fix precheck errors in auth_oidc

auth.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * OpenID Connect authentication plugin declaration.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -41,13 +43,16 @@ class auth_plugin_oidc extends \auth_plugin_base {
 
     /**
      * Constructor.
+     *
+     * @param null $forceloginflow
      */
     public function __construct($forceloginflow = null) {
-        global $STATEADDITIONALDATA;
+        global $SESSION;
         $loginflow = 'authcode';
 
-        if (!empty($STATEADDITIONALDATA) && isset($STATEADDITIONALDATA['forceflow'])) {
-            $loginflow = $STATEADDITIONALDATA['forceflow'];
+        if (isset($SESSION->stateadditionaldata) && !empty($SESSION->stateadditionaldata) &&
+            isset($SESSION->stateadditoinaldata['forceflow'])) {
+            $loginflow = $SESSION->stateadditoinaldata['forceflow'];
         } else {
             if (!empty($forceloginflow) && is_string($forceloginflow)) {
                 $loginflow = $forceloginflow;
@@ -80,7 +85,8 @@ public function loginpage_idp_list($wantsurl) {
     /**
      * Set an HTTP client to use.
      *
-     * @param auth_oidchttpclientinterface $httpclient [description]
+     * @param \auth_oidc\httpclientinterface $httpclient
+     * @return mixed
      */
     public function set_httpclient(\auth_oidc\httpclientinterface $httpclient) {
         return $this->loginflow->set_httpclient($httpclient);
@@ -89,24 +95,21 @@ public function set_httpclient(\auth_oidc\httpclientinterface $httpclient) {
     /**
      * Hook for overriding behaviour of login page.
      * This method is called from login/index.php page for all enabled auth plugins.
-     *
-     * @global object
-     * @global object
      */
     public function loginpage_hook() {
-        global $frm;  // can be used to override submitted login form
-        global $user; // can be used to replace authenticate_user_login()
+        global $frm;  // Can be used to override submitted login form.
+        global $user; // Can be used to replace authenticate_user_login().
         if ($this->should_login_redirect()) {
             $this->loginflow->handleredirect();
         }
         return $this->loginflow->loginpage_hook($frm, $user);
     }
 
     /**
-      * Determines if we will redirect to the redirecturi
-      *
-      * @return bool If this returns true then redirect
-      * @throws \coding_exception
+     * Determines if we will redirect to the redirecturi.
+     *
+     * @return bool If this returns true then redirect
+     * @throws \coding_exception
      */
     public function should_login_redirect() {
         global $SESSION;
@@ -117,7 +120,7 @@ public function should_login_redirect() {
             $oidc = 0;
         }
         if (!isset($this->config->forceredirect) || !$this->config->forceredirect) {
-            return false; // Never redirect if we haven't enabled the forceredirect setting
+            return false; // Never redirect if we haven't enabled the forceredirect setting.
         }
         // Never redirect on POST.
         if (isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'POST')) {
@@ -171,8 +174,10 @@ public function handleredirect() {
      * @param bool $justremovetokens If true, just remove the stored OIDC tokens for the user, otherwise revert login methods.
      * @param bool $donotremovetokens If true, do not remove tokens when disconnecting. This migrates from a login account to a
      *                                "linked" account.
-     * @param \moodle_url $redirect Where to redirect if successful.
-     * @param \moodle_url $selfurl The page this is accessed from. Used for some redirects.
+     * @param moodle_url|null $redirect Where to redirect if successful.
+     * @param moodle_url|null $selfurl The page this is accessed from. Used for some redirects.
+     * @param null $userid
+     * @return mixed
      */
     public function disconnect($justremovetokens = false, $donotremovetokens = false, \moodle_url $redirect = null,
                                \moodle_url $selfurl = null, $userid = null) {

classes/adminsetting/auth_oidc_admin_setting_iconselect.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * Definition of an icon selector admin setting control.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

classes/adminsetting/auth_oidc_admin_setting_label.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * Definition of a label admin setting control.
+ *
  * @package auth_oidc
  * @author Lai Wei <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -29,14 +31,12 @@
 
 /**
  * Display a static text.
- *
- * @package auth_oidc\adminsetting
  */
 class auth_oidc_admin_setting_label extends admin_setting {
     private $label;
 
     /**
-     * auth_oidc_admin_setting_static constructor.
+     * Constructor.
      *
      * @param $name
      * @param $label
@@ -79,4 +79,4 @@ public function write_setting($data) {
     public function output_html($data, $query = '') {
         return format_admin_setting($this, $this->label, $this->visiblename, $this->description, false);
     }
-}
+}

classes/adminsetting/auth_oidc_admin_setting_loginflow.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * Definition of login flow selector admin setting control.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

classes/adminsetting/auth_oidc_admin_setting_redirecturi.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * Definition of a redirect URL admin setting control.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -31,15 +33,12 @@
  * Displays the redirect URI for easier config.
  */
 class auth_oidc_admin_setting_redirecturi extends \admin_setting {
-
     /**
      * Constructor.
      *
-     * @param string $name Name of the setting.
-     * @param string $visiblename Visible name of the setting.
-     * @param string $description Description of the setting.
-     * @param array $defaultsetting Default value.
-     * @param array $choices Array of icon choices.
+     * @param $name
+     * @param $heading
+     * @param $description
      */
     public function __construct($name, $heading, $description) {
         $this->nosave = true;
@@ -67,6 +66,7 @@ public function get_defaultsetting() {
     /**
      * Never write settings.
      *
+     * @param mixed $data
      * @return string Always returns an empty string.
      */
     public function write_setting($data) {
@@ -76,6 +76,8 @@ public function write_setting($data) {
     /**
      * Returns an HTML string for the redirect uri display.
      *
+     * @param mixed $data
+     * @param string $query
      * @return string Returns an HTML string.
      */
     public function output_html($data, $query = '') {

classes/event/action_failed.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * An event when something wrong happened, and debug message needs to be logged.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Event fired whenever we need to record a debug message.
  */

classes/event/user_authed.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * A user authenticated with IODC event.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Event fired when a user authenticated with OIDC, but does not log in.
  */

classes/event/user_connected.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * A user ocnnects to OpenID Connect event.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Fired when a user connects to OpenID Connect.
  */

classes/event/user_created.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * OIDC user created event.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Event fired when OIDC creates a new user.
  */

classes/event/user_disconnected.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * A user disconnected from OpenID Connect event.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Fired when a user disconnects from OpenID Connect.
  */

classes/event/user_loggedin.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * A user uses OIDC logged in event.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Fired when a user uses OIDC to log in.
  */

classes/form/disconnect.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * OIDC disconnect form.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

classes/httpclient.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * HTTP clinet.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,7 +25,9 @@
 
 namespace auth_oidc;
 
-require_once($CFG->dirroot.'/lib/filelib.php');
+defined('MOODLE_INTERNAL') || die();
+
+require_once($CFG->dirroot . '/lib/filelib.php');
 
 /**
  * Implementation of \auth_oidc\httpclientinterface using Moodle CURL.

classes/httpclientinterface.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * HTTP client interface.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Interface defining an HTTP client.
  */

classes/jwt.php

@@ -15,6 +15,8 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 /**
+ * JWT token.
+ *
  * @package auth_oidc
  * @author James McQuillan <[email protected]>
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
@@ -23,6 +25,8 @@
 
 namespace auth_oidc;
 
+defined('MOODLE_INTERNAL') || die();
+
 /**
  * Class for working with JWTs.
  */