Exemplo n.º 1
0
 /**
  * Handle user_enrolment_deleted event
  *
  * Tasks
  *     - remove user from course usergroups.
  *
  * @param \core\event\user_enrolment_deleted $event The triggered event.
  * @return bool Success/Failure.
  */
 public static function handle_user_enrolment_deleted(\core\event\user_enrolment_deleted $event)
 {
     global $DB;
     if (\local_o365\utils::is_configured() !== true) {
         return false;
     }
     $userid = $event->relateduserid;
     $courseid = $event->courseid;
     if (empty($userid) || empty($courseid)) {
         return true;
     }
     try {
         // Remove user from course usergroup.
         $configsetting = get_config('local_o365', 'creategroups');
         if (!empty($configsetting)) {
             $httpclient = new \local_o365\httpclient();
             $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
             $aadresource = \local_o365\rest\azuread::get_resource();
             $aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient);
             if (!empty($aadtoken)) {
                 $aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient);
                 $aadclient->remove_user_from_course_group($courseid, $userid);
                 return true;
             }
         }
     } catch (\Exception $e) {
         \local_o365\utils::debug($e->getMessage());
     }
     return false;
 }
Exemplo n.º 2
0
 /**
  * Get the Azure AD UPN of a connected Moodle user.
  *
  * @param \stdClass $user The Moodle user.
  * @return string|bool The user's Azure AD UPN, or false if failure.
  */
 public static function get_muser_upn($user)
 {
     global $DB;
     $now = time();
     if (is_numeric($user)) {
         $user = $DB->get_record('user', ['id' => $user]);
         if (empty($user)) {
             \local_o365\utils::debug('User not found', 'rest\\azuread\\get_muser_upn', $user);
             return false;
         }
     }
     // Get user UPN.
     $userobjectdata = $DB->get_record('local_o365_objects', ['type' => 'user', 'moodleid' => $user->id]);
     if (!empty($userobjectdata)) {
         return $userobjectdata->o365name;
     } else {
         // Get user data.
         $authoidcuserdata = $DB->get_record('auth_oidc_token', ['username' => $user->username]);
         if (empty($authoidcuserdata)) {
             // No data for the user in the OIDC token table. Can't proceed.
             \local_o365\utils::debug('No oidc token found for user.', 'rest\\azuread\\get_muser_upn', $user->username);
             return false;
         }
         $httpclient = new \local_o365\httpclient();
         try {
             $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
         } catch (\Exception $e) {
             \local_o365\utils::debug($e->getMessage());
             return false;
         }
         $resource = static::get_resource();
         $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
         $aadapiclient = new \local_o365\rest\azuread($token, $httpclient);
         $aaduserdata = $aadapiclient->get_user($authoidcuserdata->oidcuniqid);
         $userobjectdata = (object) ['type' => 'user', 'subtype' => '', 'objectid' => $aaduserdata['objectId'], 'o365name' => $aaduserdata['userPrincipalName'], 'moodleid' => $user->id, 'timecreated' => $now, 'timemodified' => $now];
         $userobjectdata->id = $DB->insert_record('local_o365_objects', $userobjectdata);
         return $userobjectdata->o365name;
     }
 }
Exemplo n.º 3
0
 /**
  * Test sync_users method.
  */
 public function test_sync_users()
 {
     global $CFG, $DB;
     for ($i = 1; $i <= 2; $i++) {
         $muser = ['auth' => 'oidc', 'deleted' => '0', 'mnethostid' => $CFG->mnet_localhost_id, 'username' => '00000000-0000-0000-0000-00000000000' . $i, 'firstname' => 'Test', 'lastname' => 'User' . $i, 'email' => 'testuser' . $i . '@example.onmicrosoft.com', 'lang' => 'en'];
         $DB->insert_record('user', (object) $muser);
         $token = ['oidcuniqid' => '00000000-0000-0000-0000-00000000000' . $i, 'authcode' => '000', 'username' => 'testuser' . $i . '@example.onmicrosoft.com', 'scope' => 'test', 'resource' => \local_o365\rest\azuread::get_resource(), 'token' => '000', 'expiry' => '9999999999', 'refreshtoken' => 'fsdfsdf' . $i, 'idtoken' => 'sdfsdfsdf' . $i];
         $DB->insert_record('auth_oidc_token', (object) $token);
     }
     $response = ['value' => [$this->get_aad_userinfo(1), $this->get_aad_userinfo(3)]];
     $response = json_encode($response);
     $httpclient = new \local_o365\tests\mockhttpclient();
     $httpclient->set_response($response);
     $apiclient = new \local_o365\rest\azuread($this->get_mock_token(), $httpclient);
     $aadusers = $apiclient->get_users();
     $apiclient->sync_users($aadusers['value']);
     $existinguser = ['auth' => 'oidc', 'username' => '*****@*****.**'];
     $this->assertTrue($DB->record_exists('user', $existinguser));
     $createduser = ['auth' => 'oidc', 'username' => '*****@*****.**'];
     $this->assertTrue($DB->record_exists('user', $createduser));
     $createduser = $DB->get_record('user', $createduser);
     $this->assertEquals('Test', $createduser->firstname);
     $this->assertEquals('User3', $createduser->lastname);
     $this->assertEquals('*****@*****.**', $createduser->email);
     $this->assertEquals('Toronto', $createduser->city);
     $this->assertEquals('CA', $createduser->country);
     $this->assertEquals('Dev', $createduser->department);
     $this->assertEquals('en', $createduser->lang);
 }
Exemplo n.º 4
0
 /**
  * Attempt to fix application permissions.
  */
 public function mode_fixappperms()
 {
     $data = new \stdClass();
     $success = false;
     $resource = \local_o365\rest\azuread::get_resource();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $httpclient = new \local_o365\httpclient();
     $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient);
     if (empty($token)) {
         throw new \moodle_exception('errorchecksystemapiuser', 'local_o365');
     }
     $apiclient = new \local_o365\rest\azuread($token, $httpclient);
     $success = $apiclient->push_permissions();
     $data->success = $success;
     if ($success === true) {
         set_config('detectperms', 1, 'local_o365');
     }
     echo $this->ajax_response($data, $success);
 }
Exemplo n.º 5
0
 /**
  * Do the job.
  */
 public function execute()
 {
     global $DB;
     $configsetting = get_config('local_o365', 'creategroups');
     if (empty($configsetting)) {
         mtrace('Groups not enabled, skipping...');
         return true;
     }
     $now = time();
     $httpclient = new \local_o365\httpclient();
     $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
     $unifiedresource = \local_o365\rest\unified::get_resource();
     $unifiedtoken = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient);
     if (empty($unifiedtoken)) {
         mtrace('Could not get unified API token.');
         return true;
     }
     $unifiedclient = new \local_o365\rest\unified($unifiedtoken, $httpclient);
     $aadresource = \local_o365\rest\azuread::get_resource();
     $aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient);
     if (empty($aadtoken)) {
         mtrace('Could not get Azure AD token.');
         return true;
     }
     $aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient);
     $siterec = $DB->get_record('course', ['id' => SITEID]);
     $siteshortname = strtolower(preg_replace('/[^a-z0-9]+/iu', '', $siterec->shortname));
     $sql = 'SELECT crs.*
               FROM {course} crs
          LEFT JOIN {local_o365_objects} obj ON obj.type = ? AND obj.subtype = ? AND obj.moodleid = crs.id
              WHERE obj.id IS NULL AND crs.id != ?
              LIMIT 0, 5';
     $params = ['group', 'course', SITEID];
     $courses = $DB->get_recordset_sql($sql, $params);
     foreach ($courses as $course) {
         // Create group.
         $groupname = $siterec->shortname . ': ' . $course->fullname;
         $groupshortname = $siteshortname . '_' . $course->shortname;
         $response = $unifiedclient->create_group($groupname, $groupshortname);
         if (empty($response) || !is_array($response) || empty($response['objectId'])) {
             mtrace('Could not create group for course #' . $course->id);
             var_dump($response);
             continue;
         }
         mtrace('Created group ' . $response['objectId'] . ' for course #' . $course->id);
         $objectrec = ['type' => 'group', 'subtype' => 'course', 'objectid' => $response['objectId'], 'moodleid' => $course->id, 'o365name' => $groupname, 'timecreated' => $now, 'timemodified' => $now];
         $objectrec['id'] = $DB->insert_record('local_o365_objects', (object) $objectrec);
         mtrace('Recorded group object (' . $objectrec['objectid'] . ') into object table with record id ' . $objectrec['id']);
         // It takes a little while for the group object to register.
         mtrace('Waiting 10 seconds for group to register...');
         sleep(10);
         // Add enrolled users to group.
         mtrace('Adding users to group (' . $objectrec['objectid'] . ')');
         $coursecontext = \context_course::instance($course->id);
         list($esql, $params) = get_enrolled_sql($coursecontext);
         $sql = "SELECT u.*,\n                           tok.oidcuniqid as userobjectid\n                      FROM {user} u\n                      JOIN ({$esql}) je ON je.id = u.id\n                      JOIN {auth_oidc_token} tok ON tok.username = u.username AND tok.resource = :tokresource\n                     WHERE u.deleted = 0";
         $params['tokresource'] = 'https://graph.windows.net';
         $enrolled = $DB->get_recordset_sql($sql, $params);
         foreach ($enrolled as $user) {
             $response = $aadclient->add_member_to_group($objectrec['objectid'], $user->userobjectid);
             if ($response === true) {
                 mtrace('Added user #' . $user->id . ' (' . $user->userobjectid . ')');
             } else {
                 mtrace('Could not add user #' . $user->id . ' (' . $user->userobjectid . ')');
                 mtrace('Received: ' . $response);
             }
         }
         $enrolled->close();
     }
     $courses->close();
 }