microsoft
/
moodle-auth_oidc
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
moodle-auth_oidc/auth.php

193 строки
6.5 KiB
PHP
Исходник Ответственный История

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* @package auth_oidc
* @author James McQuillan <james.mcquillan@remote-learner.net>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @copyright (C) 2014 onwards Microsoft Open Technologies, Inc. (http://msopentech.com/)
*/
defined('MOODLE_INTERNAL') || die();
require_once($CFG->libdir.'/authlib.php');
require_once($CFG->dirroot.'/login/lib.php');
/**
* OpenID Connect Authentication Plugin.
*/
class auth_plugin_oidc extends \auth_plugin_base {
/** @var string Authentication plugin type - the same as db field. */
public $authtype = 'oidc';
/** @var object Plugin config. */
public $config;
/**
* Constructor.
*/
public function __construct($forceloginflow = null) {
global $STATEADDITIONALDATA;
$loginflow = 'authcode';
if (!empty($STATEADDITIONALDATA) && isset($STATEADDITIONALDATA['forceflow'])) {
$loginflow = $STATEADDITIONALDATA['forceflow'];
} else {
if (!empty($forceloginflow) && is_string($forceloginflow)) {
$loginflow = $forceloginflow;
} else {
$configuredloginflow = get_config('auth_oidc', 'loginflow');
if (!empty($configuredloginflow)) {
$loginflow = $configuredloginflow;
}
}
}
$loginflowclass = '\auth_oidc\loginflow\\'.$loginflow;
if (class_exists($loginflowclass)) {
$this->loginflow = new $loginflowclass($this->config);
} else {
throw new \coding_exception(get_string('errorbadloginflow', 'auth_oidc'));
}
$this->config = $this->loginflow->config;
}
/**
* Returns a list of potential IdPs that this authentication plugin supports. Used to provide links on the login page.
*
* @param string $wantsurl The relative url fragment the user wants to get to.
* @return array Array of idps.
*/
public function loginpage_idp_list($wantsurl) {
return $this->loginflow->loginpage_idp_list($wantsurl);
}
/**
* Set an HTTP client to use.
*
* @param auth_oidchttpclientinterface $httpclient [description]
*/
public function set_httpclient(\auth_oidc\httpclientinterface $httpclient) {
return $this->loginflow->set_httpclient($httpclient);
}
/**
* Hook for overriding behaviour of login page.
* This method is called from login/index.php page for all enabled auth plugins.
*
* @global object
* @global object
*/
public function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
return $this->loginflow->loginpage_hook($frm, $user);
}
/**
* Handle requests to the redirect URL.
*
* @return mixed Determined by loginflow.
*/
public function handleredirect() {
return $this->loginflow->handleredirect();
}
/**
* Handle OIDC disconnection from Moodle account.
*
* @param bool $justremovetokens If true, just remove the stored OIDC tokens for the user, otherwise revert login methods.
*/
public function disconnect($justremovetokens = false, \moodle_url $redirect = null) {
return $this->loginflow->disconnect($justremovetokens, $redirect);
}
/**
* This is the primary method that is used by the authenticate_user_login() function in moodlelib.php.
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
* @return bool Authentication success or failure.
*/
public function user_login($username, $password = null) {
global $CFG;
// Short circuit for guest user.
if (!empty($CFG->guestloginbutton) && $username === 'guest' && $password === 'guest') {
return false;
}
return $this->loginflow->user_login($username, $password);
}
/**
* Read user information from external database and returns it as array().
*
* @param string $username username
* @return mixed array with no magic quotes or false on error
*/
public function get_userinfo($username) {
return $this->loginflow->get_userinfo($username);
}
/**
* Indicates if moodle should automatically update internal user
* records with data from external sources using the information
* from get_userinfo() method.
*
* @return bool true means automatically copy data from ext to user table
*/
public function is_synchronised_with_external() {
return true;
}
/**
* Returns true if this authentication plugin is "internal".
*
* @return bool Whether the plugin uses password hashes from Moodle user table for authentication.
*/
public function is_internal() {
return false;
}
/**
* Post authentication hook.
*
* This method is called from authenticate_user_login() for all enabled auth plugins.
*
* @param object $user user object, later used for $USER
* @param string $username (with system magic quotes)
* @param string $password plain text password (with system magic quotes)
*/
public function user_authenticated_hook(&$user, $username, $password) {
if (!empty($user) && !empty($user->auth) && $user->auth === 'oidc') {
$eventdata = [
'objectid' => $user->id,
'userid' => $user->id,
'other' => ['username' => $user->username],
];
$event = \auth_oidc\event\user_loggedin::create($eventdata);
$event->trigger();
}
}
/**
* Cron function.
*/
public function cron() {
global $DB;
$params = [time() - (5 * 60)];
$DB->delete_records_select('auth_oidc_state', 'timecreated < ?', $params);
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку