/** * Validate that a given SharePoint url is accessible with the given client data. * * @param string $uncleanurl Uncleaned, unvalidated URL to check. * @param \local_o365\oauth2\clientdata $clientdata oAuth2 Credentials * @param \local_o365\httpclientinterface $httpclient An HttpClient to use for transport. * @return string One of: * "invalid" : The URL is not a usable SharePoint url. * "notempty" : The URL is a usable SharePoint url, and the SharePoint site exists. * "valid" : The URL is a usable SharePoint url, and the SharePoint site doesn't exist. */ public static function validate_site($uncleanurl, \local_o365\oauth2\clientdata $clientdata, \local_o365\httpclientinterface $httpclient) { $siteinfo = static::parse_site_url($uncleanurl); if (empty($siteinfo)) { return 'invalid'; } $token = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $siteinfo['resource'], $clientdata, $httpclient); if (empty($token)) { return 'invalid'; } $sharepoint = new \local_o365\rest\sharepoint($token, $httpclient); $sharepoint->override_resource($siteinfo['resource']); // Try to get the / site's info to validate we can communicate with this parent Sharepoint site. try { $mainsiteinfo = $sharepoint->get_site(); } catch (\Exception $e) { return 'invalid'; } if ($siteinfo['subsiteurl'] === '/') { // We just successfully got the / site's info, so if we're going to use that, it's obviously not empty. return 'notempty'; } $subsiteexists = $sharepoint->site_exists($siteinfo['subsiteurl']); return $subsiteexists === true ? 'notempty' : 'valid'; }
/** * Validate that a given url is a valid OneDrive for Business SharePoint URL. * * @param string $resource Uncleaned, unvalidated URL to check. * @param \local_o365\oauth2\clientdata $clientdata oAuth2 Credentials * @param \local_o365\httpclientinterface $httpclient An HttpClient to use for transport. * @return bool Whether the received resource is valid or not. */ public static function validate_resource($resource, \local_o365\oauth2\clientdata $clientdata, \local_o365\httpclientinterface $httpclient) { $cleanresource = clean_param($resource, PARAM_URL); if ($cleanresource !== $resource) { return false; } $fullcleanresource = 'https://' . $cleanresource; $token = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $fullcleanresource, $clientdata, $httpclient); return !empty($token) ? true : false; }
/** * Do the job. */ public function execute() { // Attempt token refresh. $oidcconfig = get_config('auth_oidc'); if (!empty($oidcconfig)) { $httpclient = new \local_o365\httpclient(); $clientdata = new \local_o365\oauth2\clientdata($oidcconfig->clientid, $oidcconfig->clientsecret, $oidcconfig->authendpoint, $oidcconfig->tokenendpoint); $graphresource = 'https://graph.windows.net'; $systemtoken = \local_o365\oauth2\systemtoken::get_for_new_resource(null, $graphresource, $clientdata, $httpclient); } return true; }
/** * Run the health check. * * @return array Array of result data. Must include: * bool result Whether the health check passed or not. * int severity If the health check failed, how bad a problem is it? This is one of the SEVERITY_* constants. * string message A message to show the user. * string fixlink If the healthcheck failed, a link to help resolve the problem. */ public function run() { // Check that the system API user has a graph resource. $tokens = get_config('local_o365', 'systemtokens'); $tokens = unserialize($tokens); $graphresource = 'https://graph.windows.net'; if (!isset($tokens[$graphresource])) { return ['result' => false, 'severity' => static::SEVERITY_WARNING, 'message' => get_string('healthcheck_systemtoken_result_notoken', 'local_o365'), 'fixlink' => new \moodle_url('/local/o365/acp.php', ['mode' => 'setsystemuser'])]; } // Try to refresh the token as an indicator for successful communication. $oidcconfig = get_config('auth_oidc'); if (empty($oidcconfig)) { return ['result' => false, 'severity' => static::SEVERITY_FATAL, 'message' => get_string('healthcheck_systemtoken_result_noclientcreds', 'local_o365'), 'fixlink' => new \moodle_url('/admin/auth_config.php', ['auth' => 'oidc'])]; } $httpclient = new \local_o365\httpclient(); $clientdata = new \local_o365\oauth2\clientdata($oidcconfig->clientid, $oidcconfig->clientsecret, $oidcconfig->authendpoint, $oidcconfig->tokenendpoint); $systemtoken = \local_o365\oauth2\systemtoken::get_for_new_resource(null, 'https://graph.windows.net', $clientdata, $httpclient); if (empty($systemtoken)) { return ['result' => false, 'severity' => static::SEVERITY_WARNING, 'message' => get_string('healthcheck_systemtoken_result_badtoken', 'local_o365'), 'fixlink' => new \moodle_url('/local/o365/acp.php', ['mode' => 'setsystemuser'])]; } else { return ['result' => true, 'severity' => static::SEVERITY_OK, 'message' => get_string('healthcheck_systemtoken_result_passed', 'local_o365')]; } }