/**
* Handles an existing Moodle user connecting to OpenID Connect.
*
* @param \auth_oidc\event\user_connected $event The triggered event.
* @return bool Success/Failure.
*/
public static function handle_oidc_user_connected(\auth_oidc\event\user_connected $event)
{
// Get additional tokens for the user.
$eventdata = $event->get_data();
if (!empty($eventdata['userid'])) {
$clientdata = \local_o365\oauth2\clientdata::instance_from_oidc();
if (!empty($clientdata)) {
try {
$httpclient = new \local_o365\httpclient();
$azureresource = \local_o365\rest\calendar::get_resource();
$token = \local_o365\oauth2\token::instance($eventdata['userid'], $azureresource, $clientdata, $httpclient);
} catch (\Exception $e) {
return false;
}
}
}
return true;
}
/**
* Handle a user migration event.
*
* @param string $oidcuniqid A unique identifier for the user.
* @param array $authparams Paramteres receieved from the auth request.
* @param array $tokenparams Parameters received from the token request.
* @param \auth_oidc\jwt $idtoken A JWT object representing the received id_token.
* @param bool $connectiononly Whether to just connect the user (true), or to connect and change login method (false).
*/
protected function handlemigration($oidcuniqid, $authparams, $tokenparams, $idtoken, $connectiononly = false)
{
global $USER, $DB, $CFG;
// Check if OIDC user is already connected to a Moodle user.
$tokenrec = $DB->get_record('auth_oidc_token', ['oidcuniqid' => $oidcuniqid]);
if (!empty($tokenrec)) {
$existinguserparams = ['username' => $tokenrec->username, 'mnethostid' => $CFG->mnet_localhost_id];
$existinguser = $DB->get_record('user', $existinguserparams);
if (empty($existinguser)) {
$DB->delete_records('auth_oidc_token', ['id' => $tokenrec->id]);
} else {
if ($USER->username === $tokenrec->username) {
// Already connected to current user.
if ($connectiononly !== true && $USER->auth !== 'oidc') {
// Update auth plugin.
$DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
$USER = $DB->get_record('user', ['id' => $USER->id]);
$USER->auth = 'oidc';
}
$this->updatetoken($tokenrec->id, $authparams, $tokenparams);
return true;
} else {
// OIDC user connected to user that is not us. Can't continue.
throw new \moodle_exception('errorauthuserconnectedtodifferent', 'auth_oidc');
}
}
}
// Check if Moodle user is already connected to an OIDC user.
$tokenrec = $DB->get_record('auth_oidc_token', ['username' => $USER->username]);
if (!empty($tokenrec)) {
if ($tokenrec->oidcuniqid === $oidcuniqid) {
// Already connected to current user.
if ($connectiononly !== true && $USER->auth !== 'oidc') {
// Update auth plugin.
$DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
$USER = $DB->get_record('user', ['id' => $USER->id]);
$USER->auth = 'oidc';
}
$this->updatetoken($tokenrec->id, $authparams, $tokenparams);
return true;
} else {
throw new \moodle_exception('errorauthuseralreadyconnected', 'auth_oidc');
}
}
// Create token data.
$tokenrec = $this->createtoken($oidcuniqid, $USER->username, $authparams, $tokenparams, $idtoken);
$eventdata = ['objectid' => $USER->id, 'userid' => $USER->id, 'other' => ['username' => $USER->username, 'userid' => $USER->id]];
$event = \auth_oidc\event\user_connected::create($eventdata);
$event->trigger();
// Switch auth method, if requested.
if ($connectiononly !== true) {
if ($USER->auth !== 'oidc') {
$DB->delete_records('auth_oidc_prevlogin', ['userid' => $USER->id]);
$userrec = $DB->get_record('user', ['id' => $USER->id]);
if (!empty($userrec)) {
$prevloginrec = ['userid' => $userrec->id, 'method' => $userrec->auth, 'password' => $userrec->password];
$DB->insert_record('auth_oidc_prevlogin', $prevloginrec);
}
}
$DB->update_record('user', (object) ['id' => $USER->id, 'auth' => 'oidc']);
$USER = $DB->get_record('user', ['id' => $USER->id]);
$USER->auth = 'oidc';
}
return true;
}
