/** * Handles an existing Moodle user connecting to OpenID Connect. * * @param \auth_oidc\event\user_connected $event The triggered event. * @return bool Success/Failure. */ public static function handle_oidc_user_connected(\auth_oidc\event\user_connected $event) { // Get additional tokens for the user. $eventdata = $event->get_data(); if (!empty($eventdata['userid'])) { $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc(); if (!empty($clientdata)) { try { $httpclient = new \local_o365\httpclient(); $azureresource = \local_o365\rest\calendar::get_resource(); $token = \local_o365\oauth2\token::instance($eventdata['userid'], $azureresource, $clientdata, $httpclient); } catch (\Exception $e) { return false; } } } return true; }
/** * Handle a user migration event. * * @param string $oidcuniqid A unique identifier for the user. * @param array $authparams Paramteres receieved from the auth request. * @param array $tokenparams Parameters received from the token request. * @param \auth_oidc\jwt $idtoken A JWT object representing the received id_token. * @param bool $connectiononly Whether to just connect the user (true), or to connect and change login method (false). */ protected function handlemigration($oidcuniqid, $authparams, $tokenparams, $idtoken, $connectiononly = false) { global $USER, $DB, $CFG; // Check if OIDC user is already connected to a Moodle user. $tokenrec = $DB->get_record('auth_oidc_token', ['oidcuniqid' => $oidcuniqid]); if (!empty($tokenrec)) { $existinguserparams = ['username' => $tokenrec->username, 'mnethostid' => $CFG->mnet_localhost_id]; $existinguser = $DB->get_record('user', $existinguserparams); if (empty($existinguser)) { $DB->delete_records('auth_oidc_token', ['id' => $tokenrec->id]); } else { if ($USER->username === $tokenrec->username) { // Already connected to current user. if ($connectiononly !== true && $USER->auth !== 'oidc') { // Update auth plugin. $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']); $USER = $DB->get_record('user', ['id' => $USER->id]); $USER->auth = 'oidc'; } $this->updatetoken($tokenrec->id, $authparams, $tokenparams); return true; } else { // OIDC user connected to user that is not us. Can't continue. throw new \moodle_exception('errorauthuserconnectedtodifferent', 'auth_oidc'); } } } // Check if Moodle user is already connected to an OIDC user. $tokenrec = $DB->get_record('auth_oidc_token', ['username' => $USER->username]); if (!empty($tokenrec)) { if ($tokenrec->oidcuniqid === $oidcuniqid) { // Already connected to current user. if ($connectiononly !== true && $USER->auth !== 'oidc') { // Update auth plugin. $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']); $USER = $DB->get_record('user', ['id' => $USER->id]); $USER->auth = 'oidc'; } $this->updatetoken($tokenrec->id, $authparams, $tokenparams); return true; } else { throw new \moodle_exception('errorauthuseralreadyconnected', 'auth_oidc'); } } // Create token data. $tokenrec = $this->createtoken($oidcuniqid, $USER->username, $authparams, $tokenparams, $idtoken); $eventdata = ['objectid' => $USER->id, 'userid' => $USER->id, 'other' => ['username' => $USER->username, 'userid' => $USER->id]]; $event = \auth_oidc\event\user_connected::create($eventdata); $event->trigger(); // Switch auth method, if requested. if ($connectiononly !== true) { if ($USER->auth !== 'oidc') { $DB->delete_records('auth_oidc_prevlogin', ['userid' => $USER->id]); $userrec = $DB->get_record('user', ['id' => $USER->id]); if (!empty($userrec)) { $prevloginrec = ['userid' => $userrec->id, 'method' => $userrec->auth, 'password' => $userrec->password]; $DB->insert_record('auth_oidc_prevlogin', $prevloginrec); } } $DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']); $USER = $DB->get_record('user', ['id' => $USER->id]); $USER->auth = 'oidc'; } return true; }