Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 24 additions & 13 deletions auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@

defined('MOODLE_INTERNAL') || die();

require_once($CFG->libdir.'/authlib.php');
require_once($CFG->dirroot.'/login/lib.php');
require_once($CFG->libdir . '/authlib.php');
require_once($CFG->dirroot . '/login/lib.php');

/**
* OpenID Connect Authentication Plugin.
Expand All @@ -51,8 +51,10 @@ public function __construct($forceloginflow = null) {
global $SESSION;
$loginflow = 'authcode';

if (isset($SESSION->stateadditionaldata) && !empty($SESSION->stateadditionaldata) &&
isset($SESSION->stateadditoinaldata['forceflow'])) {
if (
isset($SESSION->stateadditionaldata) && !empty($SESSION->stateadditionaldata) &&
isset($SESSION->stateadditoinaldata['forceflow'])
) {
$loginflow = $SESSION->stateadditoinaldata['forceflow'];
} else {
if (!empty($forceloginflow) && is_string($forceloginflow)) {
Expand All @@ -64,7 +66,7 @@ public function __construct($forceloginflow = null) {
}
}
}
$loginflowclass = '\auth_oidc\loginflow\\'.$loginflow;
$loginflowclass = '\auth_oidc\loginflow\\' . $loginflow;
if (class_exists($loginflowclass)) {
$this->loginflow = new $loginflowclass($this->config);
} else {
Expand Down Expand Up @@ -150,8 +152,10 @@ public function should_login_redirect() {
$silentloginmodesetting = get_config('auth_oidc', 'silentloginmode');
$forceredirectsetting = get_config('auth_oidc', 'forceredirect');
$forceloginsetting = get_config('core', 'forcelogin');
if ($silentloginmodesetting && $forceredirectsetting && $forceloginsetting && isset($_SERVER['HTTP_REFERER']) &&
strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot) !== false) {
if (
$silentloginmodesetting && $forceredirectsetting && $forceloginsetting && isset($_SERVER['HTTP_REFERER']) &&
strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot) !== false
) {
return false;
}

Expand Down Expand Up @@ -197,8 +201,13 @@ public function handleredirect() {
* @param null $userid
* @return mixed
*/
public function disconnect($justremovetokens = false, $donotremovetokens = false, ?\moodle_url $redirect = null,
?\moodle_url $selfurl = null, $userid = null) {
public function disconnect(
$justremovetokens = false,
$donotremovetokens = false,
?\moodle_url $redirect = null,
?\moodle_url $selfurl = null,
$userid = null
) {
return $this->loginflow->disconnect($justremovetokens, $donotremovetokens, $redirect, $selfurl, $userid);
}

Expand Down Expand Up @@ -264,7 +273,7 @@ public function user_authenticated_hook(&$user, $username, $password) {
if (!empty($tokenrec)) {
// If the token record username is out of sync (ie username changes), update it.
if ($tokenrec->username != $user->username) {
$updatedtokenrec = new \stdClass;
$updatedtokenrec = new \stdClass();
$updatedtokenrec->id = $tokenrec->id;
$updatedtokenrec->username = $user->username;
$DB->update_record('auth_oidc_token', $updatedtokenrec);
Expand All @@ -276,7 +285,7 @@ public function user_authenticated_hook(&$user, $username, $password) {
$tokenrec = $DB->get_record('auth_oidc_token', ['username' => $username]);
if (!empty($tokenrec)) {
$tokenrec->userid = $user->id;
$updatedtokenrec = new \stdClass;
$updatedtokenrec = new \stdClass();
$updatedtokenrec->id = $tokenrec->id;
$updatedtokenrec->userid = $user->id;
$DB->update_record('auth_oidc_token', $updatedtokenrec);
Expand Down Expand Up @@ -323,8 +332,10 @@ public function postlogout_hook($user) {
$logouturl = 'https://login.microsoftonline.com/organizations/oauth2/logout?post_logout_redirect_uri=' .
urlencode($CFG->wwwroot);
} else {
if (preg_match("/^https:\/\/login.microsoftonline.com\//", $logouturl) &&
preg_match("/\/oauth2\/logout$/", $logouturl)) {
if (
preg_match("/^https:\/\/login.microsoftonline.com\//", $logouturl) &&
preg_match("/\/oauth2\/logout$/", $logouturl)
) {
$logouturl .= '?post_logout_redirect_uri=' . urlencode($CFG->wwwroot);
}
}
Expand Down
10 changes: 8 additions & 2 deletions binding_username_claim.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,14 @@
$bindingusernametoolurl = new moodle_url('/auth/oidc/change_binding_username_claim_tool.php');
echo html_writer::tag('p', get_string('binding_username_claim_description', 'auth_oidc', $bindingusernametoolurl->out()));
if ($existingclaims) {
echo html_writer::tag('p', get_string('binding_username_claim_description_existing_claims', 'auth_oidc',
implode(' / ', $existingclaims)));
echo html_writer::tag(
'p',
get_string(
'binding_username_claim_description_existing_claims',
'auth_oidc',
implode(' / ', $existingclaims)
)
);
}

$form->display();
Expand Down
16 changes: 12 additions & 4 deletions change_binding_username_claim_tool.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,14 @@

echo $OUTPUT->heading(get_string('change_binding_username_claim_tool', 'auth_oidc'));
$bindingusernameclaimurl = new moodle_url('/auth/oidc/binding_username_claim.php');
echo html_writer::tag('p', get_string('change_binding_username_claim_tool_description', 'auth_oidc',
$bindingusernameclaimurl->out()));
echo html_writer::tag(
'p',
get_string(
'change_binding_username_claim_tool_description',
'auth_oidc',
$bindingusernameclaimurl->out()
)
);

$form1->display();

Expand All @@ -87,8 +93,10 @@
$process = new process($cir);
$filecolumns = $process->get_file_columns();

$mform2 = new change_binding_username_claim_tool_form2(null,
['columns' => $filecolumns, 'data' => ['iid' => $iid, 'previewrows' => $previewrows]]);
$mform2 = new change_binding_username_claim_tool_form2(
null,
['columns' => $filecolumns, 'data' => ['iid' => $iid, 'previewrows' => $previewrows]]
);

// If a file has been uploaded, then process it.
if ($mform2->is_cancelled()) {
Expand Down
6 changes: 3 additions & 3 deletions classes/adminsetting/auth_oidc_admin_setting_loginflow.php
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public function output_html($data, $query = '') {

foreach ($this->flowtypes as $flowtype) {
$html .= \html_writer::start_div();
$flowtypeid = $baseid.'_'.$flowtype;
$flowtypeid = $baseid . '_' . $flowtype;
$radioattrs = [
'type' => 'radio',
'name' => $inputname,
Expand All @@ -82,8 +82,8 @@ public function output_html($data, $query = '') {
if ($data === $flowtype || (empty($data) && $flowtype === $this->get_defaultsetting())) {
$radioattrs['checked'] = 'checked';
}
$typename = get_string('cfg_loginflow_'.$flowtype, 'auth_oidc');
$typedesc = get_string('cfg_loginflow_'.$flowtype.'_desc', 'auth_oidc');
$typename = get_string('cfg_loginflow_' . $flowtype, 'auth_oidc');
$typedesc = get_string('cfg_loginflow_' . $flowtype . '_desc', 'auth_oidc');
$html .= \html_writer::empty_tag('input', $radioattrs);
$html .= \html_writer::label($typename, $flowtypeid, false);
$html .= '<br />';
Expand Down
55 changes: 39 additions & 16 deletions classes/form/application.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,10 @@ protected function definition() {
$authmethodoptions = [
AUTH_OIDC_AUTH_METHOD_SECRET => get_string('auth_method_secret', 'auth_oidc'),
];
if (isset($this->_customdata['oidcconfig']->idptype) &&
$this->_customdata['oidcconfig']->idptype == AUTH_OIDC_IDP_TYPE_MICROSOFT_IDENTITY_PLATFORM) {
if (
isset($this->_customdata['oidcconfig']->idptype) &&
$this->_customdata['oidcconfig']->idptype == AUTH_OIDC_IDP_TYPE_MICROSOFT_IDENTITY_PLATFORM
) {
$authmethodoptions[AUTH_OIDC_AUTH_METHOD_CERTIFICATE] = get_string('auth_method_certificate', 'auth_oidc');
}
$mform->addElement('select', 'clientauthmethod', auth_oidc_config_name_in_form('clientauthmethod'), $authmethodoptions);
Expand All @@ -93,16 +95,24 @@ protected function definition() {
$mform->addElement('static', 'clientcertsource_help', '', get_string('clientcertsource_help', 'auth_oidc'));

// Certificate private key.
$mform->addElement('textarea', 'clientprivatekey', auth_oidc_config_name_in_form('clientprivatekey'),
['rows' => 10, 'cols' => 80, 'class' => 'cert_textarea']);
$mform->addElement(
'textarea',
'clientprivatekey',
auth_oidc_config_name_in_form('clientprivatekey'),
['rows' => 10, 'cols' => 80, 'class' => 'cert_textarea']
);
$mform->setType('clientprivatekey', PARAM_TEXT);
$mform->disabledIf('clientprivatekey', 'clientauthmethod', 'neq', AUTH_OIDC_AUTH_METHOD_CERTIFICATE);
$mform->disabledIf('clientprivatekey', 'clientcertsource', 'neq', AUTH_OIDC_AUTH_CERT_SOURCE_TEXT);
$mform->addElement('static', 'clientprivatekey_help', '', get_string('clientprivatekey_help', 'auth_oidc'));

// Certificate certificate.
$mform->addElement('textarea', 'clientcert', auth_oidc_config_name_in_form('clientcert'),
['rows' => 10, 'cols' => 80, 'class' => 'cert_textarea']);
$mform->addElement(
'textarea',
'clientcert',
auth_oidc_config_name_in_form('clientcert'),
['rows' => 10, 'cols' => 80, 'class' => 'cert_textarea']
);
$mform->setType('clientcert', PARAM_TEXT);
$mform->disabledIf('clientcert', 'clientauthmethod', 'neq', AUTH_OIDC_AUTH_METHOD_CERTIFICATE);
$mform->disabledIf('clientcert', 'clientcertsource', 'neq', AUTH_OIDC_AUTH_CERT_SOURCE_TEXT);
Expand Down Expand Up @@ -164,12 +174,19 @@ protected function definition() {

// Secret expiry notifications recipients.
if (auth_oidc_is_local_365_installed()) {
$mform->addElement('header', 'secretexpirynotification',
get_string('settings_section_secret_expiry_notification', 'auth_oidc'));
$mform->addElement(
'header',
'secretexpirynotification',
get_string('settings_section_secret_expiry_notification', 'auth_oidc')
);
$mform->setExpanded('secretexpirynotification');

$mform->addElement('text', 'secretexpiryrecipients', auth_oidc_config_name_in_form('secretexpiryrecipients'),
['size' => 256]);
$mform->addElement(
'text',
'secretexpiryrecipients',
auth_oidc_config_name_in_form('secretexpiryrecipients'),
['size' => 256]
);
$mform->setType('secretexpiryrecipients', PARAM_TEXT);
$mform->disabledIf('secretexpiryrecipients', 'clientauthmethod', 'neq', AUTH_OIDC_AUTH_METHOD_SECRET);
$mform->disabledIf('secretexpiryrecipients', 'idptype', 'eq', AUTH_OIDC_IDP_TYPE_OTHER);
Expand Down Expand Up @@ -254,16 +271,22 @@ public function validation($data, $files) {
}

// If "certificate" authentication method is used, ensure tenant specific endpoints are used.
if ($data['idptype'] == AUTH_OIDC_IDP_TYPE_MICROSOFT_IDENTITY_PLATFORM &&
$data['clientauthmethod'] == AUTH_OIDC_AUTH_METHOD_CERTIFICATE) {
if (strpos($data['authendpoint'], '/common/') !== false ||
if (
$data['idptype'] == AUTH_OIDC_IDP_TYPE_MICROSOFT_IDENTITY_PLATFORM &&
$data['clientauthmethod'] == AUTH_OIDC_AUTH_METHOD_CERTIFICATE
) {
if (
strpos($data['authendpoint'], '/common/') !== false ||
strpos($data['authendpoint'], '/organizations/') !== false ||
strpos($data['authendpoint'], '/consumers/') !== false) {
strpos($data['authendpoint'], '/consumers/') !== false
) {
$errors['authendpoint'] = get_string('error_tenant_specific_endpoint_required', 'auth_oidc');
}
if (strpos($data['tokenendpoint'], '/common/') !== false ||
if (
strpos($data['tokenendpoint'], '/common/') !== false ||
strpos($data['tokenendpoint'], '/organizations/') !== false ||
strpos($data['tokenendpoint'], '/consumers/') !== false) {
strpos($data['tokenendpoint'], '/consumers/') !== false
) {
$errors['tokenendpoint'] = get_string('error_tenant_specific_endpoint_required', 'auth_oidc');
}
}
Expand Down
8 changes: 4 additions & 4 deletions classes/form/binding_username_claim.php
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,10 @@ protected function definition() {
}

$mform->addElement(
'select',
'bindingusernameclaim',
auth_oidc_config_name_in_form('bindingusernameclaim'),
$bindingusernameoptions
'select',
'bindingusernameclaim',
auth_oidc_config_name_in_form('bindingusernameclaim'),
$bindingusernameoptions
);
$mform->setDefault('bindingusernameclaim', 'auto');
$mform->addElement('static', 'bindingusernameclaim_description', '', get_string($descriptionidentifier, 'auth_oidc'));
Expand Down
2 changes: 1 addition & 1 deletion classes/form/disconnect.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@

defined('MOODLE_INTERNAL') || die();

require_once($CFG->dirroot.'/lib/formslib.php');
require_once($CFG->dirroot . '/lib/formslib.php');

/**
* OIDC Disconnect Form.
Expand Down
8 changes: 4 additions & 4 deletions classes/httpclient.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ protected function get_clienttag_headers() {
$params = "lang=PHP; os={$ostype}; os_version={$osver}; arch={$arch}; version={$ver}; MoodleInstallId={$iid}";
$clienttag = "Moodle/{$mdlver} ({$params})";
return [
'User-Agent: '.$clienttag,
'X-ClientService-ClientTag: '.$clienttag,
'User-Agent: ' . $clienttag,
'X-ClientService-ClientTag: ' . $clienttag,
];
}

Expand All @@ -63,8 +63,8 @@ protected function get_clienttag_headers() {
*/
protected function get_plugin_version() {
global $CFG;
$plugin = new \stdClass;
require_once($CFG->dirroot.'/auth/oidc/version.php');
$plugin = new \stdClass();
require_once($CFG->dirroot . '/auth/oidc/version.php');
return (isset($plugin->release)) ? $plugin->release : 'unknown';
}

Expand Down
2 changes: 1 addition & 1 deletion classes/jwt.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ public static function decode_jws(string $jwtpayload) {
*/
public static function instance_from_encoded($encoded) {
[$header, $body] = static::decode($encoded);
$jwt = new static;
$jwt = new static();
$jwt->set_header($header);
$jwt->set_claims($body);
return $jwt;
Expand Down
Loading
Loading