authorization_endpoint' => 'index.php/apps/oauth2/authorize',
'token_endpoint' => 'index.php/apps/oauth2/api/v1/token',
'userinfo_endpoint' => 'ocs/v2.php/cloud/user?format=json',
'webdav_endpoint' => 'remote.php/webdav/',
'ocs_endpoint' => 'ocs/v1.php/apps/files_sharing/api/v1/shares',
];
foreach ($endpoints as $name => $url) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'name' => $name,
'url' => $baseurl . $url,
];
$endpoint = new \core\oauth2\endpoint(0, $record);
$endpoint->create();
}
// Create the field mappings.
$mapping = [
'ocs-data-email' => 'email',
'ocs-data-id' => 'username',
];
foreach ($mapping as $external => $internal) {
$record = (object) [
'issuerid' => $issuer->get('id'),
'externalfield' => $external,
'internalfield' => $internal
];
$userfieldmapping = new \core\oauth2\user_field_mapping(0, $record);
$userfieldmapping->create();
}
return $issuer;
}
}