/**
* Validate that a given SharePoint url is accessible with the given client data.
*
* @param string $uncleanurl Uncleaned, unvalidated URL to check.
* @param \local_o365\oauth2\clientdata $clientdata oAuth2 Credentials
* @param \local_o365\httpclientinterface $httpclient An HttpClient to use for transport.
* @return string One of:
* "invalid" : The URL is not a usable SharePoint url.
* "notempty" : The URL is a usable SharePoint url, and the SharePoint site exists.
* "valid" : The URL is a usable SharePoint url, and the SharePoint site doesn't exist.
*/
public static function validate_site($uncleanurl, \local_o365\oauth2\clientdata $clientdata, \local_o365\httpclientinterface $httpclient)
{
$siteinfo = static::parse_site_url($uncleanurl);
if (empty($siteinfo)) {
return 'invalid';
}
$token = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $siteinfo['resource'], $clientdata, $httpclient);
if (empty($token)) {
return 'invalid';
}
$sharepoint = new \local_o365\rest\sharepoint($token, $httpclient);
$sharepoint->override_resource($siteinfo['resource']);
// Try to get the / site's info to validate we can communicate with this parent Sharepoint site.
try {
$mainsiteinfo = $sharepoint->get_site();
} catch (\Exception $e) {
return 'invalid';
}
if ($siteinfo['subsiteurl'] === '/') {
// We just successfully got the / site's info, so if we're going to use that, it's obviously not empty.
return 'notempty';
}
$subsiteexists = $sharepoint->site_exists($siteinfo['subsiteurl']);
return $subsiteexists === true ? 'notempty' : 'valid';
}
/**
* Validate that a given url is a valid OneDrive for Business SharePoint URL.
*
* @param string $resource Uncleaned, unvalidated URL to check.
* @param \local_o365\oauth2\clientdata $clientdata oAuth2 Credentials
* @param \local_o365\httpclientinterface $httpclient An HttpClient to use for transport.
* @return bool Whether the received resource is valid or not.
*/
public static function validate_resource($resource, \local_o365\oauth2\clientdata $clientdata, \local_o365\httpclientinterface $httpclient)
{
$cleanresource = clean_param($resource, PARAM_URL);
if ($cleanresource !== $resource) {
return false;
}
$fullcleanresource = 'https://' . $cleanresource;
$token = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $fullcleanresource, $clientdata, $httpclient);
return !empty($token) ? true : false;
}
/**
* Do the job.
*/
public function execute()
{
// Attempt token refresh.
$oidcconfig = get_config('auth_oidc');
if (!empty($oidcconfig)) {
$httpclient = new \local_o365\httpclient();
$clientdata = new \local_o365\oauth2\clientdata($oidcconfig->clientid, $oidcconfig->clientsecret, $oidcconfig->authendpoint, $oidcconfig->tokenendpoint);
$graphresource = 'https://graph.windows.net';
$systemtoken = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $graphresource, $clientdata, $httpclient);
}
return true;
}
/**
* Run the health check.
*
* @return array Array of result data. Must include:
* bool result Whether the health check passed or not.
* int severity If the health check failed, how bad a problem is it? This is one of the SEVERITY_* constants.
* string message A message to show the user.
* string fixlink If the healthcheck failed, a link to help resolve the problem.
*/
public function run()
{
// Check that the system API user has a graph resource.
$tokens = get_config('local_o365', 'systemtokens');
$tokens = unserialize($tokens);
$graphresource = 'https://graph.windows.net';
if (!isset($tokens[$graphresource])) {
return ['result' => false, 'severity' => static::SEVERITY_WARNING, 'message' => get_string('healthcheck_systemtoken_result_notoken', 'local_o365'), 'fixlink' => new \moodle_url('/local/o365/acp.php', ['mode' => 'setsystemuser'])];
}
// Try to refresh the token as an indicator for successful communication.
$oidcconfig = get_config('auth_oidc');
if (empty($oidcconfig)) {
return ['result' => false, 'severity' => static::SEVERITY_FATAL, 'message' => get_string('healthcheck_systemtoken_result_noclientcreds', 'local_o365'), 'fixlink' => new \moodle_url('/admin/auth_config.php', ['auth' => 'oidc'])];
}
$httpclient = new \local_o365\httpclient();
$clientdata = new \local_o365\oauth2\clientdata($oidcconfig->clientid, $oidcconfig->clientsecret, $oidcconfig->authendpoint, $oidcconfig->tokenendpoint);
$systemtoken = \local_o365\oauth2\systemtoken::get_for_new_resource(null, 'https://graph.windows.net', $clientdata, $httpclient);
if (empty($systemtoken)) {
return ['result' => false, 'severity' => static::SEVERITY_WARNING, 'message' => get_string('healthcheck_systemtoken_result_badtoken', 'local_o365'), 'fixlink' => new \moodle_url('/local/o365/acp.php', ['mode' => 'setsystemuser'])];
} else {
return ['result' => true, 'severity' => static::SEVERITY_OK, 'message' => get_string('healthcheck_systemtoken_result_passed', 'local_o365')];
}
}
