Beispiel #1
0
 /**
  * Handles an existing Moodle user connecting to OpenID Connect.
  *
  * @param \auth_oidc\event\user_connected $event The triggered event.
  * @return bool Success/Failure.
  */
 public static function handle_oidc_user_connected(\auth_oidc\event\user_connected $event)
 {
     // Get additional tokens for the user.
     $eventdata = $event->get_data();
     if (!empty($eventdata['userid'])) {
         $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
         if (!empty($clientdata)) {
             try {
                 $httpclient = new \local_o365\httpclient();
                 $azureresource = \local_o365\rest\calendar::get_resource();
                 $token = \local_o365\oauth2\token::instance($eventdata['userid'], $azureresource, $clientdata, $httpclient);
             } catch (\Exception $e) {
                 return false;
             }
         }
     }
     return true;
 }
Beispiel #2
0
 /**
  * Handle a user migration event.
  *
  * @param string $oidcuniqid A unique identifier for the user.
  * @param array $authparams Paramteres receieved from the auth request.
  * @param array $tokenparams Parameters received from the token request.
  * @param \auth_oidc\jwt $idtoken A JWT object representing the received id_token.
  * @param bool $connectiononly Whether to just connect the user (true), or to connect and change login method (false).
  */
 protected function handlemigration($oidcuniqid, $authparams, $tokenparams, $idtoken, $connectiononly = false)
 {
     global $USER, $DB, $CFG;
     // Check if OIDC user is already connected to a Moodle user.
     $tokenrec = $DB->get_record('auth_oidc_token', ['oidcuniqid' => $oidcuniqid]);
     if (!empty($tokenrec)) {
         $existinguserparams = ['username' => $tokenrec->username, 'mnethostid' => $CFG->mnet_localhost_id];
         $existinguser = $DB->get_record('user', $existinguserparams);
         if (empty($existinguser)) {
             $DB->delete_records('auth_oidc_token', ['id' => $tokenrec->id]);
         } else {
             if ($USER->username === $tokenrec->username) {
                 // Already connected to current user.
                 if ($connectiononly !== true && $USER->auth !== 'oidc') {
                     // Update auth plugin.
                     $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
                     $USER = $DB->get_record('user', ['id' => $USER->id]);
                     $USER->auth = 'oidc';
                 }
                 $this->updatetoken($tokenrec->id, $authparams, $tokenparams);
                 return true;
             } else {
                 // OIDC user connected to user that is not us. Can't continue.
                 throw new \moodle_exception('errorauthuserconnectedtodifferent', 'auth_oidc');
             }
         }
     }
     // Check if Moodle user is already connected to an OIDC user.
     $tokenrec = $DB->get_record('auth_oidc_token', ['username' => $USER->username]);
     if (!empty($tokenrec)) {
         if ($tokenrec->oidcuniqid === $oidcuniqid) {
             // Already connected to current user.
             if ($connectiononly !== true && $USER->auth !== 'oidc') {
                 // Update auth plugin.
                 $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
                 $USER = $DB->get_record('user', ['id' => $USER->id]);
                 $USER->auth = 'oidc';
             }
             $this->updatetoken($tokenrec->id, $authparams, $tokenparams);
             return true;
         } else {
             throw new \moodle_exception('errorauthuseralreadyconnected', 'auth_oidc');
         }
     }
     // Create token data.
     $tokenrec = $this->createtoken($oidcuniqid, $USER->username, $authparams, $tokenparams, $idtoken);
     $eventdata = ['objectid' => $USER->id, 'userid' => $USER->id, 'other' => ['username' => $USER->username, 'userid' => $USER->id]];
     $event = \auth_oidc\event\user_connected::create($eventdata);
     $event->trigger();
     // Switch auth method, if requested.
     if ($connectiononly !== true) {
         if ($USER->auth !== 'oidc') {
             $DB->delete_records('auth_oidc_prevlogin', ['userid' => $USER->id]);
             $userrec = $DB->get_record('user', ['id' => $USER->id]);
             if (!empty($userrec)) {
                 $prevloginrec = ['userid' => $userrec->id, 'method' => $userrec->auth, 'password' => $userrec->password];
                 $DB->insert_record('auth_oidc_prevlogin', $prevloginrec);
             }
         }
         $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
         $USER = $DB->get_record('user', ['id' => $USER->id]);
         $USER->auth = 'oidc';
     }
     return true;
 }