From 6b51e0bceb852044a3e236461a74ecf60979a036 Mon Sep 17 00:00:00 2001 From: Kumi Date: Tue, 25 Jun 2024 19:26:41 +0200 Subject: [PATCH] feat(auth_jwt): add JWT secret key configuration Introduced new settings for JWT secret and its description to the JWT authentication plugin. The settings allow administrators to configure a secret key used for signing JWT tokens. Also updated the plugin version to ensure proper synchronization with these changes. Addresses setup requirements for heightened JWT security. --- lang/en/auth_jwt.php | 2 + settings.php | 106 +++++++++++++++++++++++++++++++------------ version.php | 2 +- 3 files changed, 79 insertions(+), 31 deletions(-) diff --git a/lang/en/auth_jwt.php b/lang/en/auth_jwt.php index 1b13db1..5bf1324 100644 --- a/lang/en/auth_jwt.php +++ b/lang/en/auth_jwt.php @@ -54,3 +54,5 @@ $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execu $string['noip'] = 'Unable to fetch IP address of client.'; $string['privacy:metadata'] = 'JWT authentication plugin does not store any personal data.'; $string['incorrectlogout'] = 'Incorrect logout request'; +$string['jwtsecret'] = 'JWT secret'; +$string['jwtsecret_desc'] = 'Secret key to sign JWT tokens with.'; \ No newline at end of file diff --git a/settings.php b/settings.php index 7121759..b18d66f 100644 --- a/settings.php +++ b/settings.php @@ -25,43 +25,89 @@ defined('MOODLE_INTERNAL') || die; if ($ADMIN->fulltree) { - $yesno = array(get_string('no'), get_string('yes')); - $fields = get_auth_plugin('jwt')->get_allowed_mapping_fields(); + $yesno = array(get_string('no'), get_string('yes')); + $fields = get_auth_plugin('jwt')->get_allowed_mapping_fields(); - $settings->add(new admin_setting_configselect('auth_jwt/mappingfield', - new lang_string('mappingfield', 'auth_jwt'), - new lang_string('mappingfield_desc', 'auth_jwt'), 0, $fields)); + $settings->add(new admin_setting_configselect( + 'auth_jwt/mappingfield', + new lang_string('mappingfield', 'auth_jwt'), + new lang_string('mappingfield_desc', 'auth_jwt'), + 0, + $fields + )); - $settings->add(new admin_setting_configtext('auth_jwt/keylifetime', get_string('keylifetime', 'auth_jwt'), - get_string('keylifetime_desc', 'auth_jwt', 'auth'), - '60', PARAM_INT)); + $settings->add(new admin_setting_configtext( + 'auth_jwt/keylifetime', + get_string('keylifetime', 'auth_jwt'), + get_string('keylifetime_desc', 'auth_jwt', 'auth'), + '60', + PARAM_INT + )); - $settings->add(new admin_setting_configselect('auth_jwt/iprestriction', - new lang_string('iprestriction', 'auth_jwt'), - new lang_string('iprestriction_desc', 'auth_jwt'), 0, $yesno)); + $settings->add(new admin_setting_configselect( + 'auth_jwt/iprestriction', + new lang_string('iprestriction', 'auth_jwt'), + new lang_string('iprestriction_desc', 'auth_jwt'), + 0, + $yesno + )); - $settings->add(new admin_setting_configtext('auth_jwt/ipwhitelist', get_string('ipwhitelist', 'auth_jwt'), - get_string('ipwhitelist_desc', 'auth_jwt', 'auth'), - '', PARAM_TEXT)); + $settings->add(new admin_setting_configtext( + 'auth_jwt/ipwhitelist', + get_string('ipwhitelist', 'auth_jwt'), + get_string('ipwhitelist_desc', 'auth_jwt', 'auth'), + '', + PARAM_TEXT + )); - $settings->add(new admin_setting_configtext('auth_jwt/redirecturl', get_string('redirecturl', 'auth_jwt'), - get_string('redirecturl_desc', 'auth_jwt', 'auth'), - '', PARAM_URL)); + $settings->add(new admin_setting_configtext( + 'auth_jwt/redirecturl', + get_string('redirecturl', 'auth_jwt'), + get_string('redirecturl_desc', 'auth_jwt', 'auth'), + '', + PARAM_URL + )); - $settings->add(new admin_setting_configtext('auth_jwt/ssourl', get_string('ssourl', 'auth_jwt'), - get_string('ssourl_desc', 'auth_jwt', 'auth'), - '', PARAM_URL)); + $settings->add(new admin_setting_configtext( + 'auth_jwt/ssourl', + get_string('ssourl', 'auth_jwt'), + get_string('ssourl_desc', 'auth_jwt', 'auth'), + '', + PARAM_URL + )); - $settings->add(new admin_setting_configselect('auth_jwt/createuser', - new lang_string('createuser', 'auth_jwt'), - new lang_string('createuser_desc', 'auth_jwt'), 0, $yesno)); + $settings->add(new admin_setting_configselect( + 'auth_jwt/createuser', + new lang_string('createuser', 'auth_jwt'), + new lang_string('createuser_desc', 'auth_jwt'), + 0, + $yesno + )); - $settings->add(new admin_setting_configselect('auth_jwt/updateuser', - new lang_string('updateuser', 'auth_jwt'), - new lang_string('updateuser_desc', 'auth_jwt'), 0, $yesno)); + $settings->add(new admin_setting_configselect( + 'auth_jwt/updateuser', + new lang_string('updateuser', 'auth_jwt'), + new lang_string('updateuser_desc', 'auth_jwt'), + 0, + $yesno + )); - // Display locking / mapping of profile fields. - $authplugin = get_auth_plugin('jwt'); - display_auth_lock_options($settings, $authplugin->authtype, - $authplugin->userfields, get_string('auth_fieldlocks_help', 'auth'), false, false); + $settings->add(new admin_setting_configtext( + 'auth_jwt/jwtsecret', + get_string('jwtsecret', 'auth_jwt'), + get_string('jwtsecret_desc', 'auth_jwt', 'auth'), + '', + PARAM_TEXT + )); + + // Display locking / mapping of profile fields. + $authplugin = get_auth_plugin('jwt'); + display_auth_lock_options( + $settings, + $authplugin->authtype, + $authplugin->userfields, + get_string('auth_fieldlocks_help', 'auth'), + false, + false + ); } diff --git a/version.php b/version.php index 1d26dff..d348cdf 100644 --- a/version.php +++ b/version.php @@ -24,7 +24,7 @@ defined('MOODLE_INTERNAL') || die; -$plugin->version = 2022081901; // The current plugin version (Date: YYYYMMDDXX). +$plugin->version = 2024062500; // The current plugin version (Date: YYYYMMDDXX). $plugin->release = 2022081901; // Match release exactly to version. $plugin->requires = 2017051500; // Requires Moodle 3.3 version. $plugin->component = 'auth_jwt'; // Full name of the plugin (used for diagnostics).