feat(auth_jwt): add JWT secret key configuration
Some checks failed
ci / ci (push) Failing after 0s

Introduced new settings for JWT secret and its description to the JWT authentication plugin. The settings allow administrators to configure a secret key used for signing JWT tokens.

Also updated the plugin version to ensure proper synchronization with these changes.

Addresses setup requirements for heightened JWT security.
This commit is contained in:
Kumi 2024-06-25 19:26:41 +02:00
parent 828af94032
commit 6b51e0bceb
Signed by: kumi
GPG key ID: ECBCC9082395383F
3 changed files with 79 additions and 31 deletions

View file

@ -54,3 +54,5 @@ $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execu
$string['noip'] = 'Unable to fetch IP address of client.'; $string['noip'] = 'Unable to fetch IP address of client.';
$string['privacy:metadata'] = 'JWT authentication plugin does not store any personal data.'; $string['privacy:metadata'] = 'JWT authentication plugin does not store any personal data.';
$string['incorrectlogout'] = 'Incorrect logout request'; $string['incorrectlogout'] = 'Incorrect logout request';
$string['jwtsecret'] = 'JWT secret';
$string['jwtsecret_desc'] = 'Secret key to sign JWT tokens with.';

View file

@ -25,43 +25,89 @@
defined('MOODLE_INTERNAL') || die; defined('MOODLE_INTERNAL') || die;
if ($ADMIN->fulltree) { if ($ADMIN->fulltree) {
$yesno = array(get_string('no'), get_string('yes')); $yesno = array(get_string('no'), get_string('yes'));
$fields = get_auth_plugin('jwt')->get_allowed_mapping_fields(); $fields = get_auth_plugin('jwt')->get_allowed_mapping_fields();
$settings->add(new admin_setting_configselect('auth_jwt/mappingfield', $settings->add(new admin_setting_configselect(
new lang_string('mappingfield', 'auth_jwt'), 'auth_jwt/mappingfield',
new lang_string('mappingfield_desc', 'auth_jwt'), 0, $fields)); new lang_string('mappingfield', 'auth_jwt'),
new lang_string('mappingfield_desc', 'auth_jwt'),
0,
$fields
));
$settings->add(new admin_setting_configtext('auth_jwt/keylifetime', get_string('keylifetime', 'auth_jwt'), $settings->add(new admin_setting_configtext(
get_string('keylifetime_desc', 'auth_jwt', 'auth'), 'auth_jwt/keylifetime',
'60', PARAM_INT)); get_string('keylifetime', 'auth_jwt'),
get_string('keylifetime_desc', 'auth_jwt', 'auth'),
'60',
PARAM_INT
));
$settings->add(new admin_setting_configselect('auth_jwt/iprestriction', $settings->add(new admin_setting_configselect(
new lang_string('iprestriction', 'auth_jwt'), 'auth_jwt/iprestriction',
new lang_string('iprestriction_desc', 'auth_jwt'), 0, $yesno)); new lang_string('iprestriction', 'auth_jwt'),
new lang_string('iprestriction_desc', 'auth_jwt'),
0,
$yesno
));
$settings->add(new admin_setting_configtext('auth_jwt/ipwhitelist', get_string('ipwhitelist', 'auth_jwt'), $settings->add(new admin_setting_configtext(
get_string('ipwhitelist_desc', 'auth_jwt', 'auth'), 'auth_jwt/ipwhitelist',
'', PARAM_TEXT)); get_string('ipwhitelist', 'auth_jwt'),
get_string('ipwhitelist_desc', 'auth_jwt', 'auth'),
'',
PARAM_TEXT
));
$settings->add(new admin_setting_configtext('auth_jwt/redirecturl', get_string('redirecturl', 'auth_jwt'), $settings->add(new admin_setting_configtext(
get_string('redirecturl_desc', 'auth_jwt', 'auth'), 'auth_jwt/redirecturl',
'', PARAM_URL)); get_string('redirecturl', 'auth_jwt'),
get_string('redirecturl_desc', 'auth_jwt', 'auth'),
'',
PARAM_URL
));
$settings->add(new admin_setting_configtext('auth_jwt/ssourl', get_string('ssourl', 'auth_jwt'), $settings->add(new admin_setting_configtext(
get_string('ssourl_desc', 'auth_jwt', 'auth'), 'auth_jwt/ssourl',
'', PARAM_URL)); get_string('ssourl', 'auth_jwt'),
get_string('ssourl_desc', 'auth_jwt', 'auth'),
'',
PARAM_URL
));
$settings->add(new admin_setting_configselect('auth_jwt/createuser', $settings->add(new admin_setting_configselect(
new lang_string('createuser', 'auth_jwt'), 'auth_jwt/createuser',
new lang_string('createuser_desc', 'auth_jwt'), 0, $yesno)); new lang_string('createuser', 'auth_jwt'),
new lang_string('createuser_desc', 'auth_jwt'),
0,
$yesno
));
$settings->add(new admin_setting_configselect('auth_jwt/updateuser', $settings->add(new admin_setting_configselect(
new lang_string('updateuser', 'auth_jwt'), 'auth_jwt/updateuser',
new lang_string('updateuser_desc', 'auth_jwt'), 0, $yesno)); new lang_string('updateuser', 'auth_jwt'),
new lang_string('updateuser_desc', 'auth_jwt'),
0,
$yesno
));
// Display locking / mapping of profile fields. $settings->add(new admin_setting_configtext(
$authplugin = get_auth_plugin('jwt'); 'auth_jwt/jwtsecret',
display_auth_lock_options($settings, $authplugin->authtype, get_string('jwtsecret', 'auth_jwt'),
$authplugin->userfields, get_string('auth_fieldlocks_help', 'auth'), false, false); get_string('jwtsecret_desc', 'auth_jwt', 'auth'),
'',
PARAM_TEXT
));
// Display locking / mapping of profile fields.
$authplugin = get_auth_plugin('jwt');
display_auth_lock_options(
$settings,
$authplugin->authtype,
$authplugin->userfields,
get_string('auth_fieldlocks_help', 'auth'),
false,
false
);
} }

View file

@ -24,7 +24,7 @@
defined('MOODLE_INTERNAL') || die; defined('MOODLE_INTERNAL') || die;
$plugin->version = 2022081901; // The current plugin version (Date: YYYYMMDDXX). $plugin->version = 2024062500; // The current plugin version (Date: YYYYMMDDXX).
$plugin->release = 2022081901; // Match release exactly to version. $plugin->release = 2022081901; // Match release exactly to version.
$plugin->requires = 2017051500; // Requires Moodle 3.3 version. $plugin->requires = 2017051500; // Requires Moodle 3.3 version.
$plugin->component = 'auth_jwt'; // Full name of the plugin (used for diagnostics). $plugin->component = 'auth_jwt'; // Full name of the plugin (used for diagnostics).