/** * Handle user_enrolment_deleted event * * Tasks * - remove user from course usergroups. * * @param \core\event\user_enrolment_deleted $event The triggered event. * @return bool Success/Failure. */ public static function handle_user_enrolment_deleted(\core\event\user_enrolment_deleted $event) { global $DB; if (\local_o365\utils::is_configured() !== true) { return false; } $userid = $event->relateduserid; $courseid = $event->courseid; if (empty($userid) || empty($courseid)) { return true; } try { // Remove user from course usergroup. $configsetting = get_config('local_o365', 'creategroups'); if (!empty($configsetting)) { $httpclient = new \local_o365\httpclient(); $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc(); $aadresource = \local_o365\rest\azuread::get_resource(); $aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient); if (!empty($aadtoken)) { $aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient); $aadclient->remove_user_from_course_group($courseid, $userid); return true; } } } catch (\Exception $e) { \local_o365\utils::debug($e->getMessage()); } return false; }
/** * Get the Azure AD UPN of a connected Moodle user. * * @param \stdClass $user The Moodle user. * @return string|bool The user's Azure AD UPN, or false if failure. */ public static function get_muser_upn($user) { global $DB; $now = time(); if (is_numeric($user)) { $user = $DB->get_record('user', ['id' => $user]); if (empty($user)) { \local_o365\utils::debug('User not found', 'rest\\azuread\\get_muser_upn', $user); return false; } } // Get user UPN. $userobjectdata = $DB->get_record('local_o365_objects', ['type' => 'user', 'moodleid' => $user->id]); if (!empty($userobjectdata)) { return $userobjectdata->o365name; } else { // Get user data. $authoidcuserdata = $DB->get_record('auth_oidc_token', ['username' => $user->username]); if (empty($authoidcuserdata)) { // No data for the user in the OIDC token table. Can't proceed. \local_o365\utils::debug('No oidc token found for user.', 'rest\\azuread\\get_muser_upn', $user->username); return false; } $httpclient = new \local_o365\httpclient(); try { $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc(); } catch (\Exception $e) { \local_o365\utils::debug($e->getMessage()); return false; } $resource = static::get_resource(); $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient); $aadapiclient = new \local_o365\rest\azuread($token, $httpclient); $aaduserdata = $aadapiclient->get_user($authoidcuserdata->oidcuniqid); $userobjectdata = (object) ['type' => 'user', 'subtype' => '', 'objectid' => $aaduserdata['objectId'], 'o365name' => $aaduserdata['userPrincipalName'], 'moodleid' => $user->id, 'timecreated' => $now, 'timemodified' => $now]; $userobjectdata->id = $DB->insert_record('local_o365_objects', $userobjectdata); return $userobjectdata->o365name; } }
/** * Test sync_users method. */ public function test_sync_users() { global $CFG, $DB; for ($i = 1; $i <= 2; $i++) { $muser = ['auth' => 'oidc', 'deleted' => '0', 'mnethostid' => $CFG->mnet_localhost_id, 'username' => '00000000-0000-0000-0000-00000000000' . $i, 'firstname' => 'Test', 'lastname' => 'User' . $i, 'email' => 'testuser' . $i . '@example.onmicrosoft.com', 'lang' => 'en']; $DB->insert_record('user', (object) $muser); $token = ['oidcuniqid' => '00000000-0000-0000-0000-00000000000' . $i, 'authcode' => '000', 'username' => 'testuser' . $i . '@example.onmicrosoft.com', 'scope' => 'test', 'resource' => \local_o365\rest\azuread::get_resource(), 'token' => '000', 'expiry' => '9999999999', 'refreshtoken' => 'fsdfsdf' . $i, 'idtoken' => 'sdfsdfsdf' . $i]; $DB->insert_record('auth_oidc_token', (object) $token); } $response = ['value' => [$this->get_aad_userinfo(1), $this->get_aad_userinfo(3)]]; $response = json_encode($response); $httpclient = new \local_o365\tests\mockhttpclient(); $httpclient->set_response($response); $apiclient = new \local_o365\rest\azuread($this->get_mock_token(), $httpclient); $aadusers = $apiclient->get_users(); $apiclient->sync_users($aadusers['value']); $existinguser = ['auth' => 'oidc', 'username' => '*****@*****.**']; $this->assertTrue($DB->record_exists('user', $existinguser)); $createduser = ['auth' => 'oidc', 'username' => '*****@*****.**']; $this->assertTrue($DB->record_exists('user', $createduser)); $createduser = $DB->get_record('user', $createduser); $this->assertEquals('Test', $createduser->firstname); $this->assertEquals('User3', $createduser->lastname); $this->assertEquals('*****@*****.**', $createduser->email); $this->assertEquals('Toronto', $createduser->city); $this->assertEquals('CA', $createduser->country); $this->assertEquals('Dev', $createduser->department); $this->assertEquals('en', $createduser->lang); }
/** * Attempt to fix application permissions. */ public function mode_fixappperms() { $data = new \stdClass(); $success = false; $resource = \local_o365\rest\azuread::get_resource(); $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc(); $httpclient = new \local_o365\httpclient(); $token = \local_o365\oauth2\systemtoken::instance(null, $resource, $clientdata, $httpclient); if (empty($token)) { throw new \moodle_exception('errorchecksystemapiuser', 'local_o365'); } $apiclient = new \local_o365\rest\azuread($token, $httpclient); $success = $apiclient->push_permissions(); $data->success = $success; if ($success === true) { set_config('detectperms', 1, 'local_o365'); } echo $this->ajax_response($data, $success); }
/** * Do the job. */ public function execute() { global $DB; $configsetting = get_config('local_o365', 'creategroups'); if (empty($configsetting)) { mtrace('Groups not enabled, skipping...'); return true; } $now = time(); $httpclient = new \local_o365\httpclient(); $clientdata = \local_o365\oauth2\clientdata::instance_from_oidc(); $unifiedresource = \local_o365\rest\unified::get_resource(); $unifiedtoken = \local_o365\oauth2\systemtoken::instance(null, $unifiedresource, $clientdata, $httpclient); if (empty($unifiedtoken)) { mtrace('Could not get unified API token.'); return true; } $unifiedclient = new \local_o365\rest\unified($unifiedtoken, $httpclient); $aadresource = \local_o365\rest\azuread::get_resource(); $aadtoken = \local_o365\oauth2\systemtoken::instance(null, $aadresource, $clientdata, $httpclient); if (empty($aadtoken)) { mtrace('Could not get Azure AD token.'); return true; } $aadclient = new \local_o365\rest\azuread($aadtoken, $httpclient); $siterec = $DB->get_record('course', ['id' => SITEID]); $siteshortname = strtolower(preg_replace('/[^a-z0-9]+/iu', '', $siterec->shortname)); $sql = 'SELECT crs.* FROM {course} crs LEFT JOIN {local_o365_objects} obj ON obj.type = ? AND obj.subtype = ? AND obj.moodleid = crs.id WHERE obj.id IS NULL AND crs.id != ? LIMIT 0, 5'; $params = ['group', 'course', SITEID]; $courses = $DB->get_recordset_sql($sql, $params); foreach ($courses as $course) { // Create group. $groupname = $siterec->shortname . ': ' . $course->fullname; $groupshortname = $siteshortname . '_' . $course->shortname; $response = $unifiedclient->create_group($groupname, $groupshortname); if (empty($response) || !is_array($response) || empty($response['objectId'])) { mtrace('Could not create group for course #' . $course->id); var_dump($response); continue; } mtrace('Created group ' . $response['objectId'] . ' for course #' . $course->id); $objectrec = ['type' => 'group', 'subtype' => 'course', 'objectid' => $response['objectId'], 'moodleid' => $course->id, 'o365name' => $groupname, 'timecreated' => $now, 'timemodified' => $now]; $objectrec['id'] = $DB->insert_record('local_o365_objects', (object) $objectrec); mtrace('Recorded group object (' . $objectrec['objectid'] . ') into object table with record id ' . $objectrec['id']); // It takes a little while for the group object to register. mtrace('Waiting 10 seconds for group to register...'); sleep(10); // Add enrolled users to group. mtrace('Adding users to group (' . $objectrec['objectid'] . ')'); $coursecontext = \context_course::instance($course->id); list($esql, $params) = get_enrolled_sql($coursecontext); $sql = "SELECT u.*,\n tok.oidcuniqid as userobjectid\n FROM {user} u\n JOIN ({$esql}) je ON je.id = u.id\n JOIN {auth_oidc_token} tok ON tok.username = u.username AND tok.resource = :tokresource\n WHERE u.deleted = 0"; $params['tokresource'] = 'https://graph.windows.net'; $enrolled = $DB->get_recordset_sql($sql, $params); foreach ($enrolled as $user) { $response = $aadclient->add_member_to_group($objectrec['objectid'], $user->userobjectid); if ($response === true) { mtrace('Added user #' . $user->id . ' (' . $user->userobjectid . ')'); } else { mtrace('Could not add user #' . $user->id . ' (' . $user->userobjectid . ')'); mtrace('Received: ' . $response); } } $enrolled->close(); } $courses->close(); }