-
Notifications
You must be signed in to change notification settings - Fork 71
/
Copy pathauth.php
147 lines (132 loc) · 4.88 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* @package auth_oidc
* @author James McQuillan <[email protected]>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @copyright (C) 2014 onwards Microsoft Open Technologies, Inc. (http://msopentech.com/)
*/
defined('MOODLE_INTERNAL') || die();
require_once($CFG->libdir.'/authlib.php');
require_once($CFG->dirroot.'/login/lib.php');
/**
* OpenID Connect Authentication Plugin.
*/
class auth_plugin_oidc extends \auth_plugin_base {
/** @var string Authentication plugin type - the same as db field. */
public $authtype = 'oidc';
/** @var object Plugin config. */
public $config;
/**
* Constructor.
*/
public function __construct($forceloginflow = null) {
$loginflow = 'authcode';
if (!empty($forceloginflow) && is_string($forceloginflow)) {
$loginflow = $forceloginflow;
} else {
$configuredloginflow = get_config('auth_oidc', 'loginflow');
if (!empty($configuredloginflow)) {
$loginflow = $configuredloginflow;
}
}
$loginflowclass = '\auth_oidc\loginflow\\'.$loginflow;
if (class_exists($loginflowclass)) {
$this->loginflow = new $loginflowclass($this->config);
} else {
throw new \coding_exception(get_string('errorbadloginflow', 'auth_oidc'));
}
$this->config = $this->loginflow->config;
}
/**
* Returns a list of potential IdPs that this authentication plugin supports. Used to provide links on the login page.
*
* @param string $wantsurl The relative url fragment the user wants to get to.
* @return array Array of idps.
*/
public function loginpage_idp_list($wantsurl) {
return $this->loginflow->loginpage_idp_list($wantsurl);
}
/**
* Set an HTTP client to use.
*
* @param auth_oidchttpclientinterface $httpclient [description]
*/
public function set_httpclient(\auth_oidc\httpclientinterface $httpclient) {
return $this->loginflow->set_httpclient($httpclient);
}
/**
* Handle requests to the redirect URL.
*
* @return mixed Determined by loginflow.
*/
public function handleredirect() {
return $this->loginflow->handleredirect();
}
/**
* Handle OIDC disconnection from Moodle account.
*
* @param bool $justremovetokens If true, just remove the stored OIDC tokens for the user, otherwise revert login methods.
*/
public function disconnect($justremovetokens = false, \moodle_url $redirect = null) {
return $this->loginflow->disconnect($justremovetokens, $redirect);
}
/**
* This is the primary method that is used by the authenticate_user_login() function in moodlelib.php.
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
* @return bool Authentication success or failure.
*/
public function user_login($username, $password = null) {
return $this->loginflow->user_login($username, $password);
}
/**
* Read user information from external database and returns it as array().
*
* @param string $username username
* @return mixed array with no magic quotes or false on error
*/
public function get_userinfo($username) {
return $this->loginflow->get_userinfo($username);
}
/**
* Indicates if moodle should automatically update internal user
* records with data from external sources using the information
* from get_userinfo() method.
*
* @return bool true means automatically copy data from ext to user table
*/
public function is_synchronised_with_external() {
return true;
}
/**
* Returns true if this authentication plugin is "internal".
*
* @return bool Whether the plugin uses password hashes from Moodle user table for authentication.
*/
public function is_internal() {
return false;
}
/**
* Cron function.
*/
public function cron() {
global $DB;
$params = [time() - (5 * 60)];
$DB->delete_records_select('auth_oidc_state', 'timecreated < ?', $params);
}
}